I discovered these while testing a broad ASCII range of glyphs ([!..~]) from Consolas and Courier New. Compiling with ASAN identified the out of bounds access at contours[j].start = i; after incrementing j. IIRC, the - glyph in Consolas entered the conditional block that called msdf_edgeSplit() with all NULL output locations. These fixes seem reasonable, the sample output looks correct, and the tested ASCII range completed without any further memory errors.
I discovered these while testing a broad ASCII range of glyphs (
[!..~]) from Consolas and Courier New. Compiling with ASAN identified the out of bounds access atcontours[j].start = i;after incrementingj. IIRC, the-glyph in Consolas entered the conditional block that calledmsdf_edgeSplit()with allNULLoutput locations. These fixes seem reasonable, the sample output looks correct, and the tested ASCII range completed without any further memory errors.