Fix several segfaults #5306
Fix several segfaults #5306
Conversation
| @@ -2735,6 +2735,14 @@ return( NULL ); | |||
| ++i; | |||
| } | |||
| --i; | |||
| } else if ( (offsets[i+1]-offsets[i])==UINT32_MAX ) { | |||
There was a problem hiding this comment.
This is a weirdly specific problem. Normally one would worry about a more general class of strings that are too large. Here you're finding the offset difference is exactly UINT32_MAX. That strongly implies (to me, anyway) that some other code is causing the difference to be that value, and adding this fix would just disguise that problem.
Before we do this we should at least try to figure out why we're seeing such a specific symptom. Do you have an example file?
| @@ -3014,7 +3014,7 @@ SplineFont *SplineFontFromPSFont(FontDict *fd) { | |||
| SplineFontMetaData(sf,fd); | |||
| if ( fd->wascff ) { | |||
| SplineFontFree(sf); | |||
| sf = fd->sf; | |||
| return ( NULL ); | |||
There was a problem hiding this comment.
We're not doing the unindented returns anymore. Some of those are left over from the old days.
Still, this may not be quite right. I assume the problem is that fd->sf can be NULL, and then (for example) the sf->multilayer check below will fail? That's true, but in that case shouldn't we first check if fd->sf is NULL, return if it is, and otherwise do what's there now?
Fixed segfaults in:
SplineFontFromPSFont()If
fd->wascffwastrue, thensfwas set tofd->sf, which is alwaysNULL. Andsf->multilayercheck caused a segfault.readcffglyphs()readcfffontnames()may returnNULL.readcfffontnames()(offsets[i+1]-offsets[i])could be equal toUINT32_MAX, which led tomalloc(0)call, but the loop exit condition remainedj < UINT32_MAX.Type of change