From 702e4a1d32e4b911e85cc7df84b3ba395c28dab3 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@behdad.org>
Date: Wed, 21 May 2025 14:55:25 -0600
Subject: [PATCH] * src/truetype/ttgxvar.c (TT_Vary_Apply_Glyph_Deltas): Fix
 allocation.

Bug was introduced in commit 582de1a4b6f.
---
 src/truetype/ttgxvar.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index 4038c9e42..5f13c6548 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -4064,7 +4064,7 @@
     FT_UInt   points_out_size;
     FT_UInt   has_delta_size;
     FT_UInt   pool_size;
-    FT_Byte*  pool;
+    FT_Byte*  pool = NULL;
     FT_Byte*  p;
 
     FT_Fixed*  peak_coords = NULL;
@@ -4150,11 +4150,13 @@
                 tupleCount & GX_TC_TUPLE_COUNT_MASK,
                 ( tupleCount & GX_TC_TUPLE_COUNT_MASK ) == 1 ? "" : "s" ));
 
-    peak_coords_size    = ALIGN_SIZE( 3 * blend->num_axis );
-    point_deltas_x_size = ALIGN_SIZE( 2 * n_points * sizeof ( FT_Fixed ) );
-    points_org_size     = ALIGN_SIZE( n_points * sizeof ( points_org[0] ) );
-    points_out_size     = ALIGN_SIZE( n_points * sizeof ( points_out[0] ) );
-    has_delta_size      = ALIGN_SIZE( n_points * sizeof ( has_delta[0] ) );
+    peak_coords_size    = ALIGN_SIZE( 3 * blend->num_axis *
+                                      sizeof ( *peak_coords ) );
+    point_deltas_x_size = ALIGN_SIZE( 2 * n_points *
+                                      sizeof ( *point_deltas_x ) );
+    points_org_size     = ALIGN_SIZE( n_points * sizeof ( *points_org ) );
+    points_out_size     = ALIGN_SIZE( n_points * sizeof ( *points_out ) );
+    has_delta_size      = ALIGN_SIZE( n_points * sizeof ( *has_delta ) );
 
     pool_size = peak_coords_size    +
                 point_deltas_x_size +