ref: d276bcb7f0c02c20d3585b2e5626702df6d140a6
parent: ca0111289498f3f6ce28b3d78ff5a54ccdfd2d47
author: Werner Lemberg <[email protected]>
date: Sun Jan 9 02:48:59 EST 2022
[bzip2] Avoid use of uninitialized memory. * src/bzip2/ftbzip2.c (FT_Stream_OpenBzip2): Don't use `FT_QNEW` but `FT_NEW` for setting up `zip` to avoid uninitialized memory access while handling malformed PCF fonts later on. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42800
--- a/src/bzip2/ftbzip2.c
+++ b/src/bzip2/ftbzip2.c
@@ -481,7 +481,9 @@
FT_ZERO( stream );
stream->memory = memory;
- if ( !FT_QNEW( zip ) )
+ /* Don't use `FT_QNEW` here to avoid problems with uninitialized */
+ /* memory later on if the font is malformed. */
+ if ( !FT_NEW( zip ) )
{
error = ft_bzip2_file_init( zip, stream, source );
if ( error )