[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freetype2] master 30ca63d: [bdf] Fix up user properties.
|
From: |
Werner Lemberg |
|
Subject: |
[freetype2] master 30ca63d: [bdf] Fix up user properties. |
|
Date: |
Sat, 16 Oct 2021 23:09:01 -0400 (EDT) |
branch: master
commit 30ca63d4fb5933cad2547a73f78c25b920266d44
Author: Alexei Podtelezhnikov <apodtele@gmail.com>
Commit: Alexei Podtelezhnikov <apodtele@gmail.com>
[bdf] Fix up user properties.
Fallout reported as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40027
* src/bdf/bdflib.c (_bdf_add_property): Cosmetic NULL.
(bdf_create_property): Limit allocations to customary signed
FT_Long and NULL-initialize unused storage.
(bdf_free_font): Do not free unused storage.
---
src/bdf/bdflib.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/src/bdf/bdflib.c b/src/bdf/bdflib.c
index f2ce328..82272ce 100644
--- a/src/bdf/bdflib.c
+++ b/src/bdf/bdflib.c
@@ -852,7 +852,7 @@
p = font->user_props + font->nuser_props;
n = ft_strlen( name ) + 1;
- if ( n > FT_ULONG_MAX )
+ if ( n > FT_LONG_MAX )
return FT_THROW( Invalid_Argument );
if ( FT_QALLOC( p->name, n ) )
@@ -860,8 +860,9 @@
FT_MEM_COPY( (char *)p->name, name, n );
- p->format = format;
- p->builtin = 0;
+ p->format = format;
+ p->builtin = 0;
+ p->value.atom = NULL; /* nothing is ever stored here */
n = _num_bdf_properties + font->nuser_props;
@@ -1181,7 +1182,7 @@
switch ( prop->format )
{
case BDF_ATOM:
- fp->value.atom = 0;
+ fp->value.atom = NULL;
if ( value && value[0] )
{
if ( FT_STRDUP( fp->value.atom, value ) )
@@ -2351,11 +2352,7 @@
/* Free up the user defined properties. */
for ( prop = font->user_props, i = 0;
i < font->nuser_props; i++, prop++ )
- {
FT_FREE( prop->name );
- if ( prop->format == BDF_ATOM )
- FT_FREE( prop->value.atom );
- }
FT_FREE( font->user_props );
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [freetype2] master 30ca63d: [bdf] Fix up user properties.,
Werner Lemberg <=