The following patch fixes two Coverity defects (#767 and #1195) in
fcfreetype.c.
One is cristal clear (access to pointer before NULL test), the other
part might be wrong : error was probably not assigned anymore in the
code (so testing its value was useless after line 2782), so I assumed
error retrieval was missing.
--
Frederic Crozat <fcrozat@xxxxxxxxxxxx>
Mandriva
Index: ChangeLog
===================================================================
RCS file: /cvs/fontconfig/fontconfig/ChangeLog,v
retrieving revision 1.109.2.192
diff -u -p -r1.109.2.192 ChangeLog
--- ChangeLog 11 Apr 2006 05:08:26 -0000 1.109.2.192
+++ ChangeLog 11 Apr 2006 13:08:29 -0000
@@ -1,3 +1,9 @@
+2006-04-11 Frederic Crozat <fcrozat@xxxxxxxxxxxx>
+
+ * src/fcfreetype.c: (GetScriptTags):
+ Prevent potential null pointer access (Coverity defect #767),
+ ensure error value are read (Coverity defect #1195).
+
2006-04-11 Behdad Esfahbod <behdad@xxxxxxxxxxxxxx>
reviewed by: plam
Index: src/fcfreetype.c
===================================================================
RCS file: /cvs/fontconfig/fontconfig/src/fcfreetype.c,v
retrieving revision 1.60.2.23
diff -u -p -r1.60.2.23 fcfreetype.c
--- src/fcfreetype.c 7 Apr 2006 04:42:32 -0000 1.60.2.23
+++ src/fcfreetype.c 11 Apr 2006 13:08:29 -0000
@@ -2744,11 +2744,13 @@
FT_Stream stream = face->stream;
FT_Error error;
FT_UShort n, p;
- FT_Memory memory = stream->memory;
+ FT_Memory memory;
if ( !stream )
return TT_Err_Invalid_Face_Handle;
+ memory = stream->memory;
+
if (( error = ftglue_face_goto_table( face, tabletag, stream ) ))
return error;
@@ -2795,7 +2797,7 @@
cur_offset = ftglue_stream_pos( stream );
- if ( ftglue_stream_seek( stream, new_offset ) )
+ if (( error = ftglue_stream_seek( stream, new_offset ) ))
goto Fail;
if ( error == TT_Err_Ok )
_______________________________________________
Fontconfig mailing list
Fontconfig@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/fontconfig
