diff --git a/ChangeLog b/ChangeLog index 86a581845..8035e6210 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2017-03-17 Dave Arnold + + [cff] Fix potential bugs in default NDV for CFF2. + + * src/cff/cffload.c (cff_blend_build_vector): Explicitly build blend + vector when `lenNDV' is zero; don't rely on zero-init. + Save `lenNDV' as part of cache key even when `lenNDV' is zero. + 2017-03-17 Dave Arnold [cff] Fix CFF2 stack allocation. diff --git a/src/cff/cffload.c b/src/cff/cffload.c index ed93fb571..91e74f32c 100644 --- a/src/cff/cffload.c +++ b/src/cff/cffload.c @@ -1463,10 +1463,15 @@ /* Note: `lenNDV' could be zero. */ /* In that case, build default blend vector (1,0,0...). */ - /* In the normal case, initialize each component to 1 */ - /* before inner loop. */ - if ( lenNDV != 0 ) - blend->BV[master] = FT_FIXED_ONE; /* default */ + if ( !lenNDV ) + { + blend->BV[master] = 0; + continue; + } + + /* In the normal case, initialize each component to 1 */ + /* before inner loop. */ + blend->BV[master] = FT_FIXED_ONE; /* default */ /* inner loop steps through axes in this region */ for ( j = 0; j < lenNDV; j++ ) @@ -1529,12 +1534,12 @@ lenNDV * sizeof ( *NDV ) ) ) goto Exit; - blend->lenNDV = lenNDV; FT_MEM_COPY( blend->lastNDV, NDV, lenNDV * sizeof ( *NDV ) ); } + blend->lenNDV = lenNDV; blend->builtBV = TRUE; Exit: diff --git a/src/cff/cfftypes.h b/src/cff/cfftypes.h index 8d43e2834..74f569f08 100644 --- a/src/cff/cfftypes.h +++ b/src/cff/cfftypes.h @@ -112,8 +112,8 @@ FT_BEGIN_HEADER FT_UInt shortDeltaCount; /* not used; always zero */ #endif - FT_UInt regionIdxCount; /* number of regions in this var data */ - FT_UInt* regionIndices; /* array of `regionCount' indices; */ + FT_UInt regionIdxCount; /* number of region indexes */ + FT_UInt* regionIndices; /* array of `regionIdxCount' indices; */ /* these index `varRegionList' */ } CFF_VarData;