From 15afb554583836a4c8c3b3738cfec9d3eab477fe Mon Sep 17 00:00:00 2001 From: Ben Wagner Date: Thu, 5 Jan 2023 12:42:55 -0500 Subject: [PATCH] [base] Report used stream's external status. In `open_face` the initial stream is set on the face, along with the information about if FreeType is the owner of the stream object itself. The loaders may in the course of their work replace this stream with a new stream (as is the case for 'woff' and 'woff2'), which may have a different ownership than the initial stream object (likely the original stream object is owned by the user and is external, while the new stream object is created internally to FreeType and is internal). When the stream is replaced, the face's flags are updated with the new ownership status. However, `open_face` cannot itself free this stream as its caller `ft_open_face_internal` is responsible for this. In addition, in the case of an error `open_face` cannot return an actual face with the new stream and its ownership status to the caller. As a result, it must pass this information back to the caller as a sort of "failed face" so that the caller can clean up. `open_face` was already passing back the new stream but was not passing back the stream ownership information. As a result the stream may not have been free'd when needed. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54700 * src/base/ftobjs.c (open_face): Pass back the ownership information as well. (ft_open_face_internal): Updated. --- src/base/ftobjs.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c index 4ef702a2b..032b52600 100644 --- a/src/base/ftobjs.c +++ b/src/base/ftobjs.c @@ -1489,7 +1489,7 @@ static FT_Error open_face( FT_Driver driver, FT_Stream *astream, - FT_Bool external_stream, + FT_Bool *anexternal_stream, FT_Long face_index, FT_Int num_params, FT_Parameter* params, @@ -1515,7 +1515,7 @@ face->stream = *astream; /* set the FT_FACE_FLAG_EXTERNAL_STREAM bit for FT_Done_Face */ - if ( external_stream ) + if ( *anexternal_stream ) face->face_flags |= FT_FACE_FLAG_EXTERNAL_STREAM; if ( FT_NEW( internal ) ) @@ -1545,7 +1545,10 @@ (FT_Int)face_index, num_params, params ); - *astream = face->stream; /* Stream may have been changed. */ + /* Stream may have been changed. */ + *astream = face->stream; + *anexternal_stream = + ( face->face_flags & FT_FACE_FLAG_EXTERNAL_STREAM ) != 0; if ( error ) goto Fail; @@ -2586,7 +2589,7 @@ params = args->params; } - error = open_face( driver, &stream, external_stream, face_index, + error = open_face( driver, &stream, &external_stream, face_index, num_params, params, &face ); if ( !error ) goto Success; @@ -2622,7 +2625,7 @@ params = args->params; } - error = open_face( driver, &stream, external_stream, face_index, + error = open_face( driver, &stream, &external_stream, face_index, num_params, params, &face ); if ( !error ) goto Success;