From c6788a389d9003c5c6b86f30047e05658416f7d6 Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Sun, 7 Jun 2009 13:09:21 +0200 Subject: [PATCH] Fix some potential out-of-memory crashes. * src/base/ftobjs.c (ft_glyphslot_done): Check `slot->internal'. * src/base/ftstream.c (FT_Stream_ReleaseFrame): Check `stream'. * src/truetype/ttinterp.c (TT_New_Context): Avoid double-free of `exec' in case of failure. --- ChangeLog | 9 +++++++++ src/base/ftobjs.c | 16 ++++++++++------ src/base/ftstream.c | 4 ++-- src/truetype/ttinterp.c | 9 +++------ 4 files changed, 24 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 37e2a1c60..649129362 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2009-06-07 Harald Fernengel + + Fix some potential out-of-memory crashes. + + * src/base/ftobjs.c (ft_glyphslot_done): Check `slot->internal'. + * src/base/ftstream.c (FT_Stream_ReleaseFrame): Check `stream'. + * src/truetype/ttinterp.c (TT_New_Context): Avoid double-free of + `exec' in case of failure. + 2009-06-07 Werner Lemberg Simplify math. diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c index 6e357bb0d..fabb0c61c 100644 --- a/src/base/ftobjs.c +++ b/src/base/ftobjs.c @@ -348,14 +348,18 @@ /* free bitmap buffer if needed */ ft_glyphslot_free_bitmap( slot ); - /* free glyph loader */ - if ( FT_DRIVER_USES_OUTLINES( driver ) ) + /* slot->internal might be NULL in out-of-memory situations */ + if ( slot->internal ) { - FT_GlyphLoader_Done( slot->internal->loader ); - slot->internal->loader = 0; - } + /* free glyph loader */ + if ( FT_DRIVER_USES_OUTLINES( driver ) ) + { + FT_GlyphLoader_Done( slot->internal->loader ); + slot->internal->loader = 0; + } - FT_FREE( slot->internal ); + FT_FREE( slot->internal ); + } } diff --git a/src/base/ftstream.c b/src/base/ftstream.c index cff67e0e9..651c7c897 100644 --- a/src/base/ftstream.c +++ b/src/base/ftstream.c @@ -4,7 +4,7 @@ /* */ /* I/O stream support (body). */ /* */ -/* Copyright 2000-2001, 2002, 2004, 2005, 2006, 2008 by */ +/* Copyright 2000-2001, 2002, 2004, 2005, 2006, 2008, 2009 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -211,7 +211,7 @@ FT_Stream_ReleaseFrame( FT_Stream stream, FT_Byte** pbytes ) { - if ( stream->read ) + if ( stream && stream->read ) { FT_Memory memory = stream->memory; diff --git a/src/truetype/ttinterp.c b/src/truetype/ttinterp.c index 2279a62cb..a3346ce68 100644 --- a/src/truetype/ttinterp.c +++ b/src/truetype/ttinterp.c @@ -791,9 +791,9 @@ /* allocate object */ if ( FT_NEW( exec ) ) - goto Exit; + goto Fail; - /* initialize it */ + /* initialize it; in case of error this deallocates `exec' too */ error = Init_Context( exec, memory ); if ( error ) goto Fail; @@ -802,13 +802,10 @@ driver->context = exec; } - Exit: return driver->context; Fail: - FT_FREE( exec ); - - return 0; + return NULL; }