Commit ea4547ca031b14aad4fb8198ecc0d2f13371238d
2006-06-04T14:50:57
* src/base/ftutil.c (ft_mem_qrealloc): fix the function to accept 'item_size == 0' as well, though this sounds weird, it can theorically happen. see bug #16669
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
diff --git a/ChangeLog b/ChangeLog
index 1f59d11..4118d2b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
2006-06-04 David Turner <david@freetype.org>
+ * src/base/ftutil.c (ft_mem_qrealloc): fix the function
+ to accept 'item_size == 0' as well, though this sounds
+ weird, it can theorically happen.
+
+ see bug #16669
+
* src/pfr/pfrobjs.c (pfr_face_init): fix the computation
of 'face->num_glyphs' which missed the last glyph, due to
the offset-by-1 computation, since the PFR format doesn't
diff --git a/src/base/ftutil.c b/src/base/ftutil.c
index 7ad780d..6331969 100644
--- a/src/base/ftutil.c
+++ b/src/base/ftutil.c
@@ -120,12 +120,16 @@
FT_Error error = FT_Err_Ok;
- if ( cur_count < 0 || new_count < 0 || item_size <= 0 )
+ /* note that we now accept item_size == 0 as a valid
+ * parameter. this in order to cover very weird cases
+ * where a ALLOC_MULT macro would be called
+ */
+ if ( cur_count < 0 || new_count < 0 || item_size < 0 )
{
/* may help catch/prevent nasty security issues */
error = FT_Err_Invalid_Argument;
}
- else if ( new_count == 0 )
+ else if ( new_count == 0 || item_size == 0 )
{
ft_mem_free( memory, block );
block = NULL;