[truetype] Fix UBSan warning on offset to nullptr (#57501).

* src/truetype/ttinterp.c (Ins_CALL): Fail if `exc->FDefs' is null.
author: Dominik Röttsches <drott@chromium.org> 2019-12-30 11:22:04 +0200
committer: Werner Lemberg <wl@gnu.org> 2020-01-02 11:14:01 +0100
commit: 10d8de7541ab1f26f6f04b2118d13a92a7119102 (patch)
tree: 3df9f320570fe7705b0cea4acacdb282c7fbc54b
parent: a4df0373c71f426711fb77e3a21d4b58b7c42e66 (diff)
download: freetype2-10d8de7541ab1f26f6f04b2118d13a92a7119102.tar.gz
2 files changed, 9 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 5447fc4fc..f7f2d6891 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2020-01-02  Dominik Röttsches  <drott@chromium.org>
+
+	[truetype] Fix UBSan warning on offset to nullptr (#57501).
+
+	* src/truetype/ttinterp.c (Ins_CALL): Fail if `exc->FDefs' is null.
+
 2019-12-31  Nikhil Ramakrishnan  <ramakrishnan.nikhil@gmail.com>
 
 	[woff2] Allow bitmap-only fonts (#57394).
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index dca11d739..56cf53bde 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -3965,6 +3965,9 @@
     if ( BOUNDSL( F, exc->maxFunc + 1 ) )
       goto Fail;
 
+    if ( !exc->FDefs )
+      goto Fail;
+
     /* Except for some old Apple fonts, all functions in a TrueType */
     /* font are defined in increasing order, starting from 0.  This */
     /* means that we normally have                                  */
author	Dominik Röttsches <drott@chromium.org>	2019-12-30 11:22:04 +0200
committer	Werner Lemberg <wl@gnu.org>	2020-01-02 11:14:01 +0100
commit	10d8de7541ab1f26f6f04b2118d13a92a7119102 (patch)
tree	3df9f320570fe7705b0cea4acacdb282c7fbc54b
parent	a4df0373c71f426711fb77e3a21d4b58b7c42e66 (diff)
download	freetype2-10d8de7541ab1f26f6f04b2118d13a92a7119102.tar.gz