e838c37c2c
Currently `T42_Open_Face` eagerly allocates 12 bytes for the ttf header data which it expects `t42_parse_sfnts` to fill out from /sfnts data. However, there is no guarantee that `t42_parse_sfnts` will actually be called while parsing the type42 data as the /sfnts array may be missing or very short. This is also confusing behavior as it means `T42_Open_Face` is tightly coupled to the implementation of the very distant `t42_parse_sfnts` code which requires at least 12 bytes to already be reserved in `face->ttf_data`. `t42_parse_sfnts` itself eagerly updates `face->ttf_size` to track how much space is reserved for ttf data instead of traking how much data has actually been written into `face->ttf_data`. It will also act strangely in the presense of multiple /sfnts arrays. * src/type42/t42objs.c (T42_Open_Face): ensure `ttf_data` is initialized to NULL. Free `ttf_data` on error. * src/type42/t42parse.c (t42_parse_sfnts): delay setting `ttf_size` and set it to the actual number of bytes read. Ensure `ttf_data` is freed if there are multiple /sfnts arrays or there are any errors. |
||
|---|---|---|
| .. | ||
| module.mk | ||
| rules.mk | ||
| t42drivr.c | ||
| t42drivr.h | ||
| t42error.h | ||
| t42objs.c | ||
| t42objs.h | ||
| t42parse.c | ||
| t42parse.h | ||
| t42types.h | ||
| type42.c | ||