QFontEngine: Do not call getSfntTable with uninitalized value

On FreeType font engine this results in a call to FT_Load_Sfnt_Table
with a pointer to an uninitialized value passed in as FT_ULong* length,
crashing. Instead initialize value to 0.

Change-Id: I50d6df3b2296a05640d939e862bc50adb0fec921
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
(cherry picked from commit e041f5459660eaa7108fa5888e77e64f7d1b3d1d)

1 files changed, 2 insertions, 2 deletions

diff --git a/src/gui/text/qfontengine.cpp b/src/gui/text/qfontengine.cpp
index 07b19d4d19..5cd96e5374 100644
--- a/src/gui/text/qfontengine.cpp
+++ b/src/gui/text/qfontengine.cpp
@@ -229,8 +229,8 @@ bool QFontEngine::supportsScript(QChar::Script script) const
 #if QT_CONFIG(harfbuzz)
     if (qt_useHarfbuzzNG()) {
         // in AAT fonts, 'gsub' table is effectively replaced by 'mort'/'morx' table
-        uint len;
-        if (getSfntTableData(MAKE_TAG('m','o','r','t'), nullptr, &len) || getSfntTableData(MAKE_TAG('m','o','r','x'), nullptr, &len))
+        uint lenMort = 0, lenMorx = 0;
+        if (getSfntTableData(MAKE_TAG('m','o','r','t'), nullptr, &lenMort) || getSfntTableData(MAKE_TAG('m','o','r','x'), nullptr, &lenMorx))
             return true;
 
         if (hb_face_t *face = hb_qt_face_get_for_engine(const_cast<QFontEngine *>(this))) {