Commit b2ba68665f93be2b03b6b27aa30dc9f190cf3fef
2015-01-14T18:43:13
[smooth] Fix uninitialized memory access. Looks like `ras.span_y' could always be used without initialization. This was never detected by valgrind before because the library-wide `raster_pool' was used for the worker object and `raster_pool' was originally zero'ed. But subsequent reuses of it were using `span_y' uninitialized. With the recent change to not use `render_pool' and allocate worker and buffer on the stack, valgrind now detects this uninitialized access. * src/smooth/ftgrays.c (gray_raster_render): Initialize `ras.span_y'.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
diff --git a/ChangeLog b/ChangeLog
index 62bb099..ee91e3e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,20 @@
2015-01-14 Behdad Esfahbod <behdad@behdad.org>
+ [smooth] Fix uninitialized memory access.
+
+ Looks like `ras.span_y' could always be used without initialization.
+ This was never detected by valgrind before because the library-wide
+ `raster_pool' was used for the worker object and `raster_pool' was
+ originally zero'ed. But subsequent reuses of it were using `span_y'
+ uninitialized. With the recent change to not use `render_pool' and
+ allocate worker and buffer on the stack, valgrind now detects this
+ uninitialized access.
+
+ * src/smooth/ftgrays.c (gray_raster_render): Initialize
+ `ras.span_y'.
+
+2015-01-14 Behdad Esfahbod <behdad@behdad.org>
+
[base] Don't initialize unused `driver->glyph_loader'.
* src/base/ftobjs.c (Destroy_Driver): Don't call
diff --git a/src/smooth/ftgrays.c b/src/smooth/ftgrays.c
index 65eb64c..4240b01 100644
--- a/src/smooth/ftgrays.c
+++ b/src/smooth/ftgrays.c
@@ -1985,6 +1985,7 @@ typedef ptrdiff_t FT_PtrDist;
ras.invalid = 1;
ras.band_size = band_size;
ras.num_gray_spans = 0;
+ ras.span_y = 0;
if ( params->flags & FT_RASTER_FLAG_DIRECT )
{