From 2f02e38361b24032945e24f7f8480999bf9df1e2 Mon Sep 17 00:00:00 2001 From: Patrick Lam Date: Wed, 12 Apr 2006 14:36:36 +0000 Subject: [PATCH] Fix memory leak (Coverity defect #2089). Ignore script if subtable is missing (Coverity defect #2088). Fix possible null pointer dereference (Coverity defect #784) and memory leak (Coverity defects #785, #786). Don't copy FcCharSet if we're going to throw it away anyway. (Reported by Kenichi Handa). reviewed by: plam --- ChangeLog | 21 +++++++++++++++++++++ src/fccfg.c | 4 +++- src/fcfreetype.c | 5 +---- src/fcmatch.c | 33 ++++++++++++++++++++------------- src/fcpat.c | 7 ++++++- 5 files changed, 51 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index 455e35b..ff60863 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,24 @@ +2006-04-12 Frederic Crozat + reviewed by: plam + + * src/fcpat.c: (FcPatternFreeze): + Fix memory leak (Coverity defect #2089). + + * src/fcfreetype.c: (GetScriptTags): + Ignore script if subtable is missing (Coverity defect #2088). + +2006-04-12 Patrick Lam + * src/fccfg.c (FcConfigSubstituteWithPat): + + Fix possible null pointer dereference (Coverity defect #784) + and memory leak (Coverity defects #785, #786). + +2006-04-12 Patrick Lam + * src/fcmatch.c (FcSortWalk, FcFontSetSort): + + Don't copy FcCharSet if we're going to throw it away anyway. + (Reported by Kenichi Handa). + 2006-04-11 Ming Zhao reviewed by: plam diff --git a/src/fccfg.c b/src/fccfg.c index 35ab73a..cf92a2f 100644 --- a/src/fccfg.c +++ b/src/fccfg.c @@ -1512,7 +1512,8 @@ FcConfigSubstituteWithPat (FcConfig *config, /* * Delete the marked value */ - FcConfigDel (&st[i].elt->values, thisValue); + if (thisValue) + FcConfigDel (&st[i].elt->values, thisValue); /* * Adjust any pointers into the value list to ensure * future edits occur at the same place @@ -1567,6 +1568,7 @@ FcConfigSubstituteWithPat (FcConfig *config, FcConfigPatternAdd (p, e->field, l, FcTrue); break; default: + FcValueListDestroy (FcValueListPtrCreateDynamic(l)); break; } } diff --git a/src/fcfreetype.c b/src/fcfreetype.c index 5d852a5..87f3b99 100644 --- a/src/fcfreetype.c +++ b/src/fcfreetype.c @@ -2797,13 +2797,10 @@ GetScriptTags(FT_Face face, FT_ULong tabletag, FT_ULong **stags, FT_UShort *scri cur_offset = ftglue_stream_pos( stream ); - if (( error = ftglue_stream_seek( stream, new_offset ) )) - goto Fail; + error = ftglue_stream_seek( stream, new_offset ); if ( error == TT_Err_Ok ) p++; - else if ( error != TTO_Err_Empty_Script ) - goto Fail; (void)ftglue_stream_seek( stream, cur_offset ); } diff --git a/src/fcmatch.c b/src/fcmatch.c index 57e0c0e..ae37fd7 100644 --- a/src/fcmatch.c +++ b/src/fcmatch.c @@ -791,7 +791,7 @@ FcSortCompare (const void *aa, const void *ab) } static FcBool -FcSortWalk (FcSortNode **n, int nnode, FcFontSet *fs, FcCharSet **cs, FcBool trim) +FcSortWalk (FcSortNode **n, int nnode, FcFontSet *fs, FcCharSet **cs, FcBool trim, FcBool build_cs) { FcCharSet *ncs; FcSortNode *node; @@ -808,16 +808,20 @@ FcSortWalk (FcSortNode **n, int nnode, FcFontSet *fs, FcCharSet **cs, FcBool tri */ if (!trim || !*cs || !FcCharSetIsSubset (ncs, *cs)) { - if (*cs) - { - ncs = FcCharSetUnion (ncs, *cs); - if (!ncs) - return FcFalse; - FcCharSetDestroy (*cs); - } - else - ncs = FcCharSetCopy (ncs); - *cs = ncs; + if (!trim && build_cs) + { + if (*cs) + { + ncs = FcCharSetUnion (ncs, *cs); + if (!ncs) + return FcFalse; + FcCharSetDestroy (*cs); + } + else + ncs = FcCharSetCopy (ncs); + *cs = ncs; + } + FcPatternReference (node->pattern); if (FcDebug () & FC_DBG_MATCH) { @@ -986,13 +990,16 @@ FcFontSetSort (FcConfig *config, cs = 0; - if (!FcSortWalk (nodeps, nnodes, ret, &cs, trim)) + if (!FcSortWalk (nodeps, nnodes, ret, &cs, trim, (csp!=0))) goto bail2; if (csp) *csp = cs; else - FcCharSetDestroy (cs); + { + if (cs) + FcCharSetDestroy (cs); + } free (nodes); diff --git a/src/fcpat.c b/src/fcpat.c index 5865546..658998b 100644 --- a/src/fcpat.c +++ b/src/fcpat.c @@ -639,7 +639,7 @@ FcPatternBaseThawAll (void) FcPattern * FcPatternFreeze (FcPattern *p) { - FcPattern *b, *n = 0; + FcPattern *b, *n = 0, *freeme = 0; FcPatternElt *e; int i; @@ -673,7 +673,10 @@ FcPatternFreeze (FcPattern *p) (FcPatternEltU(b->elts)+i)->values = FcValueListFreeze((FcPatternEltU(p->elts)+i)->values); if (!FcValueListPtrU((FcPatternEltU(p->elts)+i)->values)) + { + freeme = b; goto bail; + } } if (FcPatternFindElt (p, FC_FILE)) @@ -695,6 +698,8 @@ FcPatternFreeze (FcPattern *p) b->elts = FcPatternEltPtrCreateDynamic(0); FcMemFree (FC_MEM_PATELT, sizeof (FcPatternElt)*(b->num)); b->num = -1; + if (freeme) + FcPatternDestroy (freeme); #ifdef DEBUG assert (FcPatternEqual (n, p)); #endif -- 2.39.5