Check instance-index before accessing array Ouch!

commit: 66f082451d8bd3ae781f6a570c20456d822dd2f1 [log] [tgz]
author: Behdad Esfahbod <behdad@behdad.org> Wed Sep 13 02:26:25 2017 -0400
committer: Behdad Esfahbod <behdad@behdad.org> Wed Sep 20 13:13:35 2017 -0700
tree: b8849eff250b4cd0c2cdc3c4258a7c76d76ac321
parent: b6440cbd7fbf965c8f70783bbdc93d592ac12b4e [diff]
diff --git a/src/fcfreetype.c b/src/fcfreetype.c
index 418b7c8..230f289 100644
--- a/src/fcfreetype.c
+++ b/src/fcfreetype.c

@@ -1238,8 +1238,9 @@
 
     if (id >> 16)
     {
-      if (!FT_Get_MM_Var (face, &master))
-	instance = &master->namedstyle[(id >> 16) - 1];
+      unsigned int instance_id = (id >> 16) - 1;
+      if (!FT_Get_MM_Var (face, &master) && instance_id < master->num_namedstyles)
+	instance = &master->namedstyle[instance_id];
 
       if (instance)
       {
@@ -1266,6 +1267,8 @@
 	    }
 	  }
 	}
+        else
+	    goto bail1;
     }
 
     /*
commit	66f082451d8bd3ae781f6a570c20456d822dd2f1	[log] [tgz]
author	Behdad Esfahbod <behdad@behdad.org>	Wed Sep 13 02:26:25 2017 -0400
committer	Behdad Esfahbod <behdad@behdad.org>	Wed Sep 20 13:13:35 2017 -0700
tree	b8849eff250b4cd0c2cdc3c4258a7c76d76ac321
parent	b6440cbd7fbf965c8f70783bbdc93d592ac12b4e [diff]