diff --git a/ChangeLog b/ChangeLog index 1aab6dfa2..20992efec 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2010-05-22 Werner Lemberg + + Fix various memory problems found by linuxtesting.org. + + * src/base/ftgxval.c (FT_TrueTypeGX_Free, FT_ClassicKern_Free), + src/base/ftotval.c (FT_OpenType_Free), src/base/ftpfr.c + (ft_pfr_check): Check `face'. + + * src/base/ftobjs.c (FT_Get_Charmap_Index): Check `charmap' and + `charmap->face'. + (FT_Render_Glyph): Check `slot->face'. + (FT_Get_SubGlyph_Info): Check `glyph->subglyphs'. + 2010-05-22 Werner Lemberg autofit: Remove dead code. diff --git a/include/freetype/freetype.h b/include/freetype/freetype.h index 942a740f0..7ca9a9c9e 100644 --- a/include/freetype/freetype.h +++ b/include/freetype/freetype.h @@ -2997,7 +2997,7 @@ FT_BEGIN_HEADER * * @return: * The index into the array of character maps within the face to which - * `charmap' belongs. + * `charmap' belongs. If an error occurs, -1 is returned. * */ FT_EXPORT( FT_Int ) diff --git a/include/freetype/ftlist.h b/include/freetype/ftlist.h index 93b05fc0d..bb6f7f119 100644 --- a/include/freetype/ftlist.h +++ b/include/freetype/ftlist.h @@ -4,7 +4,7 @@ /* */ /* Generic list support for FreeType (specification). */ /* */ -/* Copyright 1996-2001, 2003, 2007 by */ +/* Copyright 1996-2001, 2003, 2007, 2010 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -255,6 +255,10 @@ FT_BEGIN_HEADER /* user :: A user-supplied field which is passed as the last */ /* argument to the destructor. */ /* */ + /* */ + /* This function expects that all nodes added by @FT_List_Add or */ + /* @FT_List_Insert have been dynamically allocated. */ + /* */ FT_EXPORT( void ) FT_List_Finalize( FT_List list, FT_List_Destructor destroy, diff --git a/include/freetype/ftmodapi.h b/include/freetype/ftmodapi.h index 3c9b876df..5c1f25814 100644 --- a/include/freetype/ftmodapi.h +++ b/include/freetype/ftmodapi.h @@ -4,7 +4,7 @@ /* */ /* FreeType modules public interface (specification). */ /* */ -/* Copyright 1996-2001, 2002, 2003, 2006, 2008, 2009 by */ +/* Copyright 1996-2001, 2002, 2003, 2006, 2008, 2009, 2010 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -263,6 +263,9 @@ FT_BEGIN_HEADER /* @FT_Add_Default_Modules or a series of calls to @FT_Add_Module) */ /* instead of @FT_Init_FreeType to initialize the FreeType library. */ /* */ + /* Don't use @FT_Done_FreeType but @FT_Done_Library to destroy a */ + /* library instance. */ + /* */ /* */ /* memory :: A handle to the original memory object. */ /* */ diff --git a/src/base/ftgxval.c b/src/base/ftgxval.c index 32662bed8..aeeb8ce4f 100644 --- a/src/base/ftgxval.c +++ b/src/base/ftgxval.c @@ -4,7 +4,7 @@ /* */ /* FreeType API for validating TrueTyepGX/AAT tables (body). */ /* */ -/* Copyright 2004, 2005, 2006 by */ +/* Copyright 2004, 2005, 2006, 2010 by */ /* Masatake YAMATO, Redhat K.K, */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ @@ -73,9 +73,14 @@ FT_TrueTypeGX_Free( FT_Face face, FT_Bytes table ) { - FT_Memory memory = FT_FACE_MEMORY( face ); + FT_Memory memory; + if ( !face ) + return; + + memory = FT_FACE_MEMORY( face ); + FT_FREE( table ); } @@ -119,7 +124,13 @@ FT_ClassicKern_Free( FT_Face face, FT_Bytes table ) { - FT_Memory memory = FT_FACE_MEMORY( face ); + FT_Memory memory; + + + if ( !face ) + return; + + memory = FT_FACE_MEMORY( face ); FT_FREE( table ); diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c index f5be131aa..ad3499849 100644 --- a/src/base/ftobjs.c +++ b/src/base/ftobjs.c @@ -2950,6 +2950,9 @@ FT_Int i; + if ( !charmap || !charmap->face ) + return -1; + for ( i = 0; i < charmap->face->num_charmaps; i++ ) if ( charmap->face->charmaps[i] == charmap ) break; @@ -3844,7 +3847,7 @@ FT_Library library; - if ( !slot ) + if ( !slot || !slot->face ) return FT_Err_Invalid_Argument; library = FT_FACE_LIBRARY( slot->face ); @@ -4469,6 +4472,8 @@ #endif /* FT_CONFIG_OPTION_OLD_INTERNALS */ + /* documentation is in freetype.h */ + FT_EXPORT_DEF( FT_Error ) FT_Get_SubGlyph_Info( FT_GlyphSlot glyph, FT_UInt sub_index, @@ -4481,7 +4486,8 @@ FT_Error error = FT_Err_Invalid_Argument; - if ( glyph != NULL && + if ( glyph && + glyph->subglyphs && glyph->format == FT_GLYPH_FORMAT_COMPOSITE && sub_index < glyph->num_subglyphs ) { diff --git a/src/base/ftotval.c b/src/base/ftotval.c index 20ed686ee..694fd2b87 100644 --- a/src/base/ftotval.c +++ b/src/base/ftotval.c @@ -4,7 +4,7 @@ /* */ /* FreeType API for validating OpenType tables (body). */ /* */ -/* Copyright 2004, 2006, 2008 by */ +/* Copyright 2004, 2006, 2008, 2010 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -74,9 +74,14 @@ FT_OpenType_Free( FT_Face face, FT_Bytes table ) { - FT_Memory memory = FT_FACE_MEMORY( face ); + FT_Memory memory; + if ( !face ) + return; + + memory = FT_FACE_MEMORY( face ); + FT_FREE( table ); } diff --git a/src/base/ftpfr.c b/src/base/ftpfr.c index f9592bb1b..3a0f92d07 100644 --- a/src/base/ftpfr.c +++ b/src/base/ftpfr.c @@ -4,7 +4,7 @@ /* */ /* FreeType API for accessing PFR-specific data (body). */ /* */ -/* Copyright 2002, 2003, 2004, 2008 by */ +/* Copyright 2002, 2003, 2004, 2008, 2010 by */ /* David Turner, Robert Wilhelm, and Werner Lemberg. */ /* */ /* This file is part of the FreeType project, and may only be used, */ @@ -24,10 +24,11 @@ static FT_Service_PfrMetrics ft_pfr_check( FT_Face face ) { - FT_Service_PfrMetrics service; + FT_Service_PfrMetrics service = NULL; - FT_FACE_LOOKUP_SERVICE( face, service, PFR_METRICS ); + if ( face ) + FT_FACE_LOOKUP_SERVICE( face, service, PFR_METRICS ); return service; }