freetype-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Devel] ftmac.c double free bug

From: Dan Williams
Subject: Re: [Devel] ftmac.c double free bug
Date: Tue, 8 Apr 2003 20:50:09 -0500 
Torrey,
I believe that I saw this as well when I was trying to graft in better dfont support for OpenOffice.org. I never had time to track down the real cause, but I had a lot of crashes at this exact point, usually when using wierd fonts (ie Beijing.dfont, Taipei.dfont which are not "true" TrueType fonts in 'sfnt' resources) that couldn't be loaded. I guess this would be why :) 

Dan

On Tuesday, April 8, 2003, at 06:49  PM, Torrey Lyons wrote:
There is a bug in ftmac.c which causes a double free of memory when a face fails to open. A patch to fix this is: 

Index: ftmac.c
===================================================================
RCS file: /home/x-cvs/xc/extras/freetype2/src/base/ftmac.c,v
retrieving revision 1.2
diff -u -d -b -w -r1.2 ftmac.c
--- ftmac.c     2003/01/01 22:08:40     1.2
+++ ftmac.c     2003/04/08 23:43:33
@@ -545,11 +545,6 @@
     error = FT_Open_Face( library, &args, face_index, aface );
     if ( error == FT_Err_Ok )
       (*aface)->face_flags &= ~FT_FACE_FLAG_EXTERNAL_STREAM;
-    else
-    {
-      FT_Stream_CloseFunc( stream );
-      FT_FREE( stream );
-    }

     return error;
   }
The problem is that FT_Open_Face() already frees the stream with FT_Stream_CloseFunc() and FT_FREE() if there is an error, so we should not be doing it here as well. 

--Torrey

_______________________________________________
Devel mailing list
address@hidden
http://www.freetype.org/mailman/listinfo/devel
reply via email to
[Prev in Thread] Current Thread [Next in Thread]