From bbd106e8f9345296cb5b5a452487bda603d54173 Mon Sep 17 00:00:00 2001 From: Chris Liddell Date: Mon, 21 Sep 2020 22:16:34 +0100 Subject: [PATCH] oss-fuzz 23637: Fix error code confusion Confusion of error codes meant we were allocating space for glyph data, but never copying the data into it. Thus the memory sanitizer error. --- psi/zfapi.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/psi/zfapi.c b/psi/zfapi.c index aa988ed6e..d38f56498 100644 --- a/psi/zfapi.c +++ b/psi/zfapi.c @@ -2118,15 +2118,14 @@ FAPI_FF_get_glyph(gs_fapi_font *ff, gs_glyph char_code, byte *buf, int buf_lengt } else { ulong noffs, endoffs; - int code; /* If we haven't got a len_glyphs array, try using the offset of the next glyph offset * to work out the length */ error = sfnt_get_glyph_offset(pdr, pfont42, char_code + 1, &noffs); if (error == 0) { glyph_length = noffs - offset0; - code = sfnt_get_sfnt_length(pdr, &endoffs); - if (code < 0) { + error = sfnt_get_sfnt_length(pdr, &endoffs); + if (error < 0) { glyph_length = gs_fapi_glyph_invalid_index; } else { @@ -2139,8 +2138,8 @@ FAPI_FF_get_glyph(gs_fapi_font *ff, gs_glyph char_code, byte *buf, int buf_lengt /* And if we can't get the next glyph offset, use the end of the sfnt data * to work out the length. */ - code = sfnt_get_sfnt_length(pdr, &noffs); - if (code < 0) { + error = sfnt_get_sfnt_length(pdr, &noffs); + if (error < 0) { glyph_length = gs_fapi_glyph_invalid_index; } else { -- 2.27.0