From 352ac63ef937629385da7517408cd3d6df7db08a Mon Sep 17 00:00:00 2001 From: Ebrahim Byagowi Date: Tue, 11 Feb 2020 03:03:03 +0330 Subject: [PATCH] Fix an unlikely UAF on the deprecated _set_glyph_func API Fixes https://github.com/harfbuzz/harfbuzz/issues/2168 --- src/hb-font.cc | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/hb-font.cc b/src/hb-font.cc index 60fc218cc..9c732cfee 100644 --- a/src/hb-font.cc +++ b/src/hb-font.cc @@ -677,7 +677,8 @@ hb_font_funcs_set_##name##_func (hb_font_funcs_t *ffuncs, \ void *user_data, \ hb_destroy_func_t destroy) \ { \ - if (hb_object_is_immutable (ffuncs)) { \ + if (hb_object_is_immutable (ffuncs)) \ + { \ if (destroy) \ destroy (user_data); \ return; \ @@ -2152,6 +2153,13 @@ hb_font_funcs_set_glyph_func (hb_font_funcs_t *ffuncs, hb_font_get_glyph_func_t func, void *user_data, hb_destroy_func_t destroy) { + if (hb_object_is_immutable (ffuncs)) + { + if (destroy) + destroy (user_data); + return; + } + hb_font_get_glyph_trampoline_t *trampoline; trampoline = trampoline_create (func, user_data, destroy);