From 2bf603bde6f8d8ee307f16a32a986f9879639f1b Mon Sep 17 00:00:00 2001 From: Werner Lemberg Date: Sat, 28 Sep 2019 07:37:24 +0200 Subject: [PATCH] [woff2] Fix memory leaks. One of them reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17766 * src/sfnt/sfwoff2.c (woff2_open_font): Free `info->x_mins' and `woff2->ttc_fonts'. (reconstruct_glyf): Initialize `info->x_mins'. --- ChangeLog | 13 +++++++++++++ src/sfnt/sfwoff2.c | 20 +++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index aacd6ee57..bc3163f6f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2019-09-28 Werner Lemberg + + [woff2] Fix memory leaks. + + One of them reported as + + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17766 + + * src/sfnt/sfwoff2.c (woff2_open_font): Free `info->x_mins' and + `woff2->ttc_fonts'. + + (reconstruct_glyf): Initialize `info->x_mins'. + 2019-09-27 Alexei Podtelezhnikov * src/base/ftstroke.c (ft_stroker_cap): Speed up caps. diff --git a/src/sfnt/sfwoff2.c b/src/sfnt/sfwoff2.c index 7d9017938..b88d13da4 100644 --- a/src/sfnt/sfwoff2.c +++ b/src/sfnt/sfwoff2.c @@ -927,6 +927,7 @@ if ( FT_NEW_ARRAY( glyph_buf, glyph_buf_size ) ) goto Fail; + info->x_mins = NULL; if ( FT_NEW_ARRAY( info->x_mins, num_glyphs ) ) goto Fail; @@ -2007,8 +2008,10 @@ } /* Collection directory reading complete. */ - FT_TRACE2(( "WOFF2 collection dirtectory is valid.\n" )); + FT_TRACE2(( "WOFF2 collection directory is valid.\n" )); } + else + woff2.ttc_fonts = NULL; woff2.compressed_offset = FT_STREAM_POS(); file_offset = ROUND4( woff2.compressed_offset + @@ -2234,6 +2237,21 @@ FT_FREE( tables ); FT_FREE( indices ); FT_FREE( uncompressed_buf ); + FT_FREE( info.x_mins ); + + if ( woff2.ttc_fonts ) + { + WOFF2_TtcFont ttc_font = woff2.ttc_fonts; + + + for ( nn = 0; nn < woff2.num_fonts; nn++ ) + { + FT_FREE( ttc_font->table_indices ); + ttc_font++; + } + + FT_FREE( woff2.ttc_fonts ); + } if ( error ) {