[ft-devel] bug report: access through null pointer when out of memory in

freetype-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ft-devel] bug report: access through null pointer when out of memory in

From:	Graham Asher
Subject:	[ft-devel] bug report: access through null pointer when out of memory in open_face
Date:	Tue, 22 May 2007 15:41:06 +0100

Dear FreeTypers,

I recently got a crash when running out of memory in open_face in ftobjs.c.
It was caused by the failure of destroy_charmaps to check whether 'face' is
null.

The fix is simple: replace the code starting at the label Fail: in open_face
with this:


  Fail:
    if ( error )
    {
      if ( face )
        {
        destroy_charmaps( face, memory );
        clazz->done_face( face );
        }
      FT_FREE( internal );
      FT_FREE( face );
      *aface = 0;
    }

    return error;


protecting 'destroy_charmaps ... ' and 'clazz->done_face ....' with 'if
(face) { ... }'.

It may be better to put the checks inside destroy_charmaps and
clazz->done_face. I leave that for David or Werner to decide.

Best wishes,

Graham Asher

[Prev in Thread]

Current Thread

[Next in Thread]

[ft-devel] bug report: access through null pointer when out of memory in open_face, Graham Asher <=

Prev by Date: Re: [ft-devel] RE: dropout in '2' in times.ttf
Next by Date: [ft-devel] Unpatented hinting when vertical and horizontal point sizes are different
Previous by thread: [ft-devel] RE: dropout in '2' in times.ttf
Next by thread: [ft-devel] Unpatented hinting when vertical and horizontal point sizes are different
Index(es):
- Date
- Thread