Re: [Devel] NT crash in psaux

freetype-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Devel] NT crash in psaux

From:	Werner LEMBERG
Subject:	Re: [Devel] NT crash in psaux
Date:	Wed, 31 Jan 2001 14:35:24 +0100 (CET)

> The crash happens when PS_Table_Add() calls MEM_Copy() with a
> "source" argument (variable name object) pointing to memory that has
> already been freed.  This results in a free memory read and a crash
> on NT/VC++.  I also work on DEC OSF/1 with the native DEC compiler,
> but we don't crash there presumably because the platform let's us
> get away with reading unallocated memory.

It seems to me that `reallocate_t1_table()' is buggy: It reallocates
`table->block' (saving its old address in `old_base'), then calls
`shift_elements()', using `old_base'.

IIRC it is not guaranteed that a newly allocated memory block (in case
realloc() doesn't increase the old one) doesn't overlap with the old
block, so shift_elements() will cause trouble.  Additionally, the
memory pointed to by `old_base' is no longer valid in this case.


    Werner

[Prev in Thread]

Current Thread

[Next in Thread]

[Devel] NT crash in psaux, Blinn, Eric W, 2001/01/30
- Re: [Devel] NT crash in psaux, Werner LEMBERG <=
- RE: [Devel] NT crash in psaux, Blinn, Eric W, 2001/01/31

Prev by Date: [Devel] Comments on Microsoft ClearType technology (fwd)
Next by Date: RE: [Devel] NT crash in psaux
Previous by thread: [Devel] NT crash in psaux
Next by thread: RE: [Devel] NT crash in psaux
Index(es):
- Date
- Thread