Testable with e.g. the CFF2 variable font in
https://github.com/adobe-fonts/source-sans-pro/releases/tag/3.006R in
Chromium on www.axis-praxis.org.
The cause is this diff:
```
diff --git a/src/psaux/psft.c b/src/psaux/psft.c
index 54be46834..a823ac800 100644
--- a/src/psaux/psft.c
+++ b/src/psaux/psft.c
@@ -313,9 +313,12 @@
FT_Error error = FT_Err_Ok;
CF2_Font font;
- FT_Bool is_t1 = decoder->builder.is_t1;
+ FT_Bool is_t1 = decoder->builder.is_t1;
+ if ( !charstring_base || !charstring_len )
+ return FT_ERR( Invalid_File_Format );
+
FT_ASSERT( decoder &&
( is_t1 || decoder->cff ) );
```
Removing the `if` block makes spaces spacy again. I have no idea what
to do about the returning UBSan warnings though. The check itself seems
wrong to me. Here's a TTX dump of the space glyph of Source Sans
Variable:
<CharString name="space">
</CharString>
