Commit c6788a389d9003c5c6b86f30047e05658416f7d6
2009-06-07T13:09:21
Fix some potential out-of-memory crashes. * src/base/ftobjs.c (ft_glyphslot_done): Check `slot->internal'. * src/base/ftstream.c (FT_Stream_ReleaseFrame): Check `stream'. * src/truetype/ttinterp.c (TT_New_Context): Avoid double-free of `exec' in case of failure.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
diff --git a/ChangeLog b/ChangeLog
index 37e2a1c..6491293 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2009-06-07 Harald Fernengel <harry@kdevelop.org>
+
+ Fix some potential out-of-memory crashes.
+
+ * src/base/ftobjs.c (ft_glyphslot_done): Check `slot->internal'.
+ * src/base/ftstream.c (FT_Stream_ReleaseFrame): Check `stream'.
+ * src/truetype/ttinterp.c (TT_New_Context): Avoid double-free of
+ `exec' in case of failure.
+
2009-06-07 Werner Lemberg <wl@gnu.org>
Simplify math.
diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index 6e357bb..fabb0c6 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -348,14 +348,18 @@
/* free bitmap buffer if needed */
ft_glyphslot_free_bitmap( slot );
- /* free glyph loader */
- if ( FT_DRIVER_USES_OUTLINES( driver ) )
+ /* slot->internal might be NULL in out-of-memory situations */
+ if ( slot->internal )
{
- FT_GlyphLoader_Done( slot->internal->loader );
- slot->internal->loader = 0;
- }
+ /* free glyph loader */
+ if ( FT_DRIVER_USES_OUTLINES( driver ) )
+ {
+ FT_GlyphLoader_Done( slot->internal->loader );
+ slot->internal->loader = 0;
+ }
- FT_FREE( slot->internal );
+ FT_FREE( slot->internal );
+ }
}
diff --git a/src/base/ftstream.c b/src/base/ftstream.c
index cff67e0..651c7c8 100644
--- a/src/base/ftstream.c
+++ b/src/base/ftstream.c
@@ -4,7 +4,7 @@
/* */
/* I/O stream support (body). */
/* */
-/* Copyright 2000-2001, 2002, 2004, 2005, 2006, 2008 by */
+/* Copyright 2000-2001, 2002, 2004, 2005, 2006, 2008, 2009 by */
/* David Turner, Robert Wilhelm, and Werner Lemberg. */
/* */
/* This file is part of the FreeType project, and may only be used, */
@@ -211,7 +211,7 @@
FT_Stream_ReleaseFrame( FT_Stream stream,
FT_Byte** pbytes )
{
- if ( stream->read )
+ if ( stream && stream->read )
{
FT_Memory memory = stream->memory;
diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c
index 2279a62..a3346ce 100644
--- a/src/truetype/ttinterp.c
+++ b/src/truetype/ttinterp.c
@@ -791,9 +791,9 @@
/* allocate object */
if ( FT_NEW( exec ) )
- goto Exit;
+ goto Fail;
- /* initialize it */
+ /* initialize it; in case of error this deallocates `exec' too */
error = Init_Context( exec, memory );
if ( error )
goto Fail;
@@ -802,13 +802,10 @@
driver->context = exec;
}
- Exit:
return driver->context;
Fail:
- FT_FREE( exec );
-
- return 0;
+ return NULL;
}