67cf7a8841
If memory allocations fail at certain points while opening a font, FreeType can either crash due to a NULL dereference or leak memory. * include/freetype/internal/ftobjs.c (FT_Face_InternalRec, FT_LibraryRec): Make `refcount' a signed integer. If, for example, FT_Open_Face() fails in a memory allocation before the face's reference count is set to 1, a subsequent `FT_Done_Library' call would otherwise loop over `FT_Done_Face' 2^32 times before freeing the face. * src/base/ftobjs.c (open_face): Initialize `stream' and friends earlier. (FT_Open_Face) <Fail>: Behave correctly if `node' is NULL. (FT_Destroy_Module) <Fail>: Check that `renderer_clazz' is valid. |
||
---|---|---|
.. | ||
freetype | ||
ft2build.h |