From b8db819768b16ac4e529a4e4c34b2c5fa83cc389 Mon Sep 17 00:00:00 2001 From: Alexei Podtelezhnikov Date: Sun, 12 May 2024 22:38:38 -0400 Subject: [PATCH] [type1/MM] Safer handle arrays of different types. * src/type1/t1load.c (parse_blend_design_map): Separately allocate... (T1_Done_Blend): ... and free `design_points` and `blend_points`. --- src/type1/t1load.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/type1/t1load.c b/src/type1/t1load.c index c41348c78..1704d1375 100644 --- a/src/type1/t1load.c +++ b/src/type1/t1load.c @@ -751,6 +751,7 @@ PS_DesignMap dmap = blend->design_map + n; + FT_FREE( dmap->blend_points ); FT_FREE( dmap->design_points ); dmap->num_points = 0; } @@ -1043,9 +1044,9 @@ } /* allocate design map data */ - if ( FT_QNEW_ARRAY( map->design_points, num_points * 2 ) ) + if ( FT_QNEW_ARRAY( map->design_points, num_points ) || + FT_QNEW_ARRAY( map->blend_points, num_points ) ) goto Exit; - map->blend_points = (FT_Fixed*)(map->design_points + num_points); map->num_points = (FT_Byte)num_points; for ( p = 0; p < num_points; p++ )