freetype-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ft-devel] FT_New_GlyphSlot crashes if out of memory allocating slot->in

From: Graham Asher
Subject: [ft-devel] FT_New_GlyphSlot crashes if out of memory allocating slot->internal
Date: Tue, 4 Nov 2008 21:16:11 -0000 
The title says it all really. I discovered this when by forcing random heap
allocation failures - a technique we used to use at Symbian.

If this line fails in ft_glyphslot_init

    if ( FT_NEW( internal ) )

then slot->internal is null, and when FT_New_GlyphSlot detects the error and
calls ft_glyphslot_done, it calls ft_glyphslot_free_bitmap. which dies with
a null pointer access.

  FT_BASE_DEF( void )
  ft_glyphslot_free_bitmap( FT_GlyphSlot  slot )
  {
    if ( slot->internal->flags & FT_GLYPH_OWN_BITMAP ) // CRASH!
    {
      FT_Memory  memory = FT_FACE_MEMORY( slot->face );


      FT_FREE( slot->bitmap.buffer );
      slot->internal->flags &= ~FT_GLYPH_OWN_BITMAP;
    }
    else
    {
      /* assume that the bitmap buffer was stolen or not */
      /* allocated from the heap                         */
      slot->bitmap.buffer = NULL;
    }
  }

Suggested fix : change

    if ( slot->internal->flags & FT_GLYPH_OWN_BITMAP )

to

    if (slot && (slot->internal->flags & FT_GLYPH_OWN_BITMAP) )

Best regards,

Graham Asher
reply via email to
[Prev in Thread] Current Thread [Next in Thread]