[PATCH] set_fontset_extents crash after get_rotate_fontname fix in 2bef065b70f7
Alan Coopersmith
alan.coopersmith at sun.com
Tue Jan 5 17:34:26 PST 2010
From: Osamu Sayama <osamu.sayama at sun.com>
- In set_fontset_extents, check font_data is not NULL before running
loop that may increment it to a non-NULL invalid pointer.
- Make sure get_rotate_fontname counts the final field
Fixes OpenSolaris bug 6913809: X application dumps core in ja_JP.UTF-8 locale
<http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6913809>
Signed-off-by: Alan Coopersmith <alan.coopersmith at sun.com>
---
modules/om/generic/omGeneric.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c
index 4fdc11b..9b4f336 100644
--- a/modules/om/generic/omGeneric.c
+++ b/modules/om/generic/omGeneric.c
@@ -412,11 +412,10 @@ set_fontset_extents(
}
}
- if(font_set->vrotate_num > 0) {
+ if(font_set->vrotate_num > 0 && font_set->vrotate != NULL) {
font_data = (FontData) font_set->vrotate;
font_data_count = font_set->vrotate_num;
for( ; font_data_count-- ; font_data++) {
- if(font_data != NULL)
if(font_data->font != NULL) {
check_fontset_extents(&overall, &logical_ascent,
&logical_descent,
@@ -572,6 +571,7 @@ get_rotate_fontname(
if((ptr = strchr(ptr, '-'))) {
*ptr = '\0';
} else {
+ field_num++; /* Count last field */
break;
}
}
--
1.5.6.5
More information about the xorg-devel
mailing list