[psaux, type1] Fix null pointer dereferences.
Found with font fuzzying.
* src/psaux/t1decode.c (t1_decoder_parse_charstrings): Check
`decoder->buildchar'.
* src/type1/t1load.c (t1_load_keyword): Check `blend->num_designs'.
diff --git a/ChangeLog b/ChangeLog
index 23f1194..b25b629 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2011-07-22 Dirk Müller <dmueller@suse.de>
+
+ [psaux, type1] Fix null pointer dereferences.
+
+ Found with font fuzzying.
+
+ * src/psaux/t1decode.c (t1_decoder_parse_charstrings): Check
+ `decoder->buildchar'.
+
+ * src/type1/t1load.c (t1_load_keyword): Check `blend->num_designs'.
+
2011-07-20 Chris Morgan <cmorgan@cybexintl.com>
Add FT_CONFIG_OPTION_DISABLE_STREAM_SUPPORT.
diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c
index daeea1e..90874f0 100644
--- a/src/psaux/t1decode.c
+++ b/src/psaux/t1decode.c
@@ -397,7 +397,7 @@
FT_ASSERT( ( decoder->len_buildchar == 0 ) ==
( decoder->buildchar == NULL ) );
- if ( decoder->len_buildchar > 0 )
+ if ( decoder->buildchar && decoder->len_buildchar > 0 )
ft_memset( &decoder->buildchar[0],
0,
sizeof( decoder->buildchar[0] ) * decoder->len_buildchar );
diff --git a/src/type1/t1load.c b/src/type1/t1load.c
index 09fe6ad..38c74b2 100644
--- a/src/type1/t1load.c
+++ b/src/type1/t1load.c
@@ -4,8 +4,7 @@
/* */
/* Type 1 font loader (body). */
/* */
-/* Copyright 1996-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, */
-/* 2010 by */
+/* Copyright 1996-2011 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -922,6 +921,9 @@
PS_Blend blend = face->blend;
+ if ( blend && blend->num_designs == 0 )
+ blend = NULL;
+
/* if the keyword has a dedicated callback, call it */
if ( field->type == T1_FIELD_TYPE_CALLBACK )
{
