Github/emacs
2
0
Fork 1
mirror of git://git.sv.gnu.org/emacs.git synced 2026-02-23 05:17:35 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix double free upon encountering invalid font

Browse source 
* src/sfnt.c (sfnt_read_cmap_table): Don't allocate too big
data.  Also, free elements of (*data), not offsets into data
itself.
This commit is contained in:
Po Lu 2023-03-08 10:19:26 +08:00
parent 06cfa27e37
commit fdff5442a5
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/sfnt.c
View file

@ -910,7 +910,7 @@ sfnt_read_cmap_table (int fd, struct sfnt_offset_subtable *subtable,
/* Second, read each encoding subtable itself. */
*data = xmalloc (cmap->num_subtables
* sizeof **subtables);
* sizeof *data);
for (i = 0; i < cmap->num_subtables; ++i)
{
@ -923,7 +923,7 @@ sfnt_read_cmap_table (int fd, struct sfnt_offset_subtable *subtable,
being unsupported.) Return now. */
for (j = 0; j < i; ++j)
xfree (data[j]);
xfree ((*data)[j]);
xfree (*data);
xfree (*subtables);