[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
feature/android fdff5442a59 2/2: Fix double free upon encountering inval
|
From: |
Po Lu |
|
Subject: |
feature/android fdff5442a59 2/2: Fix double free upon encountering invalid font |
|
Date: |
Tue, 7 Mar 2023 21:35:07 -0500 (EST) |
branch: feature/android
commit fdff5442a59fd2387c23e2be2658dafa39466891
Author: Po Lu <luangruo@yahoo.com>
Commit: Po Lu <luangruo@yahoo.com>
Fix double free upon encountering invalid font
* src/sfnt.c (sfnt_read_cmap_table): Don't allocate too big
data. Also, free elements of (*data), not offsets into data
itself.
---
src/sfnt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/sfnt.c b/src/sfnt.c
index f5b84afa0a5..c5aeda11ff2 100644
--- a/src/sfnt.c
+++ b/src/sfnt.c
@@ -910,7 +910,7 @@ sfnt_read_cmap_table (int fd, struct sfnt_offset_subtable
*subtable,
/* Second, read each encoding subtable itself. */
*data = xmalloc (cmap->num_subtables
- * sizeof **subtables);
+ * sizeof *data);
for (i = 0; i < cmap->num_subtables; ++i)
{
@@ -923,7 +923,7 @@ sfnt_read_cmap_table (int fd, struct sfnt_offset_subtable
*subtable,
being unsupported.) Return now. */
for (j = 0; j < i; ++j)
- xfree (data[j]);
+ xfree ((*data)[j]);
xfree (*data);
xfree (*subtables);