ref: b2ba68665f93be2b03b6b27aa30dc9f190cf3fef
parent: 603292d7b0b2f391bcb11785a74a0b26fd727595
author: Behdad Esfahbod <[email protected]>
date: Wed Jan 14 13:43:13 EST 2015
[smooth] Fix uninitialized memory access. Looks like `ras.span_y' could always be used without initialization. This was never detected by valgrind before because the library-wide `raster_pool' was used for the worker object and `raster_pool' was originally zero'ed. But subsequent reuses of it were using `span_y' uninitialized. With the recent change to not use `render_pool' and allocate worker and buffer on the stack, valgrind now detects this uninitialized access. * src/smooth/ftgrays.c (gray_raster_render): Initialize `ras.span_y'.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,20 @@
2015-01-14 Behdad Esfahbod <[email protected]>
+ [smooth] Fix uninitialized memory access.
+
+ Looks like `ras.span_y' could always be used without initialization.
+ This was never detected by valgrind before because the library-wide
+ `raster_pool' was used for the worker object and `raster_pool' was
+ originally zero'ed. But subsequent reuses of it were using `span_y'
+ uninitialized. With the recent change to not use `render_pool' and
+ allocate worker and buffer on the stack, valgrind now detects this
+ uninitialized access.
+
+ * src/smooth/ftgrays.c (gray_raster_render): Initialize
+ `ras.span_y'.
+
+2015-01-14 Behdad Esfahbod <[email protected]>
+
[base] Don't initialize unused `driver->glyph_loader'.
* src/base/ftobjs.c (Destroy_Driver): Don't call
--- a/src/smooth/ftgrays.c
+++ b/src/smooth/ftgrays.c
@@ -1985,6 +1985,7 @@
ras.invalid = 1;
ras.band_size = band_size;
ras.num_gray_spans = 0;
+ ras.span_y = 0;
if ( params->flags & FT_RASTER_FLAG_DIRECT )
{