[base, type1] Better handling of out-of-memory situations.

This follows similar code in `cff_slot_done`. * src/base/ftobjs.c (ft_glyphslot_done), src/type1/t1objs.c (T1_GlyphSlot_Done): Check `internal` pointer. The Type1 problems was reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50057.
2022-08-15 10:44:05 +01:00 · 2022-08-15 10:44:05 +01:00 · 37b718d589
commit 37b718d589
parent 7cd3f19f21
2 changed files with 6 additions and 3 deletions
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@ -631,8 +631,9 @@
 #ifdef FT_CONFIG_OPTION_SVG
    if ( slot->face->face_flags & FT_FACE_FLAG_SVG )
    {
-      /* free memory in case SVG was there */
-      if ( slot->internal->flags & FT_GLYPH_OWN_GZIP_SVG )
+      /* Free memory in case SVG was there.                          */
+      /* `slot->internal` might be NULL in out-of-memory situations. */
+      if ( slot->internal && slot->internal->flags & FT_GLYPH_OWN_GZIP_SVG )
      {
        FT_SVG_Document  doc = (FT_SVG_Document)slot->other;

--- a/src/type1/t1objs.c
+++ b/src/type1/t1objs.c
@ -146,7 +146,9 @@
  FT_LOCAL_DEF( void )
  T1_GlyphSlot_Done( FT_GlyphSlot  slot )
  {
-    slot->internal->glyph_hints = NULL;
+    /* `slot->internal` might be NULL in out-of-memory situations. */
+    if ( slot->internal )
+      slot->internal->glyph_hints = NULL;
  }