[raster] Fix uninitialized memory access. Apparently `ras.cProfile' might be uninitialized. This will be the case if `ras.top == ras.cProfile->offset', as can be seen in `End_Profile'. The overshoot code introduced in a change `Fix B/W rasterization of subglyphs with different drop-out modes.' (from 2009-06-18) violated this, accessing `ras.cProfile->flags' unconditionally just before calling `End_Profile' (which then detected that `cProfile' is uninitialized and didn't touch it). This was harmless, and was not detected by valgrind before because the objects were allocated on the `raster_pool', which was always initialized. With recent change to allocate raster buffers on the stack, valgrind now reported this invalid access. * src/raster/ftraster.c (Convert_Glyph): Don't access an uninitialized `cProfile'.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
diff --git a/ChangeLog b/ChangeLog
index ee91e3e..72e4a7c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,25 @@
2015-01-14 Behdad Esfahbod <behdad@behdad.org>
+ [raster] Fix uninitialized memory access.
+
+ Apparently `ras.cProfile' might be uninitialized. This will be the
+ case if `ras.top == ras.cProfile->offset', as can be seen in
+ `End_Profile'. The overshoot code introduced in a change `Fix B/W
+ rasterization of subglyphs with different drop-out modes.' (from
+ 2009-06-18) violated this, accessing `ras.cProfile->flags'
+ unconditionally just before calling `End_Profile' (which then
+ detected that `cProfile' is uninitialized and didn't touch it).
+
+ This was harmless, and was not detected by valgrind before because
+ the objects were allocated on the `raster_pool', which was always
+ initialized. With recent change to allocate raster buffers on the
+ stack, valgrind now reported this invalid access.
+
+ * src/raster/ftraster.c (Convert_Glyph): Don't access an
+ uninitialized `cProfile'.
+
+2015-01-14 Behdad Esfahbod <behdad@behdad.org>
+
[smooth] Fix uninitialized memory access.
Looks like `ras.span_y' could always be used without initialization.
diff --git a/src/raster/ftraster.c b/src/raster/ftraster.c
index 552a568..2b182f7 100644
--- a/src/raster/ftraster.c
+++ b/src/raster/ftraster.c
@@ -1982,7 +1982,8 @@
/* to be drawn. */
lastProfile = ras.cProfile;
- if ( ras.cProfile->flags & Flow_Up )
+ if ( ras.top != ras.cProfile->offset &&
+ ( ras.cProfile->flags & Flow_Up ) )
o = IS_TOP_OVERSHOOT( ras.lastY );
else
o = IS_BOTTOM_OVERSHOOT( ras.lastY );