shithub: freetype+ttf2subf

Download patch

ref: d276bcb7f0c02c20d3585b2e5626702df6d140a6
parent: ca0111289498f3f6ce28b3d78ff5a54ccdfd2d47
author: Werner Lemberg <[email protected]>
date: Sun Jan 9 02:48:59 EST 2022

[bzip2] Avoid use of uninitialized memory.

* src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Don't use `FT_QNEW` but
`FT_NEW` for setting up `zip` to avoid uninitialized memory access while
handling malformed PCF fonts later on.

Fixes

  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42800

git/fs: mount .git/fs: mount/attach disallowed
--- a/src/bzip2/ftbzip2.c
+++ b/src/bzip2/ftbzip2.c
@@ -481,7 +481,9 @@
     FT_ZERO( stream );
     stream->memory = memory;
 
-    if ( !FT_QNEW( zip ) )
+    /* Don't use `FT_QNEW` here to avoid problems with uninitialized */
+    /* memory later on if the font is malformed.                     */
+    if ( !FT_NEW( zip ) )
     {
       error = ft_bzip2_file_init( zip, stream, source );
       if ( error )