[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ft-devel] FT_New_GlyphSlot crashes if out of memory allocating slot
From: |
Wenlin Institute |
Subject: |
Re: [ft-devel] FT_New_GlyphSlot crashes if out of memory allocating slot->internal |
Date: |
Tue, 4 Nov 2008 23:06:31 -0800 |
On Nov 4, 2008, at 1:16 PM, Graham Asher wrote:
The title says it all really. I discovered this when by forcing
random heap
allocation failures - a technique we used to use at Symbian.
If this line fails in ft_glyphslot_init
if ( FT_NEW( internal ) )
then slot->internal is null, and when FT_New_GlyphSlot detects the
error and
calls ft_glyphslot_done, it calls ft_glyphslot_free_bitmap. which
dies with
a null pointer access.
FT_BASE_DEF( void )
ft_glyphslot_free_bitmap( FT_GlyphSlot slot )
{
if ( slot->internal->flags & FT_GLYPH_OWN_BITMAP ) // CRASH!
{
FT_Memory memory = FT_FACE_MEMORY( slot->face );
FT_FREE( slot->bitmap.buffer );
slot->internal->flags &= ~FT_GLYPH_OWN_BITMAP;
}
else
{
/* assume that the bitmap buffer was stolen or not */
/* allocated from the heap */
slot->bitmap.buffer = NULL;
}
}
Suggested fix : change
if ( slot->internal->flags & FT_GLYPH_OWN_BITMAP )
to
if (slot && (slot->internal->flags & FT_GLYPH_OWN_BITMAP) )
If the danger is that maybe slot->internal==NULL, shouldn't the test
be this instead?
if (slot->internal && (slot->internal->flags &
FT_GLYPH_OWN_BITMAP) )
?
If there's also a danger of slot==NULL then a solution would be to put
if ( ! slot) return;
at the beginning, or surround the whole function with
if (slot) {...}
Otherwise the "else" part would still crash if slot==NULL.
Tom
Best regards,
Graham Asher
_______________________________________________
Freetype-devel mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/freetype-devel
文林 Wenlin Institute, Inc. Software for Learning Chinese
E-mail: address@hidden Web: http://www.wenlin.com
Telephone: 1-877-4-WENLIN (1-877-493-6546)
☯