From 504cdf2f472a01e10ede0a9249496eb858760c8d Mon Sep 17 00:00:00 2001
From: Christoph Schleifenbaum <christoph.schleifenbaum@kdab.com>
Date: Thu, 24 Sep 2020 07:14:48 +0200
Subject: QFontEngine: Do not call getSfntTable with uninitalized value

On FreeType font engine this results in a call to FT_Load_Sfnt_Table
with a pointer to an uninitialized value passed in as FT_ULong* length,
crashing. Instead initialize value to 0.

Change-Id: I50d6df3b2296a05640d939e862bc50adb0fec921
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
(cherry picked from commit e041f5459660eaa7108fa5888e77e64f7d1b3d1d)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
---
 src/gui/text/qfontengine.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/gui/text/qfontengine.cpp b/src/gui/text/qfontengine.cpp
index 1895ac8283..f68183cd89 100644
--- a/src/gui/text/qfontengine.cpp
+++ b/src/gui/text/qfontengine.cpp
@@ -366,8 +366,8 @@ bool QFontEngine::supportsScript(QChar::Script script) const
     if (qt_useHarfbuzzNG()) {
 #if defined(Q_OS_DARWIN)
         // in AAT fonts, 'gsub' table is effectively replaced by 'mort'/'morx' table
-        uint len;
-        if (getSfntTableData(MAKE_TAG('m','o','r','t'), 0, &len) || getSfntTableData(MAKE_TAG('m','o','r','x'), 0, &len))
+        uint lenMort = 0, lenMorx = 0;
+        if (getSfntTableData(MAKE_TAG('m','o','r','t'), 0, &lenMort) || getSfntTableData(MAKE_TAG('m','o','r','x'), 0, &lenMorx))
             return true;
 #endif
 
-- 
cgit v1.2.3