Commit 1c04eed76feffee0730d80c993e6dd602c335929
2018-09-07T06:40:55
[truetype] Fix assertion failure. Triggered by https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10212 * src/truetype/ttgload.c (load_truetype_glyph): Reintroduce `opened_frame' (removed in a change from 2018-08-26) to handle dealloation of the second frame.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
diff --git a/ChangeLog b/ChangeLog
index 17cdac2..9f80602 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2018-09-07 Werner Lemberg <wl@gnu.org>
+
+ [truetype] Fix assertion failure.
+
+ Triggered by
+
+ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10212
+
+ * src/truetype/ttgload.c (load_truetype_glyph): Reintroduce
+ `opened_frame' (removed in a change from 2018-08-26) to handle
+ dealloation of the second frame.
+
2018-09-05 Werner Lemberg <wl@gnu.org>
Synchronize `ftdebug.c' files.
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
index ad93c04..d54626d 100644
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -1537,6 +1537,8 @@
TT_Face face = loader->face;
FT_GlyphLoader gloader = loader->gloader;
+ FT_Bool opened_frame = 0;
+
#ifdef FT_CONFIG_OPTION_INCREMENTAL
FT_StreamRec inc_stream;
FT_Data glyph_data;
@@ -1768,6 +1770,8 @@
if ( error )
goto Exit;
+ opened_frame = 1;
+
/* if it is a simple glyph, load it */
if ( loader->n_contours > 0 )
@@ -1778,6 +1782,7 @@
/* all data have been read */
face->forget_glyph_frame( loader );
+ opened_frame = 0;
error = TT_Process_Simple_Glyph( loader );
if ( error )
@@ -1851,6 +1856,7 @@
/* all data we need are read */
face->forget_glyph_frame( loader );
+ opened_frame = 0;
#ifdef TT_CONFIG_OPTION_GX_VAR_SUPPORT
@@ -2105,6 +2111,9 @@
Exit:
+ if ( opened_frame )
+ face->forget_glyph_frame( loader );
+
#ifdef FT_CONFIG_OPTION_INCREMENTAL
if ( glyph_data_loaded )