From 5a4a86c27f733645a2276d0a3bd2494e73b3dc88 Mon Sep 17 00:00:00 2001
From: Bryce Harrington <bryce@bryceharrington.org>
Date: Tue, 12 Jun 2018 17:06:13 -0700
Subject: type1-subset: Fix incorrect null ptr check from find_token() (CID
 #1160662)

subrs was already tested for NULL prior to this, and will never be NULL
at this point.  Meanwhile, find_token()'s return is unchecked (it can
return NULL and is checked in all other calls).  Quite clearly, this is
a copy-paste error from the prior find_token call, and the intent was to
check array_start not subrs.

Coverity ID: #1160662
Signed-off-by: Bryce Harrington <bryce@bryceharrington.org>
Reviewed-By: Uli Schlachter <psychon@znc.in>
---
 src/cairo-type1-subset.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cairo-type1-subset.c b/src/cairo-type1-subset.c
index 89cb96f2e..5f0745688 100644
--- a/src/cairo-type1-subset.c
+++ b/src/cairo-type1-subset.c
@@ -1331,7 +1331,7 @@ cairo_type1_font_subset_write_private_dict (cairo_type1_font_subset_t *font,
 
     /* look for "dup" which marks the beginning of the first subr */
     array_start = find_token (subr_count_end, font->cleartext_end, "dup");
-    if (subrs == NULL)
+    if (array_start == NULL)
 	return CAIRO_INT_STATUS_UNSUPPORTED;
 
     /* Read in the subroutines */
-- 
cgit v1.2.3