[woff2] Fix memory leaks and a runtime warning.

Reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19773 * src/sfnt/sfwoff2.c (compute_ULong_sum): Add missing cast. (reconstruct_hmtx): Add missing deallocation calls.
5 years ago · a99a8e2863
parent 10d8de7541
commit a99a8e2863
2 changed files with 20 additions and 1 deletions
--- a/11
+++ b/11
@ -1,3 +1,14 @@
+2020-01-03  Werner Lemberg  <wl@gnu.org>
+
+	[woff2] Fix memory leaks and a runtime warning.
+
+	Reported as
+
+	  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19773
+
+	* src/sfnt/sfwoff2.c (compute_ULong_sum): Add missing cast.
+	(reconstruct_hmtx): Add missing deallocation calls.
+
 2020-01-02  Dominik Röttsches  <drott@chromium.org>

 	[truetype] Fix UBSan warning on offset to nullptr (#57501).
--- a/src/sfnt/sfwoff2.c
+++ b/src/sfnt/sfwoff2.c
@ -302,7 +302,7 @@
    {
      v = 0;
      for ( i = aligned_size ; i < size; ++i )
-        v |= buf[i] << ( 24 - 8 * ( i & 3 ) );
+        v |= (FT_ULong)buf[i] << ( 24 - 8 * ( i & 3 ) );
      checksum += v;
    }

@ -1465,9 +1465,17 @@
    *sfnt_bytes = sfnt;
    *out_offset = dest_offset;

+    FT_FREE( advance_widths );
+    FT_FREE( lsbs );
+    FT_FREE( hmtx_table );
+
    return error;

  Fail:
+    FT_FREE( advance_widths );
+    FT_FREE( lsbs );
+    FT_FREE( hmtx_table );
+
    if ( !error )
      error = FT_THROW( Invalid_Table );