Le mercredi 12 avril 2006 à 01:44 -0400, Patrick Lam a écrit :
> Frederic Crozat wrote:
> > -defect #759 in fccharset.c / FcCharSetSubtractCount :
> > *bm might be NULL because of assignment to bi.leaf->map and then it is
> > accessed without any NULL test. I don't know if bi.leaf->map is never
> > NULL.
>
> I don't understand this code yet. The problem is not that ->map is
> NULL, but that bi might be NULL. ->map can't be null, it's a
> FcChar32[256/32].
Well, I didn't understand it either. But you are right about the
incorrect access, the defect is about bi being NULL.
> > -defects #783, #784, #785, #786 :
> > * if config->maxObjects == 0, but config->substPattern or
> > config->substFont are not NULL, st, while NULL, will be accessed
> > * at line 1497, there is a test against thisValue being NULL (so, it
> > might be NULL), but FcConfigDel called at line 1506 might deferences
> > thisValue, causing a crash.
> > * at line 1463, l might be leaked if switch (e->op) is handled by
> > default case). I don't know if it is possible.
>
> Can you give more details on these defects?
Here are the url for the defects, they seems to work, I don't know for
how long. Otherwise, I'll copy the defect page elsewhere.
http://scan.coverity.com:7468/view-error.cgi?id=7529&runid=19&user=fcrozat&magic=636dfd390b4c5cc1f308d2841e3a3c5e&prevpage=query-run-table.cgi%3Ffile%3Dfontconfig%26magic%3D636dfd390b4c5cc1f308d2841e3a3c5e%26prevpage%3D%252Findex.cgi%253Fmagic%253D636dfd390b4c5cc1f308d2841e3a3c5e%2526user%253Dfcrozat%26runid%3D19%26user%3Dfcrozat&prevpagename=Search%20Results
http://scan.coverity.com:7468/view-error.cgi?id=10169&runid=21&user=fcrozat&magic=636dfd390b4c5cc1f308d2841e3a3c5e&prevpage=query-run-table.cgi%3Ffile%3Dfontconfig%26magic%3D636dfd390b4c5cc1f308d2841e3a3c5e%26prevpage%3D%252Findex.cgi%253Fmagic%253D636dfd390b4c5cc1f308d2841e3a3c5e%2526user%253Dfcrozat%26runid%3D21%26user%3Dfcrozat&prevpagename=Search%20Results
http://scan.coverity.com:7468/view-error.cgi?id=10470&runid=21&user=fcrozat&magic=636dfd390b4c5cc1f308d2841e3a3c5e&prevpage=query-run-table.cgi%3Ffile%3Dfontconfig%26magic%3D636dfd390b4c5cc1f308d2841e3a3c5e%26prevpage%3D%252Findex.cgi%253Fmagic%253D636dfd390b4c5cc1f308d2841e3a3c5e%2526user%253Dfcrozat%26runid%3D21%26user%3Dfcrozat&prevpagename=Search%20Results
http://scan.coverity.com:7468/view-error.cgi?id=10469&runid=21&user=fcrozat&magic=636dfd390b4c5cc1f308d2841e3a3c5e&prevpage=query-run-table.cgi%3Ffile%3Dfontconfig%26magic%3D636dfd390b4c5cc1f308d2841e3a3c5e%26prevpage%3D%252Findex.cgi%253Fmagic%253D636dfd390b4c5cc1f308d2841e3a3c5e%2526user%253Dfcrozat%26runid%3D21%26user%3Dfcrozat&prevpagename=Search%20Results
Also, Coverity updated their databases with yesterday fixes.
There are two new defects for some cases which were not completely fixed
with yesterday patches.
First one is in fcfreetype.c, some deadcode was still there. Based on
bedhad comment ("if you ask me, you should remove both goto Fail's in
that loop. it's trying to list scripts supported by the font, and if one
of the subtables is missing, we can simply ignore that script, instead
of failing the entire operation), I've cooked one patch which remove two
of the goto to fix defect #2088.
The other defect is a memory leak in FcPatternFreeze (fcpat.c) in error
case (defect #2089).
--
Frederic Crozat <fcrozat@xxxxxxxxxxxx>
Mandriva
Index: ChangeLog
===================================================================
RCS file: /cvs/fontconfig/fontconfig/ChangeLog,v
retrieving revision 1.109.2.196
diff -u -p -r1.109.2.196 ChangeLog
--- ChangeLog 12 Apr 2006 03:02:57 -0000 1.109.2.196
+++ ChangeLog 12 Apr 2006 08:15:07 -0000
@@ -1,3 +1,8 @@
+2006-04-12 Frederic Crozat <fcrozat@xxxxxxxxxxxx>
+
+ * src/fcfreetype.c: (GetScriptTags):
+ Ignore script if subtable is missing (Coverity defect #2088).
+
2006-04-11 Ming Zhao <ming@xxxxxxxxxx>
reviewed by: plam
Index: src/fcfreetype.c
===================================================================
RCS file: /cvs/fontconfig/fontconfig/src/fcfreetype.c,v
retrieving revision 1.60.2.24
diff -u -p -r1.60.2.24 fcfreetype.c
--- src/fcfreetype.c 11 Apr 2006 14:20:59 -0000 1.60.2.24
+++ src/fcfreetype.c 12 Apr 2006 08:15:07 -0000
@@ -2797,13 +2797,10 @@ GetScriptTags(FT_Face face, FT_ULong tab
cur_offset = ftglue_stream_pos( stream );
- if (( error = ftglue_stream_seek( stream, new_offset ) ))
- goto Fail;
+ error = ftglue_stream_seek( stream, new_offset );
if ( error == TT_Err_Ok )
p++;
- else if ( error != TTO_Err_Empty_Script )
- goto Fail;
(void)ftglue_stream_seek( stream, cur_offset );
}
Index: ChangeLog
===================================================================
RCS file: /cvs/fontconfig/fontconfig/ChangeLog,v
retrieving revision 1.109.2.196
diff -u -p -r1.109.2.196 ChangeLog
--- ChangeLog 12 Apr 2006 03:02:57 -0000 1.109.2.196
+++ ChangeLog 12 Apr 2006 08:44:00 -0000
@@ -1,3 +1,8 @@
+2006-04-12 Frederic Crozat <fcrozat@xxxxxxxxxxxx>
+
+ * src/fcpat.c: (FcPatternFreeze):
+ Fix memory leak (Coverity defect #2089).
+
2006-04-11 Ming Zhao <ming@xxxxxxxxxx>
reviewed by: plam
Index: src/fcpat.c
===================================================================
RCS file: /cvs/fontconfig/fontconfig/src/fcpat.c,v
retrieving revision 1.27.2.40
diff -u -p -r1.27.2.40 fcpat.c
--- src/fcpat.c 11 Apr 2006 14:20:59 -0000 1.27.2.40
+++ src/fcpat.c 12 Apr 2006 08:44:00 -0000
@@ -639,7 +639,7 @@
FcPattern *
FcPatternFreeze (FcPattern *p)
{
- FcPattern *b, *n = 0;
+ FcPattern *b, *n = 0, *freeme = 0;
FcPatternElt *e;
int i;
@@ -673,7 +673,10 @@
(FcPatternEltU(b->elts)+i)->values =
FcValueListFreeze((FcPatternEltU(p->elts)+i)->values);
if (!FcValueListPtrU((FcPatternEltU(p->elts)+i)->values))
+ {
+ freeme = b;
goto bail;
+ }
}
if (FcPatternFindElt (p, FC_FILE))
@@ -695,6 +698,8 @@
b->elts = FcPatternEltPtrCreateDynamic(0);
FcMemFree (FC_MEM_PATELT, sizeof (FcPatternElt)*(b->num));
b->num = -1;
+ if (freeme)
+ FcPatternDestroy (freeme);
#ifdef DEBUG
assert (FcPatternEqual (n, p));
#endif
_______________________________________________
Fontconfig mailing list
Fontconfig@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/fontconfig
