diff options
| author | Po Lu | 2023-03-08 10:19:26 +0800 |
|---|---|---|
| committer | Po Lu | 2023-03-08 10:19:26 +0800 |
| commit | fdff5442a59fd2387c23e2be2658dafa39466891 (patch) | |
| tree | 1ccd0863e2678c488a11af4072b57223ba61fc91 /src | |
| parent | 06cfa27e372be135646ed736ff48d9ad199c955c (diff) | |
| download | emacs-fdff5442a59fd2387c23e2be2658dafa39466891.tar.gz emacs-fdff5442a59fd2387c23e2be2658dafa39466891.zip | |
Fix double free upon encountering invalid font
* src/sfnt.c (sfnt_read_cmap_table): Don't allocate too big
data. Also, free elements of (*data), not offsets into data
itself.
Diffstat (limited to 'src')
| -rw-r--r-- | src/sfnt.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/sfnt.c b/src/sfnt.c index f5b84afa0a5..c5aeda11ff2 100644 --- a/src/sfnt.c +++ b/src/sfnt.c | |||
| @@ -910,7 +910,7 @@ sfnt_read_cmap_table (int fd, struct sfnt_offset_subtable *subtable, | |||
| 910 | 910 | ||
| 911 | /* Second, read each encoding subtable itself. */ | 911 | /* Second, read each encoding subtable itself. */ |
| 912 | *data = xmalloc (cmap->num_subtables | 912 | *data = xmalloc (cmap->num_subtables |
| 913 | * sizeof **subtables); | 913 | * sizeof *data); |
| 914 | 914 | ||
| 915 | for (i = 0; i < cmap->num_subtables; ++i) | 915 | for (i = 0; i < cmap->num_subtables; ++i) |
| 916 | { | 916 | { |
| @@ -923,7 +923,7 @@ sfnt_read_cmap_table (int fd, struct sfnt_offset_subtable *subtable, | |||
| 923 | being unsupported.) Return now. */ | 923 | being unsupported.) Return now. */ |
| 924 | 924 | ||
| 925 | for (j = 0; j < i; ++j) | 925 | for (j = 0; j < i; ++j) |
| 926 | xfree (data[j]); | 926 | xfree ((*data)[j]); |
| 927 | 927 | ||
| 928 | xfree (*data); | 928 | xfree (*data); |
| 929 | xfree (*subtables); | 929 | xfree (*subtables); |