kc3-lang/freetype

diff --git a/ChangeLog b/ChangeLog
index 1a787b4..8f44a92 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
 2018-05-15  Werner Lemberg  <wl@gnu.org>
 
+	[sfnt] Fix memory leak in handling `COLR' data.
+
+	* src/truetype/ttgload.c (TT_Load_Glyph): Free old `layers' array
+	before reassigning allocated memory.
+	Only allocate `color_layers' if we don't have one already.
+
+2018-05-15  Werner Lemberg  <wl@gnu.org>
+
 	[sfnt] If `COLR' is present, don't assume that all glyphs use it.
 
 	* src/sfnt/ttcolr.c (tt_face_load_colr_layers): Return FT_Err_Ok if
diff --git a/src/sfnt/ttcolr.c b/src/sfnt/ttcolr.c
index 1e469f5..67d320b 100644
--- a/src/sfnt/ttcolr.c
+++ b/src/sfnt/ttcolr.c
@@ -268,7 +268,7 @@
       FT_Int    mid = min + ( max - min ) / 2;
       FT_Byte*  p   = base_glyph_begin + mid * BASE_GLYPH_SIZE;
 
-      FT_UShort  gid  = FT_NEXT_USHORT( p );
+      FT_UShort  gid = FT_NEXT_USHORT( p );
 
 
       if ( gid < glyph_id )
diff --git a/src/truetype/ttgload.c b/src/truetype/ttgload.c
index 459fe2e..0bd9af7 100644
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -2903,7 +2903,6 @@
 
       FT_Glyph_LayerRec*  glyph_layers;
       FT_UShort           num_glyph_layers;
-      FT_Colr_Internal    color_layers;
 
 
       error = sfnt->load_colr_layer( face,
@@ -2913,17 +2912,17 @@
       if ( error )
         return error;
 
-      if ( num_glyph_layers )
+      if ( !glyph->internal->color_layers )
       {
-        if ( FT_NEW( color_layers ) )
+        if ( FT_NEW( glyph->internal->color_layers ) )
           return error;
+      }
 
-        color_layers->layers     = glyph_layers;
-        color_layers->num_layers = num_glyph_layers;
-        color_layers->load_flags = load_flags;
+      FT_FREE( glyph->internal->color_layers->layers );
 
-        glyph->internal->color_layers = color_layers;
-      }
+      glyph->internal->color_layers->layers     = glyph_layers;
+      glyph->internal->color_layers->num_layers = num_glyph_layers;
+      glyph->internal->color_layers->load_flags = load_flags;
     }
 
   Exit: