[ft-devel] Patch: fix uninitialized variable

freetype-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ft-devel] Patch: fix uninitialized variable

From:	Mike FABIAN
Subject:	[ft-devel] Patch: fix uninitialized variable
Date:	Mon, 18 Aug 2008 18:01:17 +0200
User-agent:	Gnus/5.110006 (No Gnus v0.6) XEmacs/21.5-b28 (linux)

freetype 2.3.7 crashes for me on x86_64 when calling the following
small fontforge script:

address@hidden:/tmp/fontforge-bug$ cat copy-uni3231 
#!/usr/bin/fontforge
#
# Copy U+3231 from Sazanami Gothic into Sazanami Mincho

Open ("sazanami-gothic.ttf")
Select("uni3231")
Copy ()
Close ()
Open ("sazanami-mincho.ttf")
Select ("uni3231")
Paste ()
Generate ("sazanami-mincho.ttf", "ttf", 0)
Close ()

address@hidden:/tmp/fontforge-bug$

fontforge calls FT_Open_Face() with 0 for the FT_Library argument,
then

    error = FT_Stream_New( library, args, &stream );
    if ( error )
      goto Fail3;

fails with error 0x21 ("invalid library handle") and

  Fail3:
    /* If we are on the mac, and we get an FT_Err_Invalid_Stream_Operation */
    /* it may be because we have an empty data fork, so we need to check   */
    /* the resource fork.                                                  */
    if ( FT_ERROR_BASE( error ) != FT_Err_Cannot_Open_Stream       &&
         FT_ERROR_BASE( error ) != FT_Err_Unknown_File_Format      &&
         FT_ERROR_BASE( error ) != FT_Err_Invalid_Stream_Operation )
      goto Fail2;

jumps to:

  Fail2:
      FT_Stream_Free( stream, external_stream );

which crashes because “stream” has not been initialized and contains
some junk.

That fontforge calls FT_Open_Face() with an invalid library handle
might be a fontforge bug but freetype2 should not try to free “stream”
if “stream” has not been allocated.

Initializing stream with NULL in FT_Open_Face() fixes this.

-- 
Mike FABIAN   <address@hidden>   http://www.suse.de/~mfabian
睡眠不足はいい仕事の敵だ。
I � Unicode

diff -ru freetype-2.3.7.orig//src/base/ftobjs.c freetype-2.3.7/src/base/ftobjs.c
--- freetype-2.3.7.orig//src/base/ftobjs.c      2008-06-10 06:57:53.000000000 
+0200
+++ freetype-2.3.7/src/base/ftobjs.c    2008-08-18 16:16:38.000000000 +0200
@@ -1713,7 +1713,7 @@
     FT_Error     error;
     FT_Driver    driver;
     FT_Memory    memory;
-    FT_Stream    stream;
+    FT_Stream    stream = NULL;
     FT_Face      face = 0;
     FT_ListNode  node = 0;
     FT_Bool      external_stream;

[Prev in Thread]

Current Thread

[Next in Thread]

[ft-devel] Patch: fix uninitialized variable, Mike FABIAN <=
- Re: [ft-devel] Patch: fix uninitialized variable, mpsuzuki, 2008/08/18
  - Re: [ft-devel] Patch: fix uninitialized variable, mpsuzuki, 2008/08/18
    - Re: [ft-devel] Patch: fix uninitialized variable, Werner LEMBERG, 2008/08/19
    - Re: [ft-devel] Patch: fix uninitialized variable, Mike FABIAN, 2008/08/19
    - Re: [ft-devel] Patch: fix uninitialized variable, mpsuzuki, 2008/08/19
- Re: [ft-devel] Patch: fix uninitialized variable, George Williams, 2008/08/20

Prev by Date: [ft-devel] Re: freetype-2.3.7 -- ftconfig.h for biarch systems
Next by Date: Re: [ft-devel] Patch: fix uninitialized variable
Previous by thread: [ft-devel] Re: freetype-2.3.7 -- ftconfig.h for biarch systems
Next by thread: Re: [ft-devel] Patch: fix uninitialized variable
Index(es):
- Date
- Thread