[base, type1] Better handling of out-of-memory situations. This follows similar code in `cff_slot_done`. * src/base/ftobjs.c (ft_glyphslot_done), src/type1/t1objs.c (T1_GlyphSlot_Done): Check `internal` pointer. The Type1 problems was reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50057.
diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index 6d6e0e8..65945cb 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -631,8 +631,9 @@
#ifdef FT_CONFIG_OPTION_SVG
if ( slot->face->face_flags & FT_FACE_FLAG_SVG )
{
- /* free memory in case SVG was there */
- if ( slot->internal->flags & FT_GLYPH_OWN_GZIP_SVG )
+ /* Free memory in case SVG was there. */
+ /* `slot->internal` might be NULL in out-of-memory situations. */
+ if ( slot->internal && slot->internal->flags & FT_GLYPH_OWN_GZIP_SVG )
{
FT_SVG_Document doc = (FT_SVG_Document)slot->other;
diff --git a/src/type1/t1objs.c b/src/type1/t1objs.c
index 847ae0e..fa4a13b 100644
--- a/src/type1/t1objs.c
+++ b/src/type1/t1objs.c
@@ -146,7 +146,9 @@
FT_LOCAL_DEF( void )
T1_GlyphSlot_Done( FT_GlyphSlot slot )
{
- slot->internal->glyph_hints = NULL;
+ /* `slot->internal` might be NULL in out-of-memory situations. */
+ if ( slot->internal )
+ slot->internal->glyph_hints = NULL;
}