From b1cbcb20454e3b465b0d3ea4d5457975cfa747e7 Mon Sep 17 00:00:00 2001
From: Ben Wagner <bungeman@chromum.org>
Date: Thu, 20 Jun 2024 15:00:20 -0400
Subject: [PATCH] [ttgxvar] Avoid "applying zero offset to null pointer"

In C it is undefined behavior to do arithmetic on a null pointer, including
adding zero. When using NotoSansKhmer[wdth,wght].ttf UBSAN produces a report
like

ttgxvar.c:1052:31: runtime error: applying zero offset to null pointer

when adding zero to `varData->deltaSet` (which is null) to produce `bytes`.
Protect against all the potential issues of this kind by returning early if
`varData->regionIdxCount == 0`.

* src/truetype/ttgxvar.c (tt_var_get_item_delta): early return on no regions
---
 src/truetype/ttgxvar.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index 7d67d5f8d..095a72055 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -1028,6 +1028,9 @@
     if ( innerIndex >= varData->itemCount )
       return 0; /* Out of range. */
 
+    if ( varData->regionIdxCount == 0 )
+      return 0; /* Avoid "applying zero offset to null pointer". */
+
     if ( varData->regionIdxCount < 16 )
     {
       deltaSet = deltaSetStack;