From c242fe41ec634af32845cd17bcd1a0ee2653feb9 Mon Sep 17 00:00:00 2001 From: Behdad Esfahbod Date: Wed, 14 Jan 2015 18:48:14 +0100 Subject: [PATCH] [raster] Fix uninitialized memory access. Apparently `ras.cProfile' might be uninitialized. This will be the case if `ras.top == ras.cProfile->offset', as can be seen in `End_Profile'. The overshoot code introduced in a change `Fix B/W rasterization of subglyphs with different drop-out modes.' (from 2009-06-18) violated this, accessing `ras.cProfile->flags' unconditionally just before calling `End_Profile' (which then detected that `cProfile' is uninitialized and didn't touch it). This was harmless, and was not detected by valgrind before because the objects were allocated on the `raster_pool', which was always initialized. With recent change to allocate raster buffers on the stack, valgrind now reported this invalid access. * src/raster/ftraster.c (Convert_Glyph): Don't access an uninitialized `cProfile'. --- ChangeLog | 20 ++++++++++++++++++++ src/raster/ftraster.c | 3 ++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ee91e3e24..72e4a7c2c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,23 @@ +2015-01-14 Behdad Esfahbod + + [raster] Fix uninitialized memory access. + + Apparently `ras.cProfile' might be uninitialized. This will be the + case if `ras.top == ras.cProfile->offset', as can be seen in + `End_Profile'. The overshoot code introduced in a change `Fix B/W + rasterization of subglyphs with different drop-out modes.' (from + 2009-06-18) violated this, accessing `ras.cProfile->flags' + unconditionally just before calling `End_Profile' (which then + detected that `cProfile' is uninitialized and didn't touch it). + + This was harmless, and was not detected by valgrind before because + the objects were allocated on the `raster_pool', which was always + initialized. With recent change to allocate raster buffers on the + stack, valgrind now reported this invalid access. + + * src/raster/ftraster.c (Convert_Glyph): Don't access an + uninitialized `cProfile'. + 2015-01-14 Behdad Esfahbod [smooth] Fix uninitialized memory access. diff --git a/src/raster/ftraster.c b/src/raster/ftraster.c index 552a56858..2b182f784 100644 --- a/src/raster/ftraster.c +++ b/src/raster/ftraster.c @@ -1982,7 +1982,8 @@ /* to be drawn. */ lastProfile = ras.cProfile; - if ( ras.cProfile->flags & Flow_Up ) + if ( ras.top != ras.cProfile->offset && + ( ras.cProfile->flags & Flow_Up ) ) o = IS_TOP_OVERSHOOT( ras.lastY ); else o = IS_BOTTOM_OVERSHOOT( ras.lastY );