Werner Lemberg pushed to branch master at FreeType / FreeType
Commits:
-
b0729b8f
by Ben Wagner at 2021-03-16T08:47:45+01:00
2 changed files:
Changes:
| 1 |
+2021-03-16 Ben Wagner <bungeman@google.com>
|
|
| 2 |
+ |
|
| 3 |
+ [sfnt] Fix memory leak in png loading.
|
|
| 4 |
+ |
|
| 5 |
+ Reported as
|
|
| 6 |
+ |
|
| 7 |
+ https://bugs.chromium.org/p/chromium/issues/detail?id=1182552
|
|
| 8 |
+ |
|
| 9 |
+ Memory is allocated and the pointer assigned to `rows` inside a
|
|
| 10 |
+ 'setjmp' scope. This memory must be freed outside the 'setjmp'
|
|
| 11 |
+ scope after a 'longjmp'. Since `rows` is a local and modified
|
|
| 12 |
+ inside the 'setjmp' scope it must be marked volatile or it will have
|
|
| 13 |
+ an indeterminate value after the 'longjmp'.
|
|
| 14 |
+ |
|
| 15 |
+ * src/sfnt/pngshim.c (Load_SBit_Png): Fix memory leak of `rows`.
|
|
| 16 |
+ |
|
| 1 | 17 |
2021-03-16 Christopher Degawa <ccom@randomderp.com>
|
| 2 | 18 |
|
| 3 | 19 |
* CMakeLists.txt: Don't limit generation of 'pkg-config' file to UNIX.
|
| ... | ... | @@ -270,7 +270,10 @@ |
| 270 | 270 |
|
| 271 | 271 |
int bitdepth, color_type, interlace;
|
| 272 | 272 |
FT_Int i;
|
| 273 |
- png_byte* *rows = NULL; /* pacify compiler */
|
|
| 273 |
+ |
|
| 274 |
+ /* `rows` gets modified within a 'setjmp' scope; */
|
|
| 275 |
+ /* we thus need the `volatile` keyword. */
|
|
| 276 |
+ png_byte* *volatile rows = NULL;
|
|
| 274 | 277 |
|
| 275 | 278 |
|
| 276 | 279 |
if ( x_offset < 0 ||
|