[smooth] Fix Harmony memory management.

Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9501 * src/smooth/ftgrays.c (ft_smooth_render_generic): Restore buffer after each rendering in case of failure.
2018-07-28 22:00:59 -04:00 · 2018-07-28 22:00:59 -04:00 · 2c3e895c74
parent 6e44d78cc1
commit 2c3e895c74
2 changed files with 17 additions and 4 deletions
--- a/11
+++ b/11
@ -1,3 +1,14 @@
+2018-07-28  Alexei Podtelezhnikov  <apodtele@gmail.com>
+
+	[smooth] Fix Harmony memory management.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9501
+
+	* src/smooth/ftgrays.c (ft_smooth_render_generic): Restore buffer
+	after each rendering in case of failure. 
+
 2018-07-28  Werner Lemberg  <wl@gnu.org>

 	[type1] Avoid segfaults with `FT_Get_PS_Font_Value'.
--- a/src/smooth/ftsmooth.c
+++ b/src/smooth/ftsmooth.c
@ -264,18 +264,19 @@
      bitmap->buffer += width;
      FT_Outline_Translate( outline, sub[0].x - sub[1].x, sub[0].y - sub[1].y );
      error = render->raster_render( render->raster, &params );
+      bitmap->buffer -= width;
      if ( error )
        goto Exit;

-      bitmap->buffer += width;
+      bitmap->buffer += 2 * width;
      FT_Outline_Translate( outline, sub[1].x - sub[2].x, sub[1].y - sub[2].y );
      error = render->raster_render( render->raster, &params );
+      bitmap->buffer -= 2 * width;
      if ( error )
        goto Exit;

      x_shift        -= sub[2].x;
      y_shift        -= sub[2].y;
-      bitmap->buffer -= 2 * width;

      /* XXX: Rearrange the bytes according to FT_PIXEL_MODE_LCD.    */
      /* XXX: It is more efficient to render every third byte above. */
@ -318,18 +319,19 @@
      bitmap->buffer += pitch;
      FT_Outline_Translate( outline, sub[0].y - sub[1].y, sub[1].x - sub[0].x );
      error = render->raster_render( render->raster, &params );
+      bitmap->buffer -= pitch;
      if ( error )
        goto Exit;

-      bitmap->buffer += pitch;
+      bitmap->buffer += 2 * pitch;
      FT_Outline_Translate( outline, sub[1].y - sub[2].y, sub[2].x - sub[1].x );
      error = render->raster_render( render->raster, &params );
+      bitmap->buffer -= 2 * pitch;
      if ( error )
        goto Exit;

      x_shift        -= sub[2].y;
      y_shift        += sub[2].x;
-      bitmap->buffer -= 2 * pitch;

      bitmap->pitch /= 3;
      bitmap->rows  *= 3;