[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master a443474: [cff] Fix handling of `style_name == NULL' (
|
From: |
Werner LEMBERG |
|
Subject: |
[freetype2] master a443474: [cff] Fix handling of `style_name == NULL' (#58630). |
|
Date: |
Fri, 19 Jun 2020 23:33:55 -0400 (EDT) |
branch: master
commit a4434747558d872c55e55ce428019a8e15d222dc
Author: Sebastian Rasmussen <sebras@gmail.com>
Commit: Werner Lemberg <wl@gnu.org>
[cff] Fix handling of `style_name == NULL' (#58630).
* src/cff/cffobjs.c (cff_face_init): If a call to `cff_strcpy' fails
by returning NULL in `cff_face_init', `remove_style' is still
called. This means that the NULL pointer is dereferenced, causing a
crash.
---
ChangeLog | 9 +++++++++
src/cff/cffobjs.c | 3 ++-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 3473057..858c696 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2020-06-20 Sebastian Rasmussen <sebras@gmail.com>
+
+ [cff] Fix handling of `style_name == NULL' (#58630).
+
+ * src/cff/cffobjs.c (cff_face_init): If a call to `cff_strcpy' fails
+ by returning NULL in `cff_face_init', `remove_style' is still
+ called. This means that the NULL pointer is dereferenced, causing a
+ crash.
+
2020-06-19 Sebastian Rasmussen <sebras@gmail.com>
[cff] Fix another two memory leaks (#58629).
diff --git a/src/cff/cffobjs.c b/src/cff/cffobjs.c
index 51430b2..d555d52 100644
--- a/src/cff/cffobjs.c
+++ b/src/cff/cffobjs.c
@@ -950,7 +950,8 @@
style_name = cff_strcpy( memory, fullp );
/* remove the style part from the family name (if present) */
- remove_style( cffface->family_name, style_name );
+ if ( style_name )
+ remove_style( cffface->family_name, style_name );
}
break;
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master a443474: [cff] Fix handling of `style_name == NULL' (#58630).,
Werner LEMBERG <=