fdo-mirrors/cairo
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/cairo/cairo.git synced 2026-06-14 21:38:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix a use after free in cairo_scaled_font_create

Browse source 
When `font_face` is freed by `cairo_font_face_destroy()` at line 1,150,
the following call `_cairo_font_face_set_error (font_face, status)`
causes a use after free.

We moved up the `_cairo_font_face_set_error (font_face, status)` before
`cairo_font_face_destroy()` to avoid the use after free.

Signed-off-by: Feysh INC <opensource@feysh.com>
This commit is contained in:
Feysh INC 2022-04-22 17:09:47 +08:00
parent 99cd4bb3bd
commit fa8f456c2b
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/cairo-scaled-font.c
View file

@ -1145,6 +1145,7 @@ cairo_scaled_font_create (cairo_font_face_t *font_face,
ctm, options, &scaled_font);
/* Did we leave the backend in an error state? */
if (unlikely (status)) {
status = _cairo_font_face_set_error (font_face, status);
_cairo_scaled_font_map_unlock ();
if (font_face != original_font_face)
cairo_font_face_destroy (font_face);
@ -1152,7 +1153,6 @@ cairo_scaled_font_create (cairo_font_face_t *font_face,
if (dead != NULL)
cairo_scaled_font_destroy (dead);
status = _cairo_font_face_set_error (font_face, status);
return _cairo_scaled_font_create_in_error (status);
}
/* Or did we encounter an error whilst constructing the scaled font? */