[Libreoffice-commits] core.git: vcl/unx
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Thu Aug 23 12:14:53 UTC 2018
vcl/unx/generic/glyphs/glyphcache.cxx | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
New commits:
commit cd82e5317006d3411b6b3e13ef21b71c633bc919
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Thu Aug 23 11:41:51 2018 +0100
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Thu Aug 23 14:14:29 2018 +0200
ofz: various use after free and related crashes in glyph cache
in a long lived fuzzer it eventually gets to garbage collect and the trouble
begins, this can be reproduced locally and faster by setting mnMaxSize to 1
I think since...
commit 0b6f2f3ff47b6f1455d213bee4b257542e527976
Date: Mon Aug 13 14:50:13 2018 +0200
loplugin:useuniqueptr in GlyphCache
oss-fuzz stats show no instances of this until approx August 17th
Change-Id: I1809f3d50e339ccf51a10fa2d3098752d12bc248
Reviewed-on: https://gerrit.libreoffice.org/59496
Tested-by: Jenkins
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
Tested-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/vcl/unx/generic/glyphs/glyphcache.cxx b/vcl/unx/generic/glyphs/glyphcache.cxx
index cbdfbb1bb87d..c802df0e3cc0 100644
--- a/vcl/unx/generic/glyphs/glyphcache.cxx
+++ b/vcl/unx/generic/glyphs/glyphcache.cxx
@@ -266,7 +266,6 @@ void GlyphCache::GarbageCollect()
pFreetypeFont->GarbageCollect( mnLruIndex+0x10000000 );
if( pFreetypeFont == mpCurrentGCFont )
mpCurrentGCFont = nullptr;
- maFontList.erase(pFreetypeFont->GetFontInstance());
mnBytesUsed -= pFreetypeFont->GetByteCount();
// remove font from list of garbage collected fonts
@@ -277,7 +276,7 @@ void GlyphCache::GarbageCollect()
if( pFreetypeFont == mpCurrentGCFont )
mpCurrentGCFont = nullptr;
- delete pFreetypeFont;
+ maFontList.erase(pFreetypeFont->GetFontInstance());
}
}
More information about the Libreoffice-commits
mailing list