[cff, cid] Fix segfaults in case of error (#58621).

* src/cff/cffobjs.c (cff_slot_done), src/cid/cidobjs.c
(cid_slot_done): If `ft_glyphslot_init' fails to allocate
`internal', then the class' `done_slot' callback (called by
`ft_glyphslot_done') must not dereference the pointer to `internal'.

3 files changed, 13 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index c7c936480..90aa43b58 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2020-06-19  Sebastian Rasmussen  <sebras@gmail.com>
+
+	[cff, cid] Fix segfaults in case of error (#58621).
+
+	* src/cff/cffobjs.c (cff_slot_done), src/cid/cidobjs.c
+	(cid_slot_done): If `ft_glyphslot_init' fails to allocate
+	`internal', then the class' `done_slot' callback (called by
+	`ft_glyphslot_done') must not dereference the pointer to `internal'.
+
 2020-06-19  Werner Lemberg  <wl@gnu.org>
 
 	[base] Fix UBSAN error.
diff --git a/src/cff/cffobjs.c b/src/cff/cffobjs.c
index 252f58a5b..aa959ede9 100644
--- a/src/cff/cffobjs.c
+++ b/src/cff/cffobjs.c
@@ -352,7 +352,8 @@
   FT_LOCAL_DEF( void )
   cff_slot_done( FT_GlyphSlot  slot )
   {
-    slot->internal->glyph_hints = NULL;
+    if ( slot->internal )
+      slot->internal->glyph_hints = NULL;
   }
 
 
diff --git a/src/cid/cidobjs.c b/src/cid/cidobjs.c
index 2d284ca55..04b295eb8 100644
--- a/src/cid/cidobjs.c
+++ b/src/cid/cidobjs.c
@@ -49,7 +49,8 @@
   FT_LOCAL_DEF( void )
   cid_slot_done( FT_GlyphSlot  slot )
   {
-    slot->internal->glyph_hints = NULL;
+    if ( slot->internal )
+      slot->internal->glyph_hints = NULL;
   }