[freetype2] master 6a4718a: Fix use of uninitialized memory.

freetype-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freetype2] master 6a4718a: Fix use of uninitialized memory.

From:	Werner LEMBERG
Subject:	[freetype2] master 6a4718a: Fix use of uninitialized memory.
Date:	Tue, 5 Mar 2019 05:28:37 -0500 (EST)

branch: master
commit 6a4718a3a0584c976b10d4e3a2cc58dc5f4a8242
Author: Sebastian Rasmussen <address@hidden>
Commit: Werner Lemberg <address@hidden>

    Fix use of uninitialized memory.
    
    * src/psaux/psintrp.c (cf2_interpT2CharString): The call to
    `cf2_arrstack_setCount' may fail because the allocator ran out of
    memory.  When this happens the stack is still written to before the
    error condition is checked.  This means that FreeType writes outside
    of allocated memory.  This commit moves the error check prior to the
    stack assignment, hence the function now properly returns with an
    error condition.
---
 ChangeLog           | 12 ++++++++++++
 src/psaux/psintrp.c |  6 +++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 614b65e..2cb180d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2019-03-05  Sebastian Rasmussen  <address@hidden>
+
+       [psaux] Fix use of uninitialized memory.
+
+       * src/psaux/psintrp.c (cf2_interpT2CharString): The call to
+       `cf2_arrstack_setCount' may fail because the allocator ran out of
+       memory.  When this happens the stack is still written to before the
+       error condition is checked.  This means that FreeType writes outside
+       of allocated memory.  This commit moves the error check prior to the
+       stack assignment, hence the function now properly returns with an
+       error condition.
+
 2019-02-23  Werner Lemberg  <address@hidden>
 
        * src/base/ftbitmap.c (FT_Bitmap_Blend): No fractional offsets.
diff --git a/src/psaux/psintrp.c b/src/psaux/psintrp.c
index ed5ced1..e2f3acc 100644
--- a/src/psaux/psintrp.c
+++ b/src/psaux/psintrp.c
@@ -612,14 +612,14 @@
     cf2_arrstack_setCount( &subrStack, CF2_MAX_SUBR + 1 );
 
     charstring  = (CF2_Buffer)cf2_arrstack_getBuffer( &subrStack );
-    *charstring = *buf;    /* structure copy */
-
-    charstringIndex = 0;       /* entry is valid now */
 
     /* catch errors so far */
     if ( *error )
       goto exit;
 
+    *charstring     = *buf;    /* structure copy     */
+    charstringIndex = 0;       /* entry is valid now */
+
     /* main interpreter loop */
     while ( 1 )
     {

[Prev in Thread]

Current Thread

[Next in Thread]

[freetype2] master 6a4718a: Fix use of uninitialized memory., Werner LEMBERG <=

Prev by Date: [freetype2] master 6d65c60: Minor formatting.
Next by Date: [freetype2] master 31757f9: [base] Handle numeric overflow (#55827).
Previous by thread: [freetype2] master 6d65c60: Minor formatting.
Next by thread: [freetype2] master 31757f9: [base] Handle numeric overflow (#55827).
Index(es):
- Date
- Thread