kc3-lang/freetype

Browse

Commit 2c3e895c745fe417e501195310de973867f0d43e

Alexei Podtelezhnikov 2018-07-28T22:00:59

[smooth] Fix Harmony memory management. Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9501 * src/smooth/ftgrays.c (ft_smooth_render_generic): Restore buffer after each rendering in case of failure. 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

diff --git a/ChangeLog b/ChangeLog
index ab5102c..f814bf4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2018-07-28  Alexei Podtelezhnikov  <apodtele@gmail.com>
+
+	[smooth] Fix Harmony memory management.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9501
+
+	* src/smooth/ftgrays.c (ft_smooth_render_generic): Restore buffer
+	after each rendering in case of failure. 
+
 2018-07-28  Werner Lemberg  <wl@gnu.org>
 
 	[type1] Avoid segfaults with `FT_Get_PS_Font_Value'.
diff --git a/src/smooth/ftsmooth.c b/src/smooth/ftsmooth.c
index 02b0c3d..1007f39 100644
--- a/src/smooth/ftsmooth.c
+++ b/src/smooth/ftsmooth.c
@@ -264,18 +264,19 @@
       bitmap->buffer += width;
       FT_Outline_Translate( outline, sub[0].x - sub[1].x, sub[0].y - sub[1].y );
       error = render->raster_render( render->raster, &params );
+      bitmap->buffer -= width;
       if ( error )
         goto Exit;
 
-      bitmap->buffer += width;
+      bitmap->buffer += 2 * width;
       FT_Outline_Translate( outline, sub[1].x - sub[2].x, sub[1].y - sub[2].y );
       error = render->raster_render( render->raster, &params );
+      bitmap->buffer -= 2 * width;
       if ( error )
         goto Exit;
 
       x_shift        -= sub[2].x;
       y_shift        -= sub[2].y;
-      bitmap->buffer -= 2 * width;
 
       /* XXX: Rearrange the bytes according to FT_PIXEL_MODE_LCD.    */
       /* XXX: It is more efficient to render every third byte above. */
@@ -318,18 +319,19 @@
       bitmap->buffer += pitch;
       FT_Outline_Translate( outline, sub[0].y - sub[1].y, sub[1].x - sub[0].x );
       error = render->raster_render( render->raster, &params );
+      bitmap->buffer -= pitch;
       if ( error )
         goto Exit;
 
-      bitmap->buffer += pitch;
+      bitmap->buffer += 2 * pitch;
       FT_Outline_Translate( outline, sub[1].y - sub[2].y, sub[2].x - sub[1].x );
       error = render->raster_render( render->raster, &params );
+      bitmap->buffer -= 2 * pitch;
       if ( error )
         goto Exit;
 
       x_shift        -= sub[2].y;
       y_shift        += sub[2].x;
-      bitmap->buffer -= 2 * pitch;
 
       bitmap->pitch /= 3;
       bitmap->rows  *= 3;
kmx.io     mail     discord kmxgit v0.4.0