[cff] Fix handling of `style_name == NULL' (#58630).

* src/cff/cffobjs.c (cff_face_init): If a call to `cff_strcpy' fails by returning NULL in `cff_face_init', `remove_style' is still called. This means that the NULL pointer is dereferenced, causing a crash.
5 years ago · a443474755
parent de088b1dfd
commit a443474755
2 changed files with 11 additions and 1 deletions
--- a/9
+++ b/9
@ -1,3 +1,12 @@
+2020-06-20  Sebastian Rasmussen  <sebras@gmail.com>
+
+	[cff] Fix handling of `style_name == NULL' (#58630).
+
+	* src/cff/cffobjs.c (cff_face_init): If a call to `cff_strcpy' fails
+	by returning NULL in `cff_face_init', `remove_style' is still
+	called.  This means that the NULL pointer is dereferenced, causing a
+	crash.
+
 2020-06-19  Sebastian Rasmussen  <sebras@gmail.com>

 	[cff] Fix another two memory leaks (#58629).
--- a/src/cff/cffobjs.c
+++ b/src/cff/cffobjs.c
@ -950,7 +950,8 @@
                style_name = cff_strcpy( memory, fullp );

                /* remove the style part from the family name (if present) */
-                remove_style( cffface->family_name, style_name );
+                if ( style_name )
+                  remove_style( cffface->family_name, style_name );
              }
              break;
            }