From 04f7d3e7fd5069965bc74e678fc51b0412d15aa9 Mon Sep 17 00:00:00 2001 From: Patrick Lam Date: Tue, 11 Apr 2006 14:20:59 +0000 Subject: [PATCH] Properly convert static charsets to dynamic charsets. Fix memory leak in error case (Coverity defects #1820, #1821, #1822). Fix memory leak (Coverity defect #1819). prevent crash when invalid include line is parsed (Coverity defect #763). Fix potential null pointer access (Coverity defect #1804). Remove dead code (Coverity defect #1194). Prevent potential null pointer access (Coverity defect #767), ensure error value is read (Coverity defect #1195). reviewed by: plam --- ChangeLog | 29 +++++++++++++++++++++++++++++ fc-cat/fc-cat.c | 4 +++- fc-lang/fc-lang.c | 3 +++ src/fccharset.c | 5 +++++ src/fcfreetype.c | 6 ++++-- src/fclang.c | 8 +++++++- src/fcname.c | 8 -------- src/fcpat.c | 11 ++++++++++- 8 files changed, 61 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 145ddee..fdd376a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,32 @@ +2006-04-11 Patrick Lam + * src/fccharset.c (FcCharSetPutLeaf): + + Properly convert static charsets to dynamic charsets. + +2006-04-11 Frederic Crozat + reviewed by: plam + + * src/fcpat.c: (FcValueListEntCreate, FcPatternBaseFreeze, + FcPatternFreeze): + Fix memory leak in error case (Coverity defects #1820, #1821, #1822). + + * src/fclang.c: (FcNameUnparseLangSet): + Fix memory leak (Coverity defect #1819). + + * fc-lang/fc-lang.c: (scan): + prevent crash when invalid include line is parsed (Coverity defect + #763). + + * fc-cat/fc-cat.c: (FcCacheFileRead): + Fix potential null pointer access (Coverity defect #1804). + + * src/fcname.c: (FcObjectUnserialize): + Remove dead code (Coverity defect #1194). + + * src/fcfreetype.c: (GetScriptTags): + Prevent potential null pointer access (Coverity defect #767), + ensure error value is read (Coverity defect #1195). + 2006-04-11 Behdad Esfahbod reviewed by: plam diff --git a/fc-cat/fc-cat.c b/fc-cat/fc-cat.c index 80c381c..09b20f6 100644 --- a/fc-cat/fc-cat.c +++ b/fc-cat/fc-cat.c @@ -244,6 +244,7 @@ FcCacheFileRead (FcFontSet * set, FcStrSet *dirs, char *cache_file) char subdirName[FC_MAX_FILE_LEN + 1 + 12 + 1]; static char name_buf[8192], *dir; FcChar8 * ls; + char * buf; if (!cache_file) goto bail; @@ -265,7 +266,8 @@ FcCacheFileRead (FcFontSet * set, FcStrSet *dirs, char *cache_file) if (current_arch_start < 0) goto bail1; - while (strlen(FcCacheReadString (fd, subdirName, sizeof (subdirName))) > 0) + while ((buf = FcCacheReadString (fd, subdirName, sizeof (subdirName))) + && *buf) FcStrSetAdd (dirs, (FcChar8 *)subdirName); dir = strdup(name_buf); diff --git a/fc-lang/fc-lang.c b/fc-lang/fc-lang.c index 6a863e4..b72893b 100644 --- a/fc-lang/fc-lang.c +++ b/fc-lang/fc-lang.c @@ -143,6 +143,9 @@ scan (FILE *f, char *file) if (!strncmp (line, "include", 7)) { file = strchr (line, ' '); + if (!file) + fatal (line, lineno, + "invalid syntax, expected: include filename"); while (isspace(*file)) file++; f = scanopen (file); diff --git a/src/fccharset.c b/src/fccharset.c index d1a9d6e..531a9b8 100644 --- a/src/fccharset.c +++ b/src/fccharset.c @@ -168,6 +168,7 @@ FcCharSetPutLeaf (FcCharSet *fcs, return FcFalse; if (fcs->bank != FC_BANK_DYNAMIC) { + /* convert to dynamic */ int i; leaves = malloc ((fcs->num + 1) * sizeof (FcCharLeaf *)); @@ -183,6 +184,10 @@ FcCharSetPutLeaf (FcCharSet *fcs, leaves[i] = FcCharSetGetLeaf(fcs, i); memcpy (numbers, FcCharSetGetNumbers(fcs), fcs->num * sizeof (FcChar16)); + + fcs->bank = FC_BANK_DYNAMIC; + fcs->u.dyn.leaves = leaves; + fcs->u.dyn.numbers = numbers; } else { diff --git a/src/fcfreetype.c b/src/fcfreetype.c index 2689b9f..5d852a5 100644 --- a/src/fcfreetype.c +++ b/src/fcfreetype.c @@ -2744,11 +2744,13 @@ GetScriptTags(FT_Face face, FT_ULong tabletag, FT_ULong **stags, FT_UShort *scri FT_Stream stream = face->stream; FT_Error error; FT_UShort n, p; - FT_Memory memory = stream->memory; + FT_Memory memory; if ( !stream ) return TT_Err_Invalid_Face_Handle; + memory = stream->memory; + if (( error = ftglue_face_goto_table( face, tabletag, stream ) )) return error; @@ -2795,7 +2797,7 @@ GetScriptTags(FT_Face face, FT_ULong tabletag, FT_ULong **stags, FT_UShort *scri cur_offset = ftglue_stream_pos( stream ); - if ( ftglue_stream_seek( stream, new_offset ) ) + if (( error = ftglue_stream_seek( stream, new_offset ) )) goto Fail; if ( error == TT_Err_Ok ) diff --git a/src/fclang.c b/src/fclang.c index 7af6ed1..4d171ac 100644 --- a/src/fclang.c +++ b/src/fclang.c @@ -567,9 +567,15 @@ FcNameUnparseLangSet (FcStrBuf *buf, const FcLangSet *ls) { if (!first) if (!FcStrBufChar (buf, '|')) + { + FcStrListDone (list); return FcFalse; + } if (!FcStrBufString (buf, extra)) - return FcFalse; + { + FcStrListDone (list); + return FcFalse; + } first = FcFalse; } } diff --git a/src/fcname.c b/src/fcname.c index 2f6f4e6..a0a84a3 100644 --- a/src/fcname.c +++ b/src/fcname.c @@ -381,19 +381,11 @@ FcObjectUnserialize (FcCache * metadata, void *block_ptr) int i; char * bp = (char *)block_ptr; FcObjectType * bn; - FcObjectTypeList * bnl; bn = malloc (sizeof (const FcObjectType) * (new_biggest + 1)); if (!bn) return 0; - bnl = malloc (sizeof (FcObjectTypeList)); - if (!bnl) - { - free (bn); - return 0; - } - for (i = 0; i < new_biggest; i++) { const FcObjectType * t = FcNameGetObjectType(bp); diff --git a/src/fcpat.c b/src/fcpat.c index ba88ebf..5865546 100644 --- a/src/fcpat.c +++ b/src/fcpat.c @@ -399,7 +399,10 @@ FcValueListEntCreate (FcValueListPtr h) return 0; new = malloc (n * sizeof (FcValueList)); if (!new) + { + free (ea); return 0; + } memset(new, 0, n * sizeof (FcValueList)); FcMemAlloc (FC_MEM_VALLIST, size); e = &ea->ent; @@ -575,11 +578,14 @@ FcPatternBaseFreeze (FcPattern *b) ep = FcPatternCreate(); if (!ep) - return 0; + goto bail; ent->pattern = ep; epp = malloc(b->num * sizeof (FcPatternElt)); if (!epp) + { + FcPatternDestroy (ep); goto bail; + } ep->elts = FcPatternEltPtrCreateDynamic(epp); FcMemAlloc (FC_MEM_PATELT, sizeof (FcPatternElt)*(b->num)); @@ -650,7 +656,10 @@ FcPatternFreeze (FcPattern *p) e = malloc(b->num * sizeof (FcPatternElt)); if (!e) + { + FcPatternDestroy (b); return 0; + } b->elts = FcPatternEltPtrCreateDynamic(e); FcMemAlloc (FC_MEM_PATELT, sizeof (FcPatternElt)*(b->num)); -- 2.39.5