From a84e718e80bd62c7ff2513c4cd099badb2199ad3 Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Fri, 16 Feb 2018 11:45:46 +0100
Subject: [PATCH] Avoid NULL reference

Resolves: #1544776
---
 freetype-2.8-getvariation.patch | 39 +++++++++++++++++++++++++++++++++
 freetype.spec                   |  9 +++++++-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 freetype-2.8-getvariation.patch

diff --git a/freetype-2.8-getvariation.patch b/freetype-2.8-getvariation.patch
new file mode 100644
index 0000000..7e0ecf9
--- /dev/null
+++ b/freetype-2.8-getvariation.patch
@@ -0,0 +1,39 @@
+From 29c759284e305ec428703c9a5831d0b1fc3497ef Mon Sep 17 00:00:00 2001
+From: Werner Lemberg <wl@gnu.org>
+Date: Sat, 27 Jan 2018 14:43:43 +0100
+Subject: [PATCH] * src/truetype/ttinterp.c (Ins_GETVARIATION): Avoid NULL
+ reference.
+
+Reported as
+
+  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
+---
+ src/truetype/ttinterp.c | 12 ++++++++++--
+ 1 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
+index d855aaaa9..551f14a2e 100644
+--- a/src/truetype/ttinterp.c
++++ b/src/truetype/ttinterp.c
+@@ -7470,8 +7470,16 @@
+       return;
+     }
+ 
+-    for ( i = 0; i < num_axes; i++ )
+-      args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
++    if ( coords )
++    {
++      for ( i = 0; i < num_axes; i++ )
++        args[i] = coords[i] >> 2; /* convert 16.16 to 2.14 format */
++    }
++    else
++    {
++      for ( i = 0; i < num_axes; i++ )
++        args[i] = 0;
++    }
+   }
+ 
+ 
+-- 
+2.14.3
+
diff --git a/freetype.spec b/freetype.spec
index 63cfeb0..2584cad 100644
--- a/freetype.spec
+++ b/freetype.spec
@@ -7,7 +7,7 @@
 Summary: A free and portable font rendering engine
 Name: freetype
 Version: 2.8
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: (FTL or GPLv2+) and BSD and MIT and Public Domain and zlib with acknowledgement
 Group: System Environment/Libraries
 URL: http://www.freetype.org
@@ -34,6 +34,8 @@ Patch7:  0079-src-truetype-ttgxvar.c-TT_Get_MM_Var-Fix-thinko.patch
 
 Patch8:  freetype-2.8-multilib.patch
 
+Patch9:  freetype-2.8-getvariation.patch
+
 BuildRequires: libX11-devel
 BuildRequires: libpng-devel
 BuildRequires: zlib-devel
@@ -98,6 +100,7 @@ popd
 %patch6 -p1 -b .named-instances
 %patch7 -p1 -b .named-instances2
 %patch8 -p1 -b .multilib
+%patch9 -p1 -b .getvariation
 
 %build
 
@@ -209,6 +212,10 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/*.{a,la}
 %{_mandir}/man1/*
 
 %changelog
+* Fri Feb 16 2018 Marek Kasik <mkasik@redhat.com> - 2.8-10
+- Avoid NULL reference
+- Resolves: #1544776
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.8-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild