[PATCH] omGeneric: Fix NULL pointer dereferences in set_fontset_extents
Alan Coopersmith
alan.coopersmith at oracle.com
Wed Jul 15 07:24:59 PDT 2015
On 07/14/15 09:36 PM, Ismael Luceno wrote:
> Signed-off-by: Ismael Luceno <ismael at iodev.co.uk>
> ---
> modules/om/generic/omGeneric.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/modules/om/generic/omGeneric.c b/modules/om/generic/omGeneric.c
> index a835f00..f0861e8 100644
> --- a/modules/om/generic/omGeneric.c
> +++ b/modules/om/generic/omGeneric.c
> @@ -398,7 +398,7 @@ set_fontset_extents(
> font_data = font_set->vmap;
> font_data_count = font_set->vmap_num;
> for( ; font_data_count-- ; font_data++) {
> - if(font_data->font != NULL) {
> + if(font_data && font_data->font) {
> check_fontset_extents(&overall, &logical_ascent,
> &logical_descent,
> font_data->font);
This segment is wrapped in a check that should already handle it:
if(font_set->vmap_num > 0) {
Have you actually encountered cases where font_set->vmap is NULL but
font_set->vmap_num is > 0 ?
> @@ -410,7 +410,7 @@ set_fontset_extents(
> font_data = (FontData) font_set->vrotate;
> font_data_count = font_set->vrotate_num;
> for( ; font_data_count-- ; font_data++) {
> - if(font_data->font != NULL) {
> + if(font_data && font_data->font) {
> check_fontset_extents(&overall, &logical_ascent,
> &logical_descent,
> font_data->font);
This one is more definitively handled in the wrapping check:
if(font_set->vrotate_num > 0 && font_set->vrotate != NULL) {
I can't see any way font_data could ever be NULL here.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
More information about the xorg-devel
mailing list