Track how much type42 ttf data is available.

Currently T42_Open_Face eagerly allocates 12 bytes for the ttf header data which it expects t42_parse_sfnts to fill out from /sfnts data. However, there is no guarantee that t42_parse_sfnts will actually be called while parsing the type42 data as the /sfnts array may be missing or very short. This is also confusing behavior as it means T42_Open_Face is tightly coupled to the implementation of the very distant t42_parse_sfnts code which requires at least 12 bytes to already be reserved in face->ttf_data.

t42_parse_sfnts itself eagerly updates face->ttf_size to track how much space is reserved for ttf data instead of traking how much data has actually been written into face->ttf_data. It will also act strangely in the presense of multiple /sfnts arrays.

• src/type42/t42objs.c (T42_Open_Face): ensure ttf_data is initialized to NULL. Free ttf_data on error.

• src/type42/t42parse.c (t42_parse_sfnts): Delay setting ttf_size and set it to the actual number of bytes read. Ensure ttf_data is freed if there are multiple /sfnts arrays or there are any errors.