ref: befee11296032fc8b25d87bf0f65c18bb67682bb
parent: 5fd125640a7c4130486511fa4e40ac8195dc4373
author: Werner Lemberg <[email protected]>
date: Tue May 15 13:01:22 EDT 2018
[sfnt] Fix memory leak in handling `COLR' data. * src/truetype/ttgload.c (TT_Load_Glyph): Free old `layers' array before reassigning allocated memory. Only allocate `color_layers' if we don't have one already.
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,13 @@
2018-05-15 Werner Lemberg <[email protected]>
+ [sfnt] Fix memory leak in handling `COLR' data.
+
+ * src/truetype/ttgload.c (TT_Load_Glyph): Free old `layers' array
+ before reassigning allocated memory.
+ Only allocate `color_layers' if we don't have one already.
+
+2018-05-15 Werner Lemberg <[email protected]>
+
[sfnt] If `COLR' is present, don't assume that all glyphs use it.
* src/sfnt/ttcolr.c (tt_face_load_colr_layers): Return FT_Err_Ok if
--- a/src/sfnt/ttcolr.c
+++ b/src/sfnt/ttcolr.c
@@ -268,7 +268,7 @@
FT_Int mid = min + ( max - min ) / 2;
FT_Byte* p = base_glyph_begin + mid * BASE_GLYPH_SIZE;
- FT_UShort gid = FT_NEXT_USHORT( p );
+ FT_UShort gid = FT_NEXT_USHORT( p );
if ( gid < glyph_id )
--- a/src/truetype/ttgload.c
+++ b/src/truetype/ttgload.c
@@ -2903,7 +2903,6 @@
FT_Glyph_LayerRec* glyph_layers;
FT_UShort num_glyph_layers;
- FT_Colr_Internal color_layers;
error = sfnt->load_colr_layer( face,
@@ -2913,17 +2912,17 @@
if ( error )
return error;
- if ( num_glyph_layers )
+ if ( !glyph->internal->color_layers )
{- if ( FT_NEW( color_layers ) )
+ if ( FT_NEW( glyph->internal->color_layers ) )
return error;
+ }
- color_layers->layers = glyph_layers;
- color_layers->num_layers = num_glyph_layers;
- color_layers->load_flags = load_flags;
+ FT_FREE( glyph->internal->color_layers->layers );
- glyph->internal->color_layers = color_layers;
- }
+ glyph->internal->color_layers->layers = glyph_layers;
+ glyph->internal->color_layers->num_layers = num_glyph_layers;
+ glyph->internal->color_layers->load_flags = load_flags;
}
Exit: