This looks a bit tricky to review, can you provide a pointer (hehe) to where you expect table to be null-terminated?

Well, there's only one more diff chunk in this file. ;)

I know, but what I mean is that it's not clear from the codeflow how the return value of GetTable is later used with the expectation that it is null-terminated. (I am not asking you to unwrap the whole codeflow, just some hint that this is correct...)

Ah, you mean where the code expects NUL-termination? See the backtrace in the commit:

ERROR: AddressSanitizer: heap-buffer-overflow on address 0x617000235709 at pc 0x7f95efd3c48a bp 0x7ffe41b6ecc0 sp 0x7ffe41b6ecb0
READ of size 1 at 0x617000235709 thread T0
    #0 0x7f95efd3c489 in utf16be_to_ascii extern/ttconv/pprdrv_tt.cpp:178
    #1 0x7f95efd3c489 in Read_name(TTFONT*) extern/ttconv/pprdrv_tt.cpp:339
    #2 0x7f95efd499ef in read_font(...) extern/ttconv/pprdrv_tt.cpp:1325
    #3 0x7f95efd4c602 in get_pdf_charprocs(...) extern/ttconv/pprdrv_tt.cpp:1420
    #4 0x7f95efd35c22 in py_get_pdf_charprocs src/_ttconv.cpp:217

0x617000235709 is located 1 bytes to the right of 648-byte region [0x617000235480,0x617000235708)
allocated by thread T0 here:
    #0 0x7f9612262a38 in __interceptor_calloc (/usr/lib64/libasan.so.4+0xdea38)
    #1 0x7f95efd3b261 in GetTable(TTFONT*, char const*) extern/ttconv/pprdrv_tt.cpp:140

Read_name calls utf16be_to_ascii with some pointer in the middle of the table + a length, but it also checks for NUL-termination to ensure no overflows.

Ah, I see, should have read the commit message :-) Thanks!

Note for the future reviewer: this additionally calls FT_Done_Glyph on each element of glyph.
This parts looks good to me.