Attachment #89651 for bug #137388

View | Details | Raw Unified | Return to bug 137388
Collapse All | Expand All

Lines 52-57 Link Here

(-)freetype-2.1.10/include/freetype/fterrdef.h (+4 lines)
52	"broken table" )	52	"broken table" )
53	FT_ERRORDEF_( Invalid_Offset, 0x09, \	53	FT_ERRORDEF_( Invalid_Offset, 0x09, \
54	"broken offset within table" )	54	"broken offset within table" )
		55	FT_ERRORDEF_( Array_Too_Large, 0x0A, \
		56	"array allocation size too large" )
55		57
56	/* glyph/character errors */	58	/* glyph/character errors */
57		59
Lines 226-231 Link Here
226	"`ENCODING' field missing" )	228	"`ENCODING' field missing" )
227	FT_ERRORDEF_( Missing_Bbx_Field, 0xB6, \	229	FT_ERRORDEF_( Missing_Bbx_Field, 0xB6, \
228	"`BBX' field missing" )	230	"`BBX' field missing" )
		231	FT_ERRORDEF_( Bbx_Too_Big, 0xB7, \
		232	"`BBX' too big" )
229		233
230		234
231	/* END */	235	/* END */




  /*************************************************************************/
  /*************************************************************************/

  /* C++ absolutely hates statements like p = (void*)anything; where 'p' is
   * a typed pointer. Since we don't have a typeof operator in standard C++,
   * we need some really ugly casts, like:
   */

#ifdef __cplusplus
#define FT_ASSIGNP( p, val )  *((void**)&(p)) = (val)
#else
#define FT_ASSIGNP( p, val )  (p) = (val)
#endif


#ifdef FT_DEBUG_MEMORY
  FT_BASE( const char* )  _ft_debug_file;
  FT_BASE( long )         _ft_debug_lineno;

#  define FT_DEBUG_INNER( exp )  ( _ft_debug_file   = __FILE__, \
                                   _ft_debug_lineno = __LINE__, \
                                   (exp) )

#  define FT_ASSIGNP_INNER( p, exp )  ( _ft_debug_file   = __FILE__, \
                                        _ft_debug_lineno = __LINE__, \
                                        FT_ASSIGNP( p, exp ) )

#else /* !FT_DEBUG_MEMORY */

#  define FT_DEBUG_INNER( exp )       (exp)
#  define FT_ASSIGNP_INNER( p, exp )  FT_ASSIGNP( p, exp )

#endif /* !FT_DEBUG_MEMORY */
  
  /*
   *  The allocation functions return a pointer, and the error code
   *  is written to through the `p_error' parameter.  See below for
   *  for documentation.
   */

  FT_BASE( FT_Pointer )
  ft_mem_alloc( FT_Memory  memory,
                FT_Long    size,
                FT_Error  *p_error );

  FT_BASE( FT_Pointer )
  ft_mem_qalloc( FT_Memory  memory,
                 FT_Long    size,
                 FT_Error  *p_error );

  FT_BASE( FT_Pointer )
  ft_mem_realloc( FT_Memory  memory,
                  FT_Long    item_size,
                  FT_Long    cur_count,
                  FT_Long    new_count,
                  void*      block,
                  FT_Error  *p_error );

  FT_BASE( FT_Pointer )
  ft_mem_qrealloc( FT_Memory  memory,
                   FT_Long    item_size,
                   FT_Long    cur_count,
                   FT_Long    new_count,
                   void*      block,
                   FT_Error  *p_error );

  FT_BASE( void )
  ft_mem_free( FT_Memory    memory,
               const void*  P );
                 const char*  file_name,
                 FT_Long      line_no );

#endif

#define FT_MEM_ALLOC( ptr, size )                                         \
          FT_ASSIGNP_INNER( ptr, ft_mem_alloc( memory, (size), &error ) )

#define FT_MEM_FREE( ptr )                \
          FT_BEGIN_STMNT                  \
            ft_mem_free( memory, (ptr) ); \
            (ptr) = NULL;                 \
          FT_END_STMNT
  /* <Description>                                                         */
  /*    Allocates a new block of memory.  The returned area is always      */
  /*    zero-filled; this is a strong convention in many FreeType parts.   */
  /*                                                                       */
  /* <Input>                                                               */
  /*    memory :: A handle to a given `memory object' which handles        */
  /*              allocation.                                              */
  /*                                                                       */
  /*    size   :: The size in bytes of the block to allocate.              */
  /*                                                                       */
  /* <Output>                                                              */
  /*    P      :: A pointer to the fresh new block.  It should be set to   */
  /*              NULL if `size' is 0, or in case of error.                */
  /*                                                                       */
  /* <Return>                                                              */
  /*    FreeType error code.  0 means success.                             */
  /*                                                                       */
  FT_BASE( FT_Error )
  FT_Alloc( FT_Memory  memory,
            FT_Long    size,
            void*     *P );

#define FT_MEM_NEW( ptr )                        \
          FT_MEM_ALLOC( ptr, sizeof ( *(ptr) ) )

#define FT_MEM_REALLOC( ptr, cursz, newsz )                        \
          FT_ASSIGNP_INNER( ptr, ft_mem_realloc( memory, 1,        \
                                                 (cursz), (newsz), \
                                                 (ptr), &error ) )
  /*                                                                       */
  /* <Description>                                                         */
  /*    Allocates a new block of memory.  The returned area is *not*       */
  /*    zero-filled, making allocation quicker.                            */
  /*                                                                       */
  /* <Input>                                                               */
  /*    memory :: A handle to a given `memory object' which handles        */
  /*              allocation.                                              */
  /*                                                                       */
  /*    size   :: The size in bytes of the block to allocate.              */
  /*                                                                       */
  /* <Output>                                                              */
  /*    P      :: A pointer to the fresh new block.  It should be set to   */
  /*              NULL if `size' is 0, or in case of error.                */
  /*                                                                       */
  /* <Return>                                                              */
  /*    FreeType error code.  0 means success.                             */
  /*                                                                       */
  FT_BASE( FT_Error )
  FT_QAlloc( FT_Memory  memory,
             FT_Long    size,
             void*     *p );

#define FT_MEM_QALLOC( ptr, size )                                         \
          FT_ASSIGNP_INNER( ptr, ft_mem_qalloc( memory, (size), &error ) )

#define FT_MEM_QNEW( ptr )                        \
          FT_MEM_QALLOC( ptr, sizeof ( *(ptr) ) )
  /* <Function>                                                            */
  /*    FT_Realloc                                                         */
  /*                                                                       */
  /* <Description>                                                         */
  /*    Reallocates a block of memory pointed to by `*P' to `Size' bytes   */
  /*    from the heap, possibly changing `*P'.  The returned area is       */
  /*    zero-filled.                                                       */
  /*                                                                       */
  /* <Input>                                                               */
  /*    memory  :: A handle to a given `memory object' which handles       */
  /*               reallocation.                                           */
  /*                                                                       */
  /*    current :: The current block size in bytes.                        */
  /*                                                                       */
  /*    size    :: The new block size in bytes.                            */
  /*                                                                       */
  /* <InOut>                                                               */
  /*    P       :: A pointer to the fresh new block.  It should be set to  */
  /*               NULL if `size' is 0, or in case of error.               */
  /*                                                                       */
  /* <Return>                                                              */
  /*    FreeType error code.  0 means success.                             */
  /*                                                                       */
  /* <Note>                                                                */
  /*    All callers of FT_Realloc() _must_ provide the current block size  */
  /*    as well as the new one.                                            */
  /*                                                                       */
  FT_BASE( FT_Error )
  FT_Realloc( FT_Memory  memory,
              FT_Long    current,
              FT_Long    size,
              void*     *P );

#define FT_MEM_QREALLOC( ptr, cursz, newsz )                         \
          FT_ASSIGNP_INNER( ptr, ft_mem_qrealloc( memory, 1,        \
                                                  (cursz), (newsz), \
                                                  (ptr), &error ) )

#define FT_MEM_QRENEW_ARRAY( ptr, cursz, newsz )                             \
          FT_ASSIGNP_INNER( ptr, ft_mem_qrealloc( memory, sizeof ( *(ptr) ), \
                                                  (cursz), (newsz),          \
                                                  (ptr), &error ) )
  /*                                                                       */
  /* <Description>                                                         */
  /*    Reallocates a block of memory pointed to by `*P' to `Size' bytes   */
  /*    from the heap, possibly changing `*P'.  The returned area is *not* */
  /*    zero-filled, making reallocation quicker.                          */
  /*                                                                       */
  /* <Input>                                                               */
  /*    memory  :: A handle to a given `memory object' which handles       */
  /*               reallocation.                                           */
  /*                                                                       */
  /*    current :: The current block size in bytes.                        */
  /*                                                                       */
  /*    size    :: The new block size in bytes.                            */
  /*                                                                       */
  /* <InOut>                                                               */
  /*    P       :: A pointer to the fresh new block.  It should be set to  */
  /*               NULL if `size' is 0, or in case of error.               */
  /*                                                                       */
  /* <Return>                                                              */
  /*    FreeType error code.  0 means success.                             */
  /*                                                                       */
  /* <Note>                                                                */
  /*    All callers of FT_Realloc() _must_ provide the current block size  */
  /*    as well as the new one.                                            */
  /*                                                                       */
  FT_BASE( FT_Error )
  FT_QRealloc( FT_Memory  memory,
               FT_Long    current,
               FT_Long    size,
               void*     *p );

#define FT_MEM_ALLOC_MULT( ptr, count, item_size )                    \
          FT_ASSIGNP_INNER( ptr, ft_mem_realloc( memory, (item_size), \
                                                 0, (count),          \
                                                 NULL, &error ) )

#define FT_MEM_REALLOC_MULT( ptr, oldcnt, newcnt, itmsz )            \
          FT_ASSIGNP_INNER( ptr, ft_mem_realloc( memory, (itmsz),    \
                                                 (oldcnt), (newcnt), \
                                                 (ptr), &error ) )

#define FT_MEM_QALLOC_MULT( ptr, count, item_size )                    \
          FT_ASSIGNP_INNER( ptr, ft_mem_qrealloc( memory, (item_size), \
                                                  0, (count),          \
                                                  NULL, &error ) )

#define FT_MEM_QREALLOC_MULT( ptr, oldcnt, newcnt, itmsz)             \
          FT_ASSIGNP_INNER( ptr, ft_mem_qrealloc( memory, (itmsz),    \
                                                  (oldcnt), (newcnt), \
                                                  (ptr), &error ) )
  /*                                                                       */
  /* <Note>                                                                */
  /*    If P or *P is NULL, this function should return successfully.      */
  /*    This is a strong convention within all of FreeType and its         */
  /*    drivers.                                                           */
  /*                                                                       */
  FT_BASE( void )
  FT_Free( FT_Memory  memory,
           void*     *P );


#define FT_MEM_SET_ERROR( cond )  ( (cond), error != 0 )

#define FT_MEM_SET( dest, byte, count )     ft_memset( dest, byte, count )

#define FT_MEM_COPY( dest, source, count )  ft_memcpy( dest, source, count )


#define FT_ARRAY_CHECK( ptr, count )  ( (count) <= FT_ARRAY_MAX( ptr ) )


  /*************************************************************************/
  /*                                                                       */
  /* The following functions macros expect that their pointer argument is  */
  /* _typed_ in order to automatically compute array element sizes.        */
  /* memory allocator.                                                     */
  /*                                                                       */

#define FT_MEM_NEW_ARRAY( ptr, count )                                      \
          FT_ASSIGNP_INNER( ptr, ft_mem_realloc( memory, sizeof ( *(ptr) ), \
                                                 0, (count),                \
                                                 NULL, &error ) )

#define FT_MEM_RENEW_ARRAY( ptr, cursz, newsz )                             \
          FT_ASSIGNP_INNER( ptr, ft_mem_realloc( memory, sizeof ( *(ptr) ), \
                                                 (cursz), (newsz),          \
                                                 (ptr), &error ) )

#define FT_MEM_QNEW_ARRAY( ptr, count )                                      \
          FT_ASSIGNP_INNER( ptr, ft_mem_qrealloc( memory, sizeof ( *(ptr) ), \
                                                  0, (count),                \
                                                  NULL, &error ) )

#define FT_MEM_QRENEW_ARRAY( ptr, cursz, newsz )                             \
          FT_ASSIGNP_INNER( ptr, ft_mem_qrealloc( memory, sizeof ( *(ptr) ), \
                                                  (cursz), (newsz),          \
                                                  (ptr), &error ) )

#define FT_ALLOC( ptr, size )                           \
          FT_MEM_SET_ERROR( FT_MEM_ALLOC( ptr, size ) )
                             (void**)(void*)&(_pointer_), \
                             __FILE__, __LINE__ )

#define FT_REALLOC( ptr, cursz, newsz )                           \
          FT_MEM_SET_ERROR( FT_MEM_REALLOC( ptr, cursz, newsz ) )
                         __FILE__, __LINE__ )

#define FT_ALLOC_MULT( ptr, count, item_size )                           \
          FT_MEM_SET_ERROR( FT_MEM_ALLOC_MULT( ptr, count, item_size ) )

#define FT_REALLOC_MULT( ptr, oldcnt, newcnt, itmsz )              \
          FT_MEM_SET_ERROR( FT_MEM_REALLOC_MULT( ptr, oldcnt,      \
                                                 newcnt, itmsz ) )

#define FT_QALLOC( ptr, size )                           \
          FT_MEM_SET_ERROR( FT_MEM_QALLOC( ptr, size ) )

#define FT_QREALLOC( ptr, cursz, newsz )                           \
          FT_MEM_SET_ERROR( FT_MEM_QREALLOC( ptr, cursz, newsz ) )
                    (void**)(void*)&(_pointer_) )

#define FT_QALLOC_MULT( ptr, count, item_size )                           \
          FT_MEM_SET_ERROR( FT_MEM_QALLOC_MULT( ptr, count, item_size ) )
                   (void**)(void*)&(_pointer_) )

#define FT_QREALLOC_MULT( ptr, oldcnt, newcnt, itmsz )              \
          FT_MEM_SET_ERROR( FT_MEM_QREALLOC_MULT( ptr, oldcnt,      \
                                                  newcnt, itmsz ) )

#define FT_FREE( ptr )  FT_MEM_FREE( ptr )
          FT_QAlloc( memory, _size_,               \
                     (void**)(void*)&(_pointer_) )

#define FT_NEW( ptr )  FT_MEM_SET_ERROR( FT_MEM_NEW( ptr ) )
          FT_QRealloc( memory, _current_, _size_,       \
          (void**)(void*)&(_pointer_) )

#define FT_NEW_ARRAY( ptr, count )                           \
          FT_MEM_SET_ERROR( FT_MEM_NEW_ARRAY( ptr, count ) )

#define FT_RENEW_ARRAY( ptr, curcnt, newcnt )                           \
          FT_MEM_SET_ERROR( FT_MEM_RENEW_ARRAY( ptr, curcnt, newcnt ) )

#define FT_QNEW( ptr )                           \
          FT_MEM_SET_ERROR( FT_MEM_QNEW( ptr ) )
  /* The following functions macros expect that their pointer argument is  */
  /* _typed_ in order to automatically compute array element sizes.        */
  /*                                                                       */

#define FT_MEM_NEW( _pointer_ )                              \
          FT_MEM_ALLOC( _pointer_, sizeof ( *(_pointer_) ) )

#define FT_MEM_NEW_ARRAY( _pointer_, _count_ )                           \
          FT_MEM_ALLOC( _pointer_, (_count_) * sizeof ( *(_pointer_) ) )

#define FT_MEM_RENEW_ARRAY( _pointer_, _old_, _new_ )                    \
          FT_MEM_REALLOC( _pointer_, (_old_) * sizeof ( *(_pointer_) ),  \
                                     (_new_) * sizeof ( *(_pointer_) ) )

#define FT_QNEW_ARRAY( ptr, count )                          \
          FT_MEM_SET_ERROR( FT_MEM_NEW_ARRAY( ptr, count ) )

#define FT_MEM_QNEW_ARRAY( _pointer_, _count_ )                           \
          FT_MEM_QALLOC( _pointer_, (_count_) * sizeof ( *(_pointer_) ) )

#define FT_MEM_QRENEW_ARRAY( _pointer_, _old_, _new_ )                    \
          FT_MEM_QREALLOC( _pointer_, (_old_) * sizeof ( *(_pointer_) ),  \
                                      (_new_) * sizeof ( *(_pointer_) ) )

#define FT_QRENEW_ARRAY( ptr, curcnt, newcnt )                          \
          FT_MEM_SET_ERROR( FT_MEM_RENEW_ARRAY( ptr, curcnt, newcnt ) )

  /*************************************************************************/
  /*                                                                       */

  /* if an error occured (i.e. if 'error != 0').                           */
  /*                                                                       */

#define FT_ALLOC( _pointer_, _size_ )                       \
          FT_SET_ERROR( FT_MEM_ALLOC( _pointer_, _size_ ) )

#define FT_REALLOC( _pointer_, _current_, _size_ )                       \
          FT_SET_ERROR( FT_MEM_REALLOC( _pointer_, _current_, _size_ ) )

#define FT_QALLOC( _pointer_, _size_ )                       \
          FT_SET_ERROR( FT_MEM_QALLOC( _pointer_, _size_ ) )

#define FT_QREALLOC( _pointer_, _current_, _size_ )                       \
          FT_SET_ERROR( FT_MEM_QREALLOC( _pointer_, _current_, _size_ ) )


#define FT_FREE( _pointer_ )       \
          FT_MEM_FREE( _pointer_ )


#define FT_NEW( _pointer_ )                              \
          FT_ALLOC( _pointer_, sizeof ( *(_pointer_) ) )

#define FT_NEW_ARRAY( _pointer_, _count_ )                           \
          FT_ALLOC( _pointer_, sizeof ( *(_pointer_) ) * (_count_) )

#define FT_RENEW_ARRAY( _pointer_, _old_, _new_ )                    \
          FT_REALLOC( _pointer_, sizeof ( *(_pointer_) ) * (_old_),  \
                                 sizeof ( *(_pointer_) ) * (_new_) )

#define FT_QNEW( _pointer_ )                              \
          FT_QALLOC( _pointer_, sizeof ( *(_pointer_) ) )

#define FT_QNEW_ARRAY( _pointer_, _count_ )                           \
          FT_QALLOC( _pointer_, sizeof ( *(_pointer_) ) * (_count_) )

#define FT_QRENEW_ARRAY( _pointer_, _old_, _new_ )                    \
          FT_QREALLOC( _pointer_, sizeof ( *(_pointer_) ) * (_old_),  \
                                  sizeof ( *(_pointer_) ) * (_new_) )


#define FT_ALLOC_ARRAY( _pointer_, _count_, _type_ )           \
          FT_ALLOC( _pointer_, (_count_) * sizeof ( _type_ ) )





          FT_SET_ERROR( FT_Stream_ReadFields( stream, fields, object ) )


#define FT_FRAME_ENTER( size )                                       \
          FT_SET_ERROR(                                              \
            FT_DEBUG_INNER( FT_Stream_EnterFrame( stream, size ) ) )

#define FT_FRAME_EXIT()                 \
          FT_DEBUG_INNER( FT_Stream_ExitFrame( stream ) )

#define FT_FRAME_EXTRACT( size, bytes )                                       \
          FT_SET_ERROR(                                                       \
            FT_DEBUG_INNER( FT_Stream_ExtractFrame( stream, size,             \
                                                    (FT_Byte**)&(bytes) ) ) )

#define FT_FRAME_RELEASE( bytes )                                         \
          FT_DEBUG_INNER( FT_Stream_ReleaseFrame( stream,                 \
                                                  (FT_Byte**)&(bytes) ) )


FT_END_HEADER

Lines 165-171 Link Here

(-)freetype-2.1.10/src/base/ftbitmap.c (-1 / +1 lines)
165		165
166	new_pitch = ( bitmap->width + xpixels + ppb - 1 ) / ppb;	166	new_pitch = ( bitmap->width + xpixels + ppb - 1 ) / ppb;
167		167
168	if ( FT_ALLOC( buffer, new_pitch * ( bitmap->rows + ypixels ) ) )	168	if ( FT_QALLOC_MULT( buffer, new_pitch, bitmap->rows + ypixels ) )
169	return error;	169	return error;
170		170
171	if ( bitmap->pitch > 0 )	171	if ( bitmap->pitch > 0 )

Lines 36-41 Link Here

(-)freetype-2.1.10/src/base/ftdbgmem.c (-25 / +38 lines)
36	#include <stdio.h>	36	#include <stdio.h>
37	#include <stdlib.h>	37	#include <stdlib.h>
38		38
		39	FT_BASE_DEF( const char* ) _ft_debug_file = 0;
		40	FT_BASE_DEF( long ) _ft_debug_lineno = 0;
39		41
40	extern void	42	extern void
41	FT_DumpMemory( FT_Memory memory );	43	FT_DumpMemory( FT_Memory memory );
Lines 48-54 Link Here
48		50
49	#define FT_MEM_VAL( addr ) ((FT_ULong)(FT_Pointer)( addr ))	51	#define FT_MEM_VAL( addr ) ((FT_ULong)(FT_Pointer)( addr ))
50		52
51		53	/*
		54	* This structure holds statistics for a single allocation/release
		55	* site. This is useful to know where memory operations happen the
		56	* most.
		57	*/
52	typedef struct FT_MemSourceRec_	58	typedef struct FT_MemSourceRec_
53	{	59	{
54	const char* file_name;	60	const char* file_name;
Lines 76-82 Link Here
76	*/	82	*/
77	#define FT_MEM_SOURCE_BUCKETS 128	83	#define FT_MEM_SOURCE_BUCKETS 128
78		84
79		85	/*
		86	* This structure holds information related to a single allocated
		87	* memory block. If KEEPALIVE is defined, blocks that are freed by
		88	* FreeType are never released to the system. Instead, their `size'
		89	* field is set to -size. This is mainly useful to detect double frees,
		90	* at the price of large memory footprint during execution.
		91	*/
80	typedef struct FT_MemNodeRec_	92	typedef struct FT_MemNodeRec_
81	{	93	{
82	FT_Byte* address;	94	FT_Byte* address;
Lines 94-99 Link Here
94	} FT_MemNodeRec;	106	} FT_MemNodeRec;
95		107
96		108
		109	/*
		110	* The global structure, containing compound statistics and all hash
		111	* tables.
		112	*/
97	typedef struct FT_MemTableRec_	113	typedef struct FT_MemTableRec_
98	{	114	{
99	FT_ULong size;	115	FT_ULong size;
Lines 113-121 Link Here
113		129
114	FT_MemSource sources[FT_MEM_SOURCE_BUCKETS];	130	FT_MemSource sources[FT_MEM_SOURCE_BUCKETS];
115		131
116	const char* file_name;
117	FT_Long line_no;
118
119	FT_Bool keep_alive;	132	FT_Bool keep_alive;
120		133
121	FT_Memory memory;	134	FT_Memory memory;
Lines 446-453 Link Here
446	FT_MemSource node, *pnode;	459	FT_MemSource node, *pnode;
447		460
448		461
449	hash = (FT_UInt32)(void*)table->file_name +	462	hash = (FT_UInt32)(void*)_ft_debug_file +
450	(FT_UInt32)( 5 * table->line_no );	463	(FT_UInt32)( 5 * _ft_debug_lineno );
451	pnode = &table->sources[hash % FT_MEM_SOURCE_BUCKETS];	464	pnode = &table->sources[hash % FT_MEM_SOURCE_BUCKETS];
452		465
453	for ( ;; )	466	for ( ;; )
Lines 456-463 Link Here
456	if ( node == NULL )	469	if ( node == NULL )
457	break;	470	break;
458		471
459	if ( node->file_name == table->file_name &&	472	if ( node->file_name == _ft_debug_file &&
460	node->line_no == table->line_no )	473	node->line_no == _ft_debug_lineno )
461	goto Exit;	474	goto Exit;
462		475
463	pnode = &node->link;	476	pnode = &node->link;
Lines 468-475 Link Here
468	ft_mem_debug_panic(	481	ft_mem_debug_panic(
469	"not enough memory to perform memory debugging\n" );	482	"not enough memory to perform memory debugging\n" );
470		483
471	node->file_name = table->file_name;	484	node->file_name = _ft_debug_file;
472	node->line_no = table->line_no;	485	node->line_no = _ft_debug_lineno;
473		486
474	node->cur_blocks = 0;	487	node->cur_blocks = 0;
475	node->max_blocks = 0;	488	node->max_blocks = 0;
Lines 525-531 Link Here
525	"org=%s:%d new=%s:%d\n",	538	"org=%s:%d new=%s:%d\n",
526	node->address, node->size,	539	node->address, node->size,
527	FT_FILENAME( node->source->file_name ), node->source->line_no,	540	FT_FILENAME( node->source->file_name ), node->source->line_no,
528	FT_FILENAME( table->file_name ), table->line_no );	541	FT_FILENAME( _ft_debug_file ), _ft_debug_lineno );
529	}	542	}
530	}	543	}
531		544
Lines 593-599 Link Here
593	"freeing memory block at %p more than once at (%s:%ld)\n"	606	"freeing memory block at %p more than once at (%s:%ld)\n"
594	"block allocated at (%s:%ld) and released at (%s:%ld)",	607	"block allocated at (%s:%ld) and released at (%s:%ld)",
595	address,	608	address,
596	FT_FILENAME( table->file_name ), table->line_no,	609	FT_FILENAME( _ft_debug_file ), _ft_debug_lineno,
597	FT_FILENAME( node->source->file_name ), node->source->line_no,	610	FT_FILENAME( node->source->file_name ), node->source->line_no,
598	FT_FILENAME( node->free_file_name ), node->free_line_no );	611	FT_FILENAME( node->free_file_name ), node->free_line_no );
599		612
Lines 611-618 Link Here
611	/* we simply invert the node's size to indicate that the node */	624	/* we simply invert the node's size to indicate that the node */
612	/* was freed. */	625	/* was freed. */
613	node->size = -node->size;	626	node->size = -node->size;
614	node->free_file_name = table->file_name;	627	node->free_file_name = _ft_debug_file;
615	node->free_line_no = table->line_no;	628	node->free_line_no = _ft_debug_lineno;
616	}	629	}
617	else	630	else
618	{	631	{
Lines 634-640 Link Here
634	ft_mem_debug_panic(	647	ft_mem_debug_panic(
635	"trying to free unknown block at %p in (%s:%ld)\n",	648	"trying to free unknown block at %p in (%s:%ld)\n",
636	address,	649	address,
637	FT_FILENAME( table->file_name ), table->line_no );	650	FT_FILENAME( _ft_debug_file ), _ft_debug_lineno );
638	}	651	}
639	}	652	}
640		653
Lines 657-663 Link Here
657		670
658	/* return NULL if this allocation would overflow the maximum heap size */	671	/* return NULL if this allocation would overflow the maximum heap size */
659	if ( table->bound_total &&	672	if ( table->bound_total &&
660	table->alloc_current + (FT_ULong)size > table->alloc_total_max )	673	table->alloc_total_max - table->alloc_current > (FT_ULong)size )
661	return NULL;	674	return NULL;
662		675
663	block = (FT_Byte *)ft_mem_table_alloc( table, size );	676	block = (FT_Byte *)ft_mem_table_alloc( table, size );
Lines 666-673 Link Here
666		679
667	table->alloc_count++;	680	table->alloc_count++;
668		681
669	table->file_name = NULL;	682	_ft_debug_file = "<unknown>";
670	table->line_no = 0;	683	_ft_debug_lineno = 0;
671		684
672	return (FT_Pointer)block;	685	return (FT_Pointer)block;
673	}	686	}
Lines 682-689 Link Here
682		695
683	if ( block == NULL )	696	if ( block == NULL )
684	ft_mem_debug_panic( "trying to free NULL in (%s:%ld)",	697	ft_mem_debug_panic( "trying to free NULL in (%s:%ld)",
685	FT_FILENAME( table->file_name ),	698	FT_FILENAME( _ft_debug_file ),
686	table->line_no );	699	_ft_debug_lineno );
687		700
688	ft_mem_table_remove( table, (FT_Byte*)block );	701	ft_mem_table_remove( table, (FT_Byte*)block );
689		702
Lines 692-699 Link Here
692		705
693	table->alloc_count--;	706	table->alloc_count--;
694		707
695	table->file_name = NULL;	708	_ft_debug_file = "<unknown>";
696	table->line_no = 0;	709	_ft_debug_lineno = 0;
697	}	710	}
698		711
699		712
Lines 707-714 Link Here
707	FT_MemNode node, *pnode;	720	FT_MemNode node, *pnode;
708	FT_Pointer new_block;	721	FT_Pointer new_block;
709		722
710	const char* file_name = FT_FILENAME( table->file_name );	723	const char* file_name = FT_FILENAME( _ft_debug_file );
711	FT_Long line_no = table->line_no;	724	FT_Long line_no = _ft_debug_lineno;
712		725
713		726
714	/* the following is valid according to ANSI C */	727	/* the following is valid according to ANSI C */




    short          res_id;
    unsigned char  *buffer, *p, *size_p = NULL;
    FT_ULong       total_size = 0;
    FT_ULong       old_total_size = 0;
    FT_ULong       post_size, pfb_chunk_size;
    Handle         post_data;
    char           code, last_code;


      total_size += GetHandleSize( post_data ) - 2;
      last_code = code;

      /* detect integer overflows */
      if ( total_size < old_total_size )
      {
        error = FT_Err_Array_Too_Large;
        goto Error;
      }

      old_total_size = total_size;
    }

    if ( FT_ALLOC( buffer, (FT_Long)total_size ) )




                             FT_ULong      size )
  {
    FT_Memory  memory = FT_FACE_MEMORY( slot->face );
    FT_Error   error;

    if ( slot->internal->flags & FT_GLYPH_OWN_BITMAP )
      FT_FREE( slot->bitmap.buffer );
    else
      slot->internal->flags |= FT_GLYPH_OWN_BITMAP;

    (void)FT_ALLOC( slot->bitmap.buffer, size );
    return error;
  }






        if ( error )
          return error;

        if ( FT_NEW_ARRAY( offsets_internal, *count ) )
          return error;

        for ( j = 0; j < *count; ++j )

    FT_Error   error;
    char*      newpath;
    FT_Memory  memory;
    FT_Long    base_file_len = ft_strlen( base_file_name );

    FT_UNUSED( stream );


    memory = library->memory;

    if ( base_file_len > FT_INT_MAX )
      return FT_Err_Array_Too_Large;

    if ( FT_ALLOC( newpath, base_file_len + 6 ) )
      return error;

    FT_MEM_COPY( newpath, base_file_name, base_file_len );
    FT_MEM_COPY( newpath + base_file_len, "/rsrc", 6 );

    *result_file_name = newpath;
    *result_offset    = 0;

    return FT_Err_Ok;
  }


Lines 212-219 Link Here

(-)freetype-2.1.10/src/base/ftstream.c (-4 / +17 lines)
212	{	212	{
213	FT_Memory memory = stream->memory;	213	FT_Memory memory = stream->memory;
214		214
215		215	#ifdef FT_DEBUG_MEMORY
		216	ft_mem_free( memory, *pbytes );
		217	*pbytes = NULL;
		218	#else
216	FT_FREE( *pbytes );	219	FT_FREE( *pbytes );
		220	#endif
217	}	221	}
218	*pbytes = 0;	222	*pbytes = 0;
219	}	223	}
Lines 235-244 Link Here
235	/* allocate the frame in memory */	239	/* allocate the frame in memory */
236	FT_Memory memory = stream->memory;	240	FT_Memory memory = stream->memory;
237		241
238		242	#ifdef FT_DEBUG_MEMORY
		243	/* assume _ft_debug_file and _ft_debug_lineno are already set */
		244	stream->base = (unsigned char*)ft_mem_qalloc( memory, count, &error );
		245	if ( error )
		246	goto Exit;
		247	#else
239	if ( FT_QALLOC( stream->base, count ) )	248	if ( FT_QALLOC( stream->base, count ) )
240	goto Exit;	249	goto Exit;
241		250	#endif
242	/* read it */	251	/* read it */
243	read_bytes = stream->read( stream, stream->pos,	252	read_bytes = stream->read( stream, stream->pos,
244	stream->base, count );	253	stream->base, count );
Lines 298-305 Link Here
298	{	307	{
299	FT_Memory memory = stream->memory;	308	FT_Memory memory = stream->memory;
300		309
301		310	#ifdef FT_DEBUG_MEMORY
		311	ft_mem_free( memory, stream->base );
		312	stream->base = NULL;
		313	#else
302	FT_FREE( stream->base );	314	FT_FREE( stream->base );
		315	#endif
303	}	316	}
304	stream->cursor = 0;	317	stream->cursor = 0;
305	stream->limit = 0;	318	stream->limit = 0;




  /*************************************************************************/
  /*************************************************************************/

  /* documentation is in ftmemory.h */

  FT_BASE_DEF( FT_Pointer )
  ft_mem_alloc( FT_Memory  memory,
                FT_Long    size,
                FT_Error  *p_error )
  {
    FT_Error    error;
    FT_Pointer  block = ft_mem_qalloc( memory, size, &error );

    if ( !error && size > 0 )
      FT_MEM_ZERO( block, size );
      *P = memory->alloc( memory, size );
      if ( !*P )
      {
        FT_ERROR(( "FT_Alloc:" ));
        FT_ERROR(( " Out of memory? (%ld requested)\n",
                   size ));

        return FT_Err_Out_Of_Memory;
      }
      FT_MEM_ZERO( *P, size );
    }
    else
      *P = NULL;

    FT_TRACE7(( "FT_Alloc:" ));
    FT_TRACE7(( " size = %ld, block = 0x%08p, ref = 0x%08p\n",
                size, *P, P ));

    *p_error = error;
    return block;
  }


  FT_BASE_DEF( FT_Pointer )
  ft_mem_qalloc( FT_Memory  memory,
                 FT_Long    size,
                 FT_Error  *p_error )
             FT_Long    size,
             void*     *P )
  {
    FT_Error    error = FT_Err_Ok;
    FT_Pointer  block = NULL;


    if ( size > 0 )
    {
      block = memory->alloc( memory, size );
      if ( block == NULL )
        error = FT_Err_Out_Of_Memory;
    }
    else if ( size < 0 )
    {
      /* may help catch/prevent security issues */
      error = FT_Err_Invalid_Argument;
      }
    }
    else
      *P = NULL;

    FT_TRACE7(( "FT_QAlloc:" ));
    FT_TRACE7(( " size = %ld, block = 0x%08p, ref = 0x%08p\n",
                size, *P, P ));

    *p_error = error;
    return block;
  }


  FT_BASE_DEF( FT_Pointer )
  ft_mem_realloc( FT_Memory  memory,
                  FT_Long    item_size,
                  FT_Long    cur_count,
                  FT_Long    new_count,
                  void*      block,
                  FT_Error  *p_error )
  {
    FT_Error  error = FT_Err_Ok;


    FT_ASSERT( P != 0 );

    block = ft_mem_qrealloc( memory, item_size,
                             cur_count, new_count, block, &error );
    if ( !error && new_count > cur_count )
      FT_MEM_ZERO( (char*)block + cur_count * item_size,
                   ( new_count - cur_count ) * item_size );

    *p_error = error;
    return block;
    {
      FT_Free( memory, P );
      return FT_Err_Ok;
    }

    Q = memory->realloc( memory, current, size, *P );
    if ( !Q )
      goto Fail;

    if ( size > current )
      FT_MEM_ZERO( (char*)Q + current, size - current );

    *P = Q;
    return FT_Err_Ok;

  Fail:
    FT_ERROR(( "FT_Realloc:" ));
    FT_ERROR(( " Failed (current %ld, requested %ld)\n",
               current, size ));
    return FT_Err_Out_Of_Memory;
  }


  FT_BASE_DEF( FT_Pointer )
  ft_mem_qrealloc( FT_Memory  memory,
                   FT_Long    item_size,
                   FT_Long    cur_count,
                   FT_Long    new_count,
                   void*      block,
                   FT_Error  *p_error )
  {
    FT_Error  error = FT_Err_Ok;


    FT_ASSERT( P != 0 );

    /* if the original pointer is NULL, call FT_QAlloc() */
    if ( !*P )
      return FT_QAlloc( memory, size, P );

    if ( cur_count < 0 || new_count < 0 || item_size <= 0 )
    if ( size <= 0 )
    {
      /* may help catch/prevent nasty security issues */
      error = FT_Err_Invalid_Argument;
    }
    else if ( new_count == 0 )
    {
      ft_mem_free( memory, block );
      block = NULL;
    }
    else if ( new_count > FT_INT_MAX/item_size )
    {
      error = FT_Err_Array_Too_Large;
    }
    else if ( cur_count == 0 )
    {
      FT_ASSERT( block == NULL );

      block = ft_mem_alloc( memory, new_count*item_size, &error );
    }
    else
    {
      FT_Pointer  block2;
      FT_Long     cur_size = cur_count*item_size;
      FT_Long     new_size = new_count*item_size;

    *P = Q;
    return FT_Err_Ok;

      block2 = memory->realloc( memory, cur_size, new_size, block );
      if ( block2 == NULL )
        error = FT_Err_Out_Of_Memory;
      else
        block = block2;
    }

    *p_error = error;
    return block;
  }

  /* documentation is in ftmemory.h */

  FT_BASE_DEF( void )
  ft_mem_free( FT_Memory   memory,
               const void *P )
  {
    if ( P )
      memory->free( memory, (void*)P );
                P, P ? *P : (void*)0 ));

    if ( P && *P )
    {
      memory->free( memory, *P );
      *P = 0;
    }
  }



  }


  FT_BASE_DEF( FT_UInt32 )
  ft_highpow2( FT_UInt32  value )
  {
    FT_UInt32  value2;

  }


#ifdef FT_CONFIG_OPTION_OLD_INTERNALS

  FT_BASE_DEF( FT_Error )
  FT_Alloc( FT_Memory  memory,
            FT_Long    size,
            void*     *P )
  {
    FT_Error  error;


    (void)FT_ALLOC( *P, size );
    return error;
  }


  FT_BASE_DEF( FT_Error )
  FT_QAlloc( FT_Memory  memory,
             FT_Long    size,
             void*     *p )
  {
    FT_Error  error;


    (void)FT_QALLOC( *p, size );
    return error;
  }


  FT_BASE_DEF( FT_Error )
  FT_Realloc( FT_Memory  memory,
              FT_Long    current,
              FT_Long    size,
              void*     *P )
  {
    FT_Error  error;


    (void)FT_REALLOC( *P, current, size );
    return error;
  }


  FT_BASE_DEF( FT_Error )
  FT_QRealloc( FT_Memory  memory,
               FT_Long    current,
               FT_Long    size,
               void*     *p )
  {
    FT_Error  error;


    (void)FT_QREALLOC( *p, current, size );
    return error;
  }


  FT_BASE_DEF( void )
  FT_Free( FT_Memory  memory,
           void*     *P )
  {
    if ( *P )
      FT_MEM_FREE( *P );
  }

#endif /* FT_CONFIG_OPTION_OLD_INTERNALS */

/* END */

Lines 1092-1097 Link Here

(-)freetype-2.1.10/src/bdf/bdflib.c (-1 / +21 lines)
1092	#define ERRMSG1 "[line %ld] Missing \"%s\" line.\n"	1092	#define ERRMSG1 "[line %ld] Missing \"%s\" line.\n"
1093	#define ERRMSG2 "[line %ld] Font header corrupted or missing fields.\n"	1093	#define ERRMSG2 "[line %ld] Font header corrupted or missing fields.\n"
1094	#define ERRMSG3 "[line %ld] Font glyphs corrupted or missing fields.\n"	1094	#define ERRMSG3 "[line %ld] Font glyphs corrupted or missing fields.\n"
		1095	#define ERRMSG4 "[line %ld] BBX too big.\n"
1095		1096
1096		1097
1097	static FT_Error	1098	static FT_Error
Lines 1561-1566 Link Here
1561		1562
1562	p->glyph_enc = _bdf_atol( p->list.field[1], 0, 10 );	1563	p->glyph_enc = _bdf_atol( p->list.field[1], 0, 10 );
1563		1564
		1565	/* Check that the encoding is in the range [0,65536] because */
		1566	/* otherwise p->have (a bitmap with static size) overflows. */
		1567	if ( p->glyph_enc >= sizeof(p->have)*8 )
		1568	{
		1569	error = BDF_Err_Invalid_File_Format;
		1570	goto Exit;
		1571	}
		1572
1564	/* Check to see whether this encoding has already been encountered. */	1573	/* Check to see whether this encoding has already been encountered. */
1565	/* If it has then change it to unencoded so it gets added if */	1574	/* If it has then change it to unencoded so it gets added if */
1566	/* indicated. */	1575	/* indicated. */
Lines 1805-1810 Link Here
1805	/* And finally, gather up the bitmap. */	1814	/* And finally, gather up the bitmap. */
1806	if ( ft_memcmp( line, "BITMAP", 6 ) == 0 )	1815	if ( ft_memcmp( line, "BITMAP", 6 ) == 0 )
1807	{	1816	{
		1817	unsigned long bitmap_size;
		1818
1808	if ( !( p->flags & _BDF_BBX ) )	1819	if ( !( p->flags & _BDF_BBX ) )
1809	{	1820	{
1810	/* Missing BBX field. */	1821	/* Missing BBX field. */
Lines 1815-1821 Link Here
1815		1826
1816	/* Allocate enough space for the bitmap. */	1827	/* Allocate enough space for the bitmap. */
1817	glyph->bpr = ( glyph->bbx.width * p->font->bpp + 7 ) >> 3;	1828	glyph->bpr = ( glyph->bbx.width * p->font->bpp + 7 ) >> 3;
1818	glyph->bytes = (unsigned short)( glyph->bpr * glyph->bbx.height );	1829
		1830	bitmap_size = glyph->bpr * glyph->bbx.height;
		1831	if ( bitmap_size > 0xFFFFU )
		1832	{
		1833	FT_ERROR(( "_bdf_parse_glyphs: " ERRMSG4, lineno ));
		1834	error = BDF_Err_Bbx_Too_Big;
		1835	goto Exit;
		1836	}
		1837	else
		1838	glyph->bytes = (unsigned short)bitmap_size;
1819		1839
1820	if ( FT_NEW_ARRAY( glyph->bitmap, glyph->bytes ) )	1840	if ( FT_NEW_ARRAY( glyph->bitmap, glyph->bytes ) )
1821	goto Exit;	1841	goto Exit;




        if ( p >= mask )
        {
          FT_Memory  memory = cache->memory;
          FT_Error   error;

          /* if we can't expand the array, leave immediately */
          if ( FT_RENEW_ARRAY( cache->buckets, (mask+1)*2, (mask+1)*4 ) )
            break;
        }


        if ( p == 0 )
        {
          FT_Memory  memory = cache->memory;
          FT_Error   error;

          /* if we can't shrink the array, leave immediately */
          if ( FT_RENEW_ARRAY( cache->buckets,
                                   ( mask + 1 ) * 2, mask + 1 ) )
            break;




  /* remove a node from the cache manager */
  /* this function is FT_BASE since it may be called by old rogue clients */
  FT_BASE_DEF( void )
  ftc_node_destroy( FTC_Node     node,
                    FTC_Manager  manager )
  {

  ftc_cache_init( FTC_Cache  cache )
  {
    FT_Memory  memory = cache->memory;
    FT_Error   error;


    cache->p     = 0;
    cache->mask  = FTC_HASH_INITIAL_SIZE - 1;
    cache->slack = FTC_HASH_INITIAL_SIZE * FTC_HASH_MAX_LOAD;

    (void)FT_NEW_ARRAY( cache->buckets, FTC_HASH_INITIAL_SIZE * 2 );
    return error;
  }



Lines 2284-2290 Link Here

(-)freetype-2.1.10/src/cff/cffgload.c (-3 / +8 lines)
2284	FT_LOCAL_DEF( FT_Error )	2284	FT_LOCAL_DEF( FT_Error )
2285	cff_slot_load( CFF_GlyphSlot glyph,	2285	cff_slot_load( CFF_GlyphSlot glyph,
2286	CFF_Size size,	2286	CFF_Size size,
2287	FT_Int glyph_index,	2287	FT_UInt glyph_index,
2288	FT_Int32 load_flags )	2288	FT_Int32 load_flags )
2289	{	2289	{
2290	FT_Error error;	2290	FT_Error error;
Lines 2330-2336 Link Here
2330		2330
2331	error = sfnt->load_sbit_image( face,	2331	error = sfnt->load_sbit_image( face,
2332	(FT_ULong)size->strike_index,	2332	(FT_ULong)size->strike_index,
2333	(FT_UInt)glyph_index,	2333	glyph_index,
2334	(FT_Int)load_flags,	2334	(FT_Int)load_flags,
2335	stream,	2335	stream,
2336	&glyph->root.bitmap,	2336	&glyph->root.bitmap,
Lines 2393-2399 Link Here
2393	/* subsetted font, glyph_indices and CIDs are identical, though */	2393	/* subsetted font, glyph_indices and CIDs are identical, though */
2394	if ( cff->top_font.font_dict.cid_registry != 0xFFFFU &&	2394	if ( cff->top_font.font_dict.cid_registry != 0xFFFFU &&
2395	cff->charset.cids )	2395	cff->charset.cids )
2396	glyph_index = cff->charset.cids[glyph_index];	2396	{
		2397	if ( glyph_index < cff->charset.max_cid )
		2398	glyph_index = cff->charset.cids[glyph_index];
		2399	else
		2400	glyph_index = 0;
		2401	}
2397		2402
2398	cff_decoder_init( &decoder, face, size, glyph, hinting,	2403	cff_decoder_init( &decoder, face, size, glyph, hinting,
2399	FT_LOAD_TARGET_MODE( load_flags ) );	2404	FT_LOAD_TARGET_MODE( load_flags ) );

Lines 196-202 Link Here

(-)freetype-2.1.10/src/cff/cffgload.h (-1 / +1 lines)
196	FT_LOCAL( FT_Error )	196	FT_LOCAL( FT_Error )
197	cff_slot_load( CFF_GlyphSlot glyph,	197	cff_slot_load( CFF_GlyphSlot glyph,
198	CFF_Size size,	198	CFF_Size size,
199	FT_Int glyph_index,	199	FT_UInt glyph_index,
200	FT_Int32 load_flags );	200	FT_Int32 load_flags );
201		201
202		202

Lines 1235-1241 Link Here

(-)freetype-2.1.10/src/cff/cffload.c (-4 / +7 lines)
1235	}	1235	}
1236		1236
1237	/* access element */	1237	/* access element */
1238	if ( off1 )	1238	if ( off1 && off2 > off1 )
1239	{	1239	{
1240	*pbyte_len = off2 - off1;	1240	*pbyte_len = off2 - off1;
1241		1241
Lines 1688-1693 Link Here
1688		1688
1689	for ( i = 0; i < num_glyphs; i++ )	1689	for ( i = 0; i < num_glyphs; i++ )
1690	charset->cids[charset->sids[i]] = (FT_UShort)i;	1690	charset->cids[charset->sids[i]] = (FT_UShort)i;
		1691
		1692	charset->max_cid = max_cid;
1691	}	1693	}
1692		1694
1693	Exit:	1695	Exit:
Lines 2011-2017 Link Here
2011		2013
2012	if ( error )	2014	if ( error )
2013	goto Exit;	2015	goto Exit;
2014		2016
2015	/* if it is a CID font, we stop there */	2017	/* if it is a CID font, we stop there */
2016	if ( top->cid_registry != 0xFFFFU )	2018	if ( top->cid_registry != 0xFFFFU )
2017	goto Exit;	2019	goto Exit;
Lines 2040-2045 Link Here
2040	FT_FRAME_EXIT();	2042	FT_FRAME_EXIT();
2041	if ( error )	2043	if ( error )
2042	goto Exit;	2044	goto Exit;
		2045
		2046	/* ensure that 'num_blue_values' is even */
		2047	priv->num_blue_values &= ~1;
2043	}	2048	}
2044		2049
2045	/* read the local subrs, if any */	2050	/* read the local subrs, if any */
Lines 2293-2300 Link Here
2293	{	2298	{
2294	for ( idx = 0; idx < font->num_subfonts; idx++ )	2299	for ( idx = 0; idx < font->num_subfonts; idx++ )
2295	cff_subfont_done( memory, font->subfonts[idx] );	2300	cff_subfont_done( memory, font->subfonts[idx] );
2296
2297	FT_FREE( font->subfonts );
2298	}	2301	}
2299		2302
2300	cff_encoding_done( &font->encoding );	2303	cff_encoding_done( &font->encoding );

Lines 84-89 Link Here

(-)freetype-2.1.10/src/cff/cfftypes.h (+1 lines)
84	FT_UShort* sids;	84	FT_UShort* sids;
85	FT_UShort* cids; /* the inverse mapping of `sids'; only needed */	85	FT_UShort* cids; /* the inverse mapping of `sids'; only needed */
86	/* for CID-keyed fonts */	86	/* for CID-keyed fonts */
		87	FT_UInt max_cid;
87	} CFF_CharsetRec, *CFF_Charset;	88	} CFF_CharsetRec, *CFF_Charset;
88		89
89		90




                 uInt       size )
  {
    FT_ULong    sz = (FT_ULong)size * items;
    FT_Error    error;
    FT_Pointer  p;


    (void)FT_ALLOC( p, sz );
    return p;
    return (voidpf) p;
  }



Lines 213-219 Link Here

(-)freetype-2.1.10/src/pcf/pcfdrivr.c (-1 / +1 lines)
213		213
214	FT_FREE( prop->name );	214	FT_FREE( prop->name );
215	if ( prop->isString )	215	if ( prop->isString )
216	FT_FREE( prop->value );	216	FT_FREE( prop->value.atom );
217	}	217	}
218		218
219	FT_FREE( face->properties );	219	FT_FREE( face->properties );

Lines 150-156 Link Here

(-)freetype-2.1.10/src/pshinter/pshglob.c (-1 / +1 lines)
150	FT_UNUSED( target );	150	FT_UNUSED( target );
151		151
152		152
153	for ( ; read_count > 0; read_count -= 2 )	153	for ( ; read_count > 1; read_count -= 2 )
154	{	154	{
155	FT_Int reference, delta;	155	FT_Int reference, delta;
156	FT_UInt count;	156	FT_UInt count;

Lines 175-181 Link Here

(-)freetype-2.1.10/src/raster/ftrend1.c (-1 / +1 lines)
175	bitmap->rows = height;	175	bitmap->rows = height;
176	bitmap->pitch = pitch;	176	bitmap->pitch = pitch;
177		177
178	if ( FT_ALLOC( bitmap->buffer, (FT_ULong)pitch * height ) )	178	if ( FT_ALLOC_MULT( bitmap->buffer, pitch, height ) )
179	goto Exit;	179	goto Exit;
180		180
181	slot->internal->flags \|= FT_GLYPH_OWN_BITMAP;	181	slot->internal->flags \|= FT_GLYPH_OWN_BITMAP;




    FT_String*  string;
    FT_UInt     len, code, n;
    FT_Byte*    read = (FT_Byte*)entry->string;
    FT_Error    error;
    

    len = (FT_UInt)entry->stringLength / 2;

    if ( FT_NEW_ARRAY( string, len + 1 ) )
      return NULL;

    for ( n = 0; n < len; n++ )

    FT_String*  string;
    FT_UInt     len, code, n;
    FT_Byte*    read = (FT_Byte*)entry->string;
    FT_Error    error;
    

    len = (FT_UInt)entry->stringLength / 4;

    if ( FT_NEW_ARRAY( string, len + 1 ) )
      return NULL;

    for ( n = 0; n < len; n++ )

    FT_String*  string;
    FT_UInt     len, code, n;
    FT_Byte*    read = (FT_Byte*)entry->string;
    FT_Error    error;
    

    len = (FT_UInt)entry->stringLength;

    if ( FT_NEW_ARRAY( string, len + 1 ) )
      return NULL;

    for ( n = 0; n < len; n++ )

Lines 2144-2152 Link Here

(-)freetype-2.1.10/src/sfnt/ttcmap.c (-3 / +1 lines)
2144	charmap.encoding = FT_ENCODING_NONE; /* will be filled later */	2144	charmap.encoding = FT_ENCODING_NONE; /* will be filled later */
2145	offset = TT_NEXT_ULONG( p );	2145	offset = TT_NEXT_ULONG( p );
2146		2146
2147	if ( offset &&	2147	if ( offset && offset <= face->cmap_size - 2 )
2148	table + offset + 2 < limit &&
2149	table + offset >= table )
2150	{	2148	{
2151	FT_Byte* cmap = table + offset;	2149	FT_Byte* cmap = table + offset;
2152	volatile FT_UInt format = TT_PEEK_USHORT( cmap );	2150	volatile FT_UInt format = TT_PEEK_USHORT( cmap );

Lines 292-298 Link Here

(-)freetype-2.1.10/src/sfnt/ttpost.c (-1 / +1 lines)
292	goto Exit;	292	goto Exit;
293	}	293	}
294		294
295	if ( FT_ALLOC( offset_table, num_glyphs ) \|\|	295	if ( FT_NEW_ARRAY( offset_table, num_glyphs ) \|\|
296	FT_STREAM_READ( offset_table, num_glyphs ) )	296	FT_STREAM_READ( offset_table, num_glyphs ) )
297	goto Fail;	297	goto Fail;
298		298




        goto Exit;
      }

      if ( FT_NEW( face->blend ) )
        goto Exit;

      /* XXX: TODO - check for overflows */
      face->blend->mmvar_len =
        sizeof ( FT_MM_Var ) +
        fvar_head.axisCount * sizeof ( FT_Var_Axis ) +
        fvar_head.instanceCount * sizeof ( FT_Var_Named_Style ) +
        fvar_head.instanceCount * fvar_head.axisCount * sizeof ( FT_Fixed ) +
        5 * fvar_head.axisCount;

      if ( FT_ALLOC( mmvar, face->blend->mmvar_len ) )
        goto Exit;
      face->blend->mmvar = mmvar;

Lines 1990-1995 Link Here

(-)freetype-2.1.10/src/type1/t1load.c (+3 lines)
1990	if ( error )	1990	if ( error )
1991	goto Exit;	1991	goto Exit;
1992		1992
		1993	/* ensure even-ness of 'num_blue_values' */
		1994	priv->num_blue_values &= ~1;
		1995
1993	#ifndef T1_CONFIG_OPTION_NO_MM_SUPPORT	1996	#ifndef T1_CONFIG_OPTION_NO_MM_SUPPORT
1994		1997
1995	/* the following can happen for MM instances; we then treat the */	1998	/* the following can happen for MM instances; we then treat the */

Lines 633-639 Link Here

(-)freetype-2.1.10/src/winfonts/winfnt.c (-1 / +1 lines)
633		633
634	/* note: since glyphs are stored in columns and not in rows we */	634	/* note: since glyphs are stored in columns and not in rows we */
635	/* can't use ft_glyphslot_set_bitmap */	635	/* can't use ft_glyphslot_set_bitmap */
636	if ( FT_ALLOC( bitmap->buffer, pitch * bitmap->rows ) )	636	if ( FT_ALLOC_MULT( bitmap->buffer, pitch, bitmap->rows ) )
637	goto Exit;	637	goto Exit;
638		638
639	column = (FT_Byte*)bitmap->buffer;	639	column = (FT_Byte*)bitmap->buffer;

Return to bug 137388

Lines 267-280 Link Here

(-)freetype-2.1.10/src/base/ftobjs.c (-2 / +3 lines)
267	FT_ULong size )	267	FT_ULong size )
268	{	268	{
269	FT_Memory memory = FT_FACE_MEMORY( slot->face );	269	FT_Memory memory = FT_FACE_MEMORY( slot->face );
270		270	FT_Error error;
271		271
272	if ( slot->internal->flags & FT_GLYPH_OWN_BITMAP )	272	if ( slot->internal->flags & FT_GLYPH_OWN_BITMAP )
273	FT_FREE( slot->bitmap.buffer );	273	FT_FREE( slot->bitmap.buffer );
274	else	274	else
275	slot->internal->flags \|= FT_GLYPH_OWN_BITMAP;	275	slot->internal->flags \|= FT_GLYPH_OWN_BITMAP;
276		276
277	return FT_MEM_ALLOC( slot->bitmap.buffer, size );	277	(void)FT_ALLOC( slot->bitmap.buffer, size );
		278	return error;
278	}	279	}
279		280
280		281

Lines 56-255 Link Here

(-)freetype-2.1.10/include/freetype/internal/ftmemory.h (-280 / +155 lines)
56	/*************************************************************************/	56	/*************************************************************************/
57	/*************************************************************************/	57	/*************************************************************************/
58		58
		59	/* C++ absolutely hates statements like p = (void*)anything; where 'p' is
		60	* a typed pointer. Since we don't have a typeof operator in standard C++,
		61	* we need some really ugly casts, like:
		62	*/
		63
		64	#ifdef __cplusplus
		65	#define FT_ASSIGNP( p, val ) ((void*)&(p)) = (val)
		66	#else
		67	#define FT_ASSIGNP( p, val ) (p) = (val)
		68	#endif
		69
		70
59	#ifdef FT_DEBUG_MEMORY	71	#ifdef FT_DEBUG_MEMORY
		72	FT_BASE( const char* ) _ft_debug_file;
		73	FT_BASE( long ) _ft_debug_lineno;
		74
		75	# define FT_DEBUG_INNER( exp ) ( _ft_debug_file = __FILE__, \
		76	_ft_debug_lineno = __LINE__, \
		77	(exp) )
60		78
61	FT_BASE( FT_Error )	79	# define FT_ASSIGNP_INNER( p, exp ) ( _ft_debug_file = __FILE__, \
62	FT_Alloc_Debug( FT_Memory memory,	80	_ft_debug_lineno = __LINE__, \
63	FT_Long size,	81	FT_ASSIGNP( p, exp ) )
64	void* *P,	82
65	const char* file_name,	83	#else /* !FT_DEBUG_MEMORY */
66	FT_Long line_no );	84
67		85	# define FT_DEBUG_INNER( exp ) (exp)
68	FT_BASE( FT_Error )	86	# define FT_ASSIGNP_INNER( p, exp ) FT_ASSIGNP( p, exp )
69	FT_QAlloc_Debug( FT_Memory memory,	87
70	FT_Long size,	88	#endif /* !FT_DEBUG_MEMORY */
71	void* *P,	89
72	const char* file_name,	90	/*
73	FT_Long line_no );	91	* The allocation functions return a pointer, and the error code
74		92	* is written to through the `p_error' parameter. See below for
75	FT_BASE( FT_Error )	93	* for documentation.
76	FT_Realloc_Debug( FT_Memory memory,	94	*/
77	FT_Long current,	95
78	FT_Long size,	96	FT_BASE( FT_Pointer )
79	void* *P,	97	ft_mem_alloc( FT_Memory memory,
80	const char* file_name,	98	FT_Long size,
81	FT_Long line_no );	99	FT_Error *p_error );
82		100
83	FT_BASE( FT_Error )	101	FT_BASE( FT_Pointer )
84	FT_QRealloc_Debug( FT_Memory memory,	102	ft_mem_qalloc( FT_Memory memory,
85	FT_Long current,	103	FT_Long size,
86	FT_Long size,	104	FT_Error *p_error );
87	void* *P,	105
88	const char* file_name,	106	FT_BASE( FT_Pointer )
89	FT_Long line_no );	107	ft_mem_realloc( FT_Memory memory,
		108	FT_Long item_size,
		109	FT_Long cur_count,
		110	FT_Long new_count,
		111	void* block,
		112	FT_Error *p_error );
		113
		114	FT_BASE( FT_Pointer )
		115	ft_mem_qrealloc( FT_Memory memory,
		116	FT_Long item_size,
		117	FT_Long cur_count,
		118	FT_Long new_count,
		119	void* block,
		120	FT_Error *p_error );
90		121
91	FT_BASE( void )	122	FT_BASE( void )
92	FT_Free_Debug( FT_Memory memory,	123	ft_mem_free( FT_Memory memory,
93	FT_Pointer block,	124	const void* P );
94	const char* file_name,
95	FT_Long line_no );
96		125
97	#endif
98		126
		127	#define FT_MEM_ALLOC( ptr, size ) \
		128	FT_ASSIGNP_INNER( ptr, ft_mem_alloc( memory, (size), &error ) )
99		129
100	/*************************************************************************/	130	#define FT_MEM_FREE( ptr ) \
101	/* */	131	FT_BEGIN_STMNT \
102	/* <Function> */	132	ft_mem_free( memory, (ptr) ); \
103	/* FT_Alloc */	133	(ptr) = NULL; \
104	/* */	134	FT_END_STMNT
105	/* <Description> */
106	/* Allocates a new block of memory. The returned area is always */
107	/* zero-filled; this is a strong convention in many FreeType parts. */
108	/* */
109	/* <Input> */
110	/* memory :: A handle to a given `memory object' which handles */
111	/* allocation. */
112	/* */
113	/* size :: The size in bytes of the block to allocate. */
114	/* */
115	/* <Output> */
116	/* P :: A pointer to the fresh new block. It should be set to */
117	/* NULL if `size' is 0, or in case of error. */
118	/* */
119	/* <Return> */
120	/* FreeType error code. 0 means success. */
121	/* */
122	FT_BASE( FT_Error )
123	FT_Alloc( FT_Memory memory,
124	FT_Long size,
125	void* *P );
126		135
		136	#define FT_MEM_NEW( ptr ) \
		137	FT_MEM_ALLOC( ptr, sizeof ( *(ptr) ) )
127		138
128	/*************************************************************************/	139	#define FT_MEM_REALLOC( ptr, cursz, newsz ) \
129	/* */	140	FT_ASSIGNP_INNER( ptr, ft_mem_realloc( memory, 1, \
130	/* <Function> */	141	(cursz), (newsz), \
131	/* FT_QAlloc */	142	(ptr), &error ) )
132	/* */
133	/* <Description> */
134	/* Allocates a new block of memory. The returned area is not */
135	/* zero-filled, making allocation quicker. */
136	/* */
137	/* <Input> */
138	/* memory :: A handle to a given `memory object' which handles */
139	/* allocation. */
140	/* */
141	/* size :: The size in bytes of the block to allocate. */
142	/* */
143	/* <Output> */
144	/* P :: A pointer to the fresh new block. It should be set to */
145	/* NULL if `size' is 0, or in case of error. */
146	/* */
147	/* <Return> */
148	/* FreeType error code. 0 means success. */
149	/* */
150	FT_BASE( FT_Error )
151	FT_QAlloc( FT_Memory memory,
152	FT_Long size,
153	void* *p );
154		143
		144	#define FT_MEM_QALLOC( ptr, size ) \
		145	FT_ASSIGNP_INNER( ptr, ft_mem_qalloc( memory, (size), &error ) )
155		146
156	/*************************************************************************/	147	#define FT_MEM_QNEW( ptr ) \
157	/* */	148	FT_MEM_QALLOC( ptr, sizeof ( *(ptr) ) )
158	/* <Function> */
159	/* FT_Realloc */
160	/* */
161	/* <Description> */
162	/* Reallocates a block of memory pointed to by `P' to `Size' bytes /
163	/* from the heap, possibly changing `P'. The returned area is /
164	/* zero-filled. */
165	/* */
166	/* <Input> */
167	/* memory :: A handle to a given `memory object' which handles */
168	/* reallocation. */
169	/* */
170	/* current :: The current block size in bytes. */
171	/* */
172	/* size :: The new block size in bytes. */
173	/* */
174	/* <InOut> */
175	/* P :: A pointer to the fresh new block. It should be set to */
176	/* NULL if `size' is 0, or in case of error. */
177	/* */
178	/* <Return> */
179	/* FreeType error code. 0 means success. */
180	/* */
181	/* <Note> */
182	/* All callers of FT_Realloc() _must_ provide the current block size */
183	/* as well as the new one. */
184	/* */
185	FT_BASE( FT_Error )
186	FT_Realloc( FT_Memory memory,
187	FT_Long current,
188	FT_Long size,
189	void* *P );
190		149
		150	#define FT_MEM_QREALLOC( ptr, cursz, newsz ) \
		151	FT_ASSIGNP_INNER( ptr, ft_mem_qrealloc( memory, 1, \
		152	(cursz), (newsz), \
		153	(ptr), &error ) )
191		154
192	/*************************************************************************/	155	#define FT_MEM_QRENEW_ARRAY( ptr, cursz, newsz ) \
193	/* */	156	FT_ASSIGNP_INNER( ptr, ft_mem_qrealloc( memory, sizeof ( *(ptr) ), \
194	/* <Function> */	157	(cursz), (newsz), \
195	/* FT_QRealloc */	158	(ptr), &error ) )
196	/* */
197	/* <Description> */
198	/* Reallocates a block of memory pointed to by `P' to `Size' bytes /
199	/* from the heap, possibly changing `P'. The returned area is not* */
200	/* zero-filled, making reallocation quicker. */
201	/* */
202	/* <Input> */
203	/* memory :: A handle to a given `memory object' which handles */
204	/* reallocation. */
205	/* */
206	/* current :: The current block size in bytes. */
207	/* */
208	/* size :: The new block size in bytes. */
209	/* */
210	/* <InOut> */
211	/* P :: A pointer to the fresh new block. It should be set to */
212	/* NULL if `size' is 0, or in case of error. */
213	/* */
214	/* <Return> */
215	/* FreeType error code. 0 means success. */
216	/* */
217	/* <Note> */
218	/* All callers of FT_Realloc() _must_ provide the current block size */
219	/* as well as the new one. */
220	/* */
221	FT_BASE( FT_Error )
222	FT_QRealloc( FT_Memory memory,
223	FT_Long current,
224	FT_Long size,
225	void* *p );
226		159
		160	#define FT_MEM_ALLOC_MULT( ptr, count, item_size ) \
		161	FT_ASSIGNP_INNER( ptr, ft_mem_realloc( memory, (item_size), \
		162	0, (count), \
		163	NULL, &error ) )
227		164
228	/*************************************************************************/	165	#define FT_MEM_REALLOC_MULT( ptr, oldcnt, newcnt, itmsz ) \
229	/* */	166	FT_ASSIGNP_INNER( ptr, ft_mem_realloc( memory, (itmsz), \
230	/* <Function> */	167	(oldcnt), (newcnt), \
231	/* FT_Free */	168	(ptr), &error ) )
232	/* */	169
233	/* <Description> */	170	#define FT_MEM_QALLOC_MULT( ptr, count, item_size ) \
234	/* Releases a given block of memory allocated through FT_Alloc(). */	171	FT_ASSIGNP_INNER( ptr, ft_mem_qrealloc( memory, (item_size), \
235	/* */	172	0, (count), \
236	/* <Input> */	173	NULL, &error ) )
237	/* memory :: A handle to a given `memory object' which handles */	174
238	/* memory deallocation */	175	#define FT_MEM_QREALLOC_MULT( ptr, oldcnt, newcnt, itmsz) \
239	/* */	176	FT_ASSIGNP_INNER( ptr, ft_mem_qrealloc( memory, (itmsz), \
240	/* P :: This is the _address_ of a _pointer_ which points to the */	177	(oldcnt), (newcnt), \
241	/* allocated block. It is always set to NULL on exit. */	178	(ptr), &error ) )
242	/* */
243	/* <Note> */
244	/* If P or P is NULL, this function should return successfully. /
245	/* This is a strong convention within all of FreeType and its */
246	/* drivers. */
247	/* */
248	FT_BASE( void )
249	FT_Free( FT_Memory memory,
250	void* *P );
251		179
252		180
		181	#define FT_MEM_SET_ERROR( cond ) ( (cond), error != 0 )
		182
253	#define FT_MEM_SET( dest, byte, count ) ft_memset( dest, byte, count )	183	#define FT_MEM_SET( dest, byte, count ) ft_memset( dest, byte, count )
254		184
255	#define FT_MEM_COPY( dest, source, count ) ft_memcpy( dest, source, count )	185	#define FT_MEM_COPY( dest, source, count ) ft_memcpy( dest, source, count )
Lines 280-372 Link Here
280		210
281	#define FT_ARRAY_CHECK( ptr, count ) ( (count) <= FT_ARRAY_MAX( ptr ) )	211	#define FT_ARRAY_CHECK( ptr, count ) ( (count) <= FT_ARRAY_MAX( ptr ) )
282		212
283
284	/*************************************************************************/	213	/*************************************************************************/
285	/* */	214	/* */
286	/* We first define FT_MEM_ALLOC, FT_MEM_REALLOC, and FT_MEM_FREE. All */	215	/* The following functions macros expect that their pointer argument is */
287	/* macros use an _implicit_ `memory' parameter to access the current */	216	/* _typed_ in order to automatically compute array element sizes. */
288	/* memory allocator. */
289	/* */	217	/* */
290		218
291	#ifdef FT_DEBUG_MEMORY	219	#define FT_MEM_NEW_ARRAY( ptr, count ) \
		220	FT_ASSIGNP_INNER( ptr, ft_mem_realloc( memory, sizeof ( *(ptr) ), \
		221	0, (count), \
		222	NULL, &error ) )
292		223
293	#define FT_MEM_ALLOC( _pointer_, _size_ ) \	224	#define FT_MEM_RENEW_ARRAY( ptr, cursz, newsz ) \
294	FT_Alloc_Debug( memory, _size_, \	225	FT_ASSIGNP_INNER( ptr, ft_mem_realloc( memory, sizeof ( *(ptr) ), \
295	(void*)(void)&(_pointer_), \	226	(cursz), (newsz), \
296	__FILE__, __LINE__ )	227	(ptr), &error ) )
297		228
298	#define FT_MEM_REALLOC( _pointer_, _current_, _size_ ) \	229	#define FT_MEM_QNEW_ARRAY( ptr, count ) \
299	FT_Realloc_Debug( memory, _current_, _size_, \	230	FT_ASSIGNP_INNER( ptr, ft_mem_qrealloc( memory, sizeof ( *(ptr) ), \
300	(void*)(void)&(_pointer_), \	231	0, (count), \
301	__FILE__, __LINE__ )	232	NULL, &error ) )
302		233
303	#define FT_MEM_QALLOC( _pointer_, _size_ ) \	234	#define FT_MEM_QRENEW_ARRAY( ptr, cursz, newsz ) \
304	FT_QAlloc_Debug( memory, _size_, \	235	FT_ASSIGNP_INNER( ptr, ft_mem_qrealloc( memory, sizeof ( *(ptr) ), \
305	(void*)(void)&(_pointer_), \	236	(cursz), (newsz), \
306	__FILE__, __LINE__ )	237	(ptr), &error ) )
307		238
308	#define FT_MEM_QREALLOC( _pointer_, _current_, _size_ ) \	239	#define FT_ALLOC( ptr, size ) \
309	FT_QRealloc_Debug( memory, _current_, _size_, \	240	FT_MEM_SET_ERROR( FT_MEM_ALLOC( ptr, size ) )
310	(void*)(void)&(_pointer_), \
311	__FILE__, __LINE__ )
312		241
313	#define FT_MEM_FREE( _pointer_ ) \	242	#define FT_REALLOC( ptr, cursz, newsz ) \
314	FT_Free_Debug( memory, (void*)(void)&(_pointer_), \	243	FT_MEM_SET_ERROR( FT_MEM_REALLOC( ptr, cursz, newsz ) )
315	__FILE__, __LINE__ )
316		244
		245	#define FT_ALLOC_MULT( ptr, count, item_size ) \
		246	FT_MEM_SET_ERROR( FT_MEM_ALLOC_MULT( ptr, count, item_size ) )
317		247
318	#else /* !FT_DEBUG_MEMORY */	248	#define FT_REALLOC_MULT( ptr, oldcnt, newcnt, itmsz ) \
		249	FT_MEM_SET_ERROR( FT_MEM_REALLOC_MULT( ptr, oldcnt, \
		250	newcnt, itmsz ) )
319		251
		252	#define FT_QALLOC( ptr, size ) \
		253	FT_MEM_SET_ERROR( FT_MEM_QALLOC( ptr, size ) )
320		254
321	#define FT_MEM_ALLOC( _pointer_, _size_ ) \	255	#define FT_QREALLOC( ptr, cursz, newsz ) \
322	FT_Alloc( memory, _size_, \	256	FT_MEM_SET_ERROR( FT_MEM_QREALLOC( ptr, cursz, newsz ) )
323	(void*)(void)&(_pointer_) )
324		257
325	#define FT_MEM_FREE( _pointer_ ) \	258	#define FT_QALLOC_MULT( ptr, count, item_size ) \
326	FT_Free( memory, \	259	FT_MEM_SET_ERROR( FT_MEM_QALLOC_MULT( ptr, count, item_size ) )
327	(void*)(void)&(_pointer_) )
328		260
329	#define FT_MEM_REALLOC( _pointer_, _current_, _size_ ) \	261	#define FT_QREALLOC_MULT( ptr, oldcnt, newcnt, itmsz ) \
330	FT_Realloc( memory, _current_, _size_, \	262	FT_MEM_SET_ERROR( FT_MEM_QREALLOC_MULT( ptr, oldcnt, \
331	(void*)(void)&(_pointer_) )	263	newcnt, itmsz ) )
332		264
333	#define FT_MEM_QALLOC( _pointer_, _size_ ) \	265	#define FT_FREE( ptr ) FT_MEM_FREE( ptr )
334	FT_QAlloc( memory, _size_, \
335	(void*)(void)&(_pointer_) )
336		266
337	#define FT_MEM_QREALLOC( _pointer_, _current_, _size_ ) \	267	#define FT_NEW( ptr ) FT_MEM_SET_ERROR( FT_MEM_NEW( ptr ) )
338	FT_QRealloc( memory, _current_, _size_, \
339	(void*)(void)&(_pointer_) )
340		268
341	#endif /* !FT_DEBUG_MEMORY */	269	#define FT_NEW_ARRAY( ptr, count ) \
		270	FT_MEM_SET_ERROR( FT_MEM_NEW_ARRAY( ptr, count ) )
342		271
		272	#define FT_RENEW_ARRAY( ptr, curcnt, newcnt ) \
		273	FT_MEM_SET_ERROR( FT_MEM_RENEW_ARRAY( ptr, curcnt, newcnt ) )
343		274
344	/*************************************************************************/	275	#define FT_QNEW( ptr ) \
345	/* */	276	FT_MEM_SET_ERROR( FT_MEM_QNEW( ptr ) )
346	/* The following functions macros expect that their pointer argument is */
347	/* _typed_ in order to automatically compute array element sizes. */
348	/* */
349
350	#define FT_MEM_NEW( _pointer_ ) \
351	FT_MEM_ALLOC( _pointer_, sizeof ( *(_pointer_) ) )
352
353	#define FT_MEM_NEW_ARRAY( _pointer_, _count_ ) \
354	FT_MEM_ALLOC( _pointer_, (_count_) * sizeof ( *(_pointer_) ) )
355
356	#define FT_MEM_RENEW_ARRAY( _pointer_, _old_, _new_ ) \
357	FT_MEM_REALLOC( _pointer_, (_old_) * sizeof ( *(_pointer_) ), \
358	(_new_) * sizeof ( *(_pointer_) ) )
359		277
360	#define FT_MEM_QNEW( _pointer_ ) \	278	#define FT_QNEW_ARRAY( ptr, count ) \
361	FT_MEM_QALLOC( _pointer_, sizeof ( *(_pointer_) ) )	279	FT_MEM_SET_ERROR( FT_MEM_NEW_ARRAY( ptr, count ) )
362
363	#define FT_MEM_QNEW_ARRAY( _pointer_, _count_ ) \
364	FT_MEM_QALLOC( _pointer_, (_count_) * sizeof ( *(_pointer_) ) )
365
366	#define FT_MEM_QRENEW_ARRAY( _pointer_, _old_, _new_ ) \
367	FT_MEM_QREALLOC( _pointer_, (_old_) * sizeof ( *(_pointer_) ), \
368	(_new_) * sizeof ( *(_pointer_) ) )
369		280
		281	#define FT_QRENEW_ARRAY( ptr, curcnt, newcnt ) \
		282	FT_MEM_SET_ERROR( FT_MEM_RENEW_ARRAY( ptr, curcnt, newcnt ) )
370		283
371	/*************************************************************************/	284	/*************************************************************************/
372	/* */	285	/* */
Lines 388-431 Link Here
388	/* if an error occured (i.e. if 'error != 0'). */	301	/* if an error occured (i.e. if 'error != 0'). */
389	/* */	302	/* */
390		303
391	#define FT_ALLOC( _pointer_, _size_ ) \
392	FT_SET_ERROR( FT_MEM_ALLOC( _pointer_, _size_ ) )
393
394	#define FT_REALLOC( _pointer_, _current_, _size_ ) \
395	FT_SET_ERROR( FT_MEM_REALLOC( _pointer_, _current_, _size_ ) )
396
397	#define FT_QALLOC( _pointer_, _size_ ) \
398	FT_SET_ERROR( FT_MEM_QALLOC( _pointer_, _size_ ) )
399
400	#define FT_QREALLOC( _pointer_, _current_, _size_ ) \
401	FT_SET_ERROR( FT_MEM_QREALLOC( _pointer_, _current_, _size_ ) )
402
403
404	#define FT_FREE( _pointer_ ) \
405	FT_MEM_FREE( _pointer_ )
406
407
408	#define FT_NEW( _pointer_ ) \
409	FT_ALLOC( _pointer_, sizeof ( *(_pointer_) ) )
410
411	#define FT_NEW_ARRAY( _pointer_, _count_ ) \
412	FT_ALLOC( _pointer_, sizeof ( (_pointer_) ) (_count_) )
413
414	#define FT_RENEW_ARRAY( _pointer_, _old_, _new_ ) \
415	FT_REALLOC( _pointer_, sizeof ( (_pointer_) ) (_old_), \
416	sizeof ( (_pointer_) ) (_new_) )
417
418	#define FT_QNEW( _pointer_ ) \
419	FT_QALLOC( _pointer_, sizeof ( *(_pointer_) ) )
420
421	#define FT_QNEW_ARRAY( _pointer_, _count_ ) \
422	FT_QALLOC( _pointer_, sizeof ( (_pointer_) ) (_count_) )
423
424	#define FT_QRENEW_ARRAY( _pointer_, _old_, _new_ ) \
425	FT_QREALLOC( _pointer_, sizeof ( (_pointer_) ) (_old_), \
426	sizeof ( (_pointer_) ) (_new_) )
427
428
429	#define FT_ALLOC_ARRAY( _pointer_, _count_, _type_ ) \	304	#define FT_ALLOC_ARRAY( _pointer_, _count_, _type_ ) \
430	FT_ALLOC( _pointer_, (_count_) * sizeof ( _type_ ) )	305	FT_ALLOC( _pointer_, (_count_) * sizeof ( _type_ ) )
431		306

Lines 514-531 Link Here

(-)freetype-2.1.10/include/freetype/internal/ftstream.h (-9 / +12 lines)
514	FT_SET_ERROR( FT_Stream_ReadFields( stream, fields, object ) )	514	FT_SET_ERROR( FT_Stream_ReadFields( stream, fields, object ) )
515		515
516		516
517	#define FT_FRAME_ENTER( size ) \	517	#define FT_FRAME_ENTER( size ) \
518	FT_SET_ERROR( FT_Stream_EnterFrame( stream, size ) )	518	FT_SET_ERROR( \
		519	FT_DEBUG_INNER( FT_Stream_EnterFrame( stream, size ) ) )
519		520
520	#define FT_FRAME_EXIT() \	521	#define FT_FRAME_EXIT() \
521	FT_Stream_ExitFrame( stream )	522	FT_DEBUG_INNER( FT_Stream_ExitFrame( stream ) )
522		523
523	#define FT_FRAME_EXTRACT( size, bytes ) \	524	#define FT_FRAME_EXTRACT( size, bytes ) \
524	FT_SET_ERROR( FT_Stream_ExtractFrame( stream, size, \	525	FT_SET_ERROR( \
525	(FT_Byte**)&(bytes) ) )	526	FT_DEBUG_INNER( FT_Stream_ExtractFrame( stream, size, \
526		527	(FT_Byte**)&(bytes) ) ) )
527	#define FT_FRAME_RELEASE( bytes ) \	528
528	FT_Stream_ReleaseFrame( stream, (FT_Byte**)&(bytes) )	529	#define FT_FRAME_RELEASE( bytes ) \
		530	FT_DEBUG_INNER( FT_Stream_ReleaseFrame( stream, \
		531	(FT_Byte**)&(bytes) ) )
529		532
530		533
531	FT_END_HEADER	534	FT_END_HEADER

Lines 430-435 Link Here

(-)freetype-2.1.10/src/base/ftmac.c (+10 lines)
430	short res_id;	430	short res_id;
431	unsigned char buffer, p, *size_p = NULL;	431	unsigned char buffer, p, *size_p = NULL;
432	FT_ULong total_size = 0;	432	FT_ULong total_size = 0;
		433	FT_ULong old_total_size = 0;
433	FT_ULong post_size, pfb_chunk_size;	434	FT_ULong post_size, pfb_chunk_size;
434	Handle post_data;	435	Handle post_data;
435	char code, last_code;	436	char code, last_code;
Lines 460-465 Link Here
460		461
461	total_size += GetHandleSize( post_data ) - 2;	462	total_size += GetHandleSize( post_data ) - 2;
462	last_code = code;	463	last_code = code;
		464
		465	/* detect integer overflows */
		466	if ( total_size < old_total_size )
		467	{
		468	error = FT_Err_Array_Too_Large;
		469	goto Error;
		470	}
		471
		472	old_total_size = total_size;
463	}	473	}
464		474
465	if ( FT_ALLOC( buffer, (FT_Long)total_size ) )	475	if ( FT_ALLOC( buffer, (FT_Long)total_size ) )

Lines 179-185 Link Here

(-)freetype-2.1.10/src/base/ftrfork.c (-6 / +11 lines)
179	if ( error )	179	if ( error )
180	return error;	180	return error;
181		181
182	if ( FT_ALLOC( offsets_internal, count sizeof( FT_Long ) ) )	182	if ( FT_NEW_ARRAY( offsets_internal, *count ) )
183	return error;	183	return error;
184		184
185	for ( j = 0; j < *count; ++j )	185	for ( j = 0; j < *count; ++j )
Lines 426-445 Link Here
426	FT_Error error;	426	FT_Error error;
427	char* newpath;	427	char* newpath;
428	FT_Memory memory;	428	FT_Memory memory;
		429	FT_Long base_file_len = ft_strlen( base_file_name );
429		430
430	FT_UNUSED( stream );	431	FT_UNUSED( stream );
431		432
432		433
433	memory = library->memory;	434	memory = library->memory;
434		435
435	if ( FT_ALLOC( newpath,	436	if ( base_file_len > FT_INT_MAX )
436	ft_strlen( base_file_name ) + ft_strlen( "/rsrc" ) + 1 ) )	437	return FT_Err_Array_Too_Large;
		438
		439	if ( FT_ALLOC( newpath, base_file_len + 6 ) )
437	return error;	440	return error;
438		441
439	ft_strcpy( newpath, base_file_name );	442	FT_MEM_COPY( newpath, base_file_name, base_file_len );
440	ft_strcat( newpath, "/rsrc" );	443	FT_MEM_COPY( newpath + base_file_len, "/rsrc", 6 );
		444
441	*result_file_name = newpath;	445	*result_file_name = newpath;
442	*result_offset = 0;	446	*result_offset = 0;
		447
443	return FT_Err_Ok;	448	return FT_Err_Ok;
444	}	449	}
445		450

Lines 45-211 Link Here

(-)freetype-2.1.10/src/base/ftutil.c (-127 / +152 lines)
45	/*************************************************************************/	45	/*************************************************************************/
46	/*************************************************************************/	46	/*************************************************************************/
47		47
48	/* documentation is in ftmemory.h */
49		48
50	FT_BASE_DEF( FT_Error )	49	FT_BASE_DEF( FT_Pointer )
51	FT_Alloc( FT_Memory memory,	50	ft_mem_alloc( FT_Memory memory,
52	FT_Long size,	51	FT_Long size,
53	void* *P )	52	FT_Error *p_error )
54	{	53	{
55	FT_ASSERT( P != 0 );	54	FT_Error error;
		55	FT_Pointer block = ft_mem_qalloc( memory, size, &error );
56		56
57	if ( size > 0 )	57	if ( !error && size > 0 )
58	{	58	FT_MEM_ZERO( block, size );
59	*P = memory->alloc( memory, size );
60	if ( !*P )
61	{
62	FT_ERROR(( "FT_Alloc:" ));
63	FT_ERROR(( " Out of memory? (%ld requested)\n",
64	size ));
65
66	return FT_Err_Out_Of_Memory;
67	}
68	FT_MEM_ZERO( *P, size );
69	}
70	else
71	*P = NULL;
72
73	FT_TRACE7(( "FT_Alloc:" ));
74	FT_TRACE7(( " size = %ld, block = 0x%08p, ref = 0x%08p\n",
75	size, *P, P ));
76		59
77	return FT_Err_Ok;	60	*p_error = error;
		61	return block;
78	}	62	}
79		63
80		64
81	/* documentation is in ftmemory.h */	65	FT_BASE_DEF( FT_Pointer )
82		66	ft_mem_qalloc( FT_Memory memory,
83	FT_BASE_DEF( FT_Error )	67	FT_Long size,
84	FT_QAlloc( FT_Memory memory,	68	FT_Error *p_error )
85	FT_Long size,
86	void* *P )
87	{	69	{
88	FT_ASSERT( P != 0 );	70	FT_Error error = FT_Err_Ok;
		71	FT_Pointer block = NULL;
		72
89		73
90	if ( size > 0 )	74	if ( size > 0 )
91	{	75	{
92	*P = memory->alloc( memory, size );	76	block = memory->alloc( memory, size );
93	if ( !*P )	77	if ( block == NULL )
94	{	78	error = FT_Err_Out_Of_Memory;
95	FT_ERROR(( "FT_QAlloc:" ));	79	}
96	FT_ERROR(( " Out of memory? (%ld requested)\n",	80	else if ( size < 0 )
97	size ));	81	{
98		82	/* may help catch/prevent security issues */
99	return FT_Err_Out_Of_Memory;	83	error = FT_Err_Invalid_Argument;
100	}
101	}	84	}
102	else
103	*P = NULL;
104
105	FT_TRACE7(( "FT_QAlloc:" ));
106	FT_TRACE7(( " size = %ld, block = 0x%08p, ref = 0x%08p\n",
107	size, *P, P ));
108		85
109	return FT_Err_Ok;	86	*p_error = error;
		87	return block;
110	}	88	}
111		89
112		90
113	/* documentation is in ftmemory.h */	91	FT_BASE_DEF( FT_Pointer )
114		92	ft_mem_realloc( FT_Memory memory,
115	FT_BASE_DEF( FT_Error )	93	FT_Long item_size,
116	FT_Realloc( FT_Memory memory,	94	FT_Long cur_count,
117	FT_Long current,	95	FT_Long new_count,
118	FT_Long size,	96	void* block,
119	void** P )	97	FT_Error *p_error )
120	{	98	{
121	void* Q;	99	FT_Error error = FT_Err_Ok;
122
123
124	FT_ASSERT( P != 0 );
125		100
126	/* if the original pointer is NULL, call FT_Alloc() */	101	block = ft_mem_qrealloc( memory, item_size,
127	if ( !*P )	102	cur_count, new_count, block, &error );
128	return FT_Alloc( memory, size, P );	103	if ( !error && new_count > cur_count )
		104	FT_MEM_ZERO( (char)block + cur_count item_size,
		105	( new_count - cur_count ) * item_size );
129		106
130	/* if the new block if zero-sized, clear the current one */	107	*p_error = error;
131	if ( size <= 0 )	108	return block;
132	{
133	FT_Free( memory, P );
134	return FT_Err_Ok;
135	}
136
137	Q = memory->realloc( memory, current, size, *P );
138	if ( !Q )
139	goto Fail;
140
141	if ( size > current )
142	FT_MEM_ZERO( (char*)Q + current, size - current );
143
144	*P = Q;
145	return FT_Err_Ok;
146
147	Fail:
148	FT_ERROR(( "FT_Realloc:" ));
149	FT_ERROR(( " Failed (current %ld, requested %ld)\n",
150	current, size ));
151	return FT_Err_Out_Of_Memory;
152	}	109	}
153		110
154		111
155	/* documentation is in ftmemory.h */	112	FT_BASE_DEF( FT_Pointer )
156		113	ft_mem_qrealloc( FT_Memory memory,
157	FT_BASE_DEF( FT_Error )	114	FT_Long item_size,
158	FT_QRealloc( FT_Memory memory,	115	FT_Long cur_count,
159	FT_Long current,	116	FT_Long new_count,
160	FT_Long size,	117	void* block,
161	void** P )	118	FT_Error *p_error )
162	{	119	{
163	void* Q;	120	FT_Error error = FT_Err_Ok;
164
165
166	FT_ASSERT( P != 0 );
167		121
168	/* if the original pointer is NULL, call FT_QAlloc() */
169	if ( !*P )
170	return FT_QAlloc( memory, size, P );
171		122
172	/* if the new block if zero-sized, clear the current one */	123	if ( cur_count < 0 \|\| new_count < 0 \|\| item_size <= 0 )
173	if ( size <= 0 )
174	{	124	{
175	FT_Free( memory, P );	125	/* may help catch/prevent nasty security issues */
176	return FT_Err_Ok;	126	error = FT_Err_Invalid_Argument;
177	}	127	}
		128	else if ( new_count == 0 )
		129	{
		130	ft_mem_free( memory, block );
		131	block = NULL;
		132	}
		133	else if ( new_count > FT_INT_MAX/item_size )
		134	{
		135	error = FT_Err_Array_Too_Large;
		136	}
		137	else if ( cur_count == 0 )
		138	{
		139	FT_ASSERT( block == NULL );
178		140
179	Q = memory->realloc( memory, current, size, *P );	141	block = ft_mem_alloc( memory, new_count*item_size, &error );
180	if ( !Q )	142	}
181	goto Fail;	143	else
		144	{
		145	FT_Pointer block2;
		146	FT_Long cur_size = cur_count*item_size;
		147	FT_Long new_size = new_count*item_size;
182		148
183	*P = Q;
184	return FT_Err_Ok;
185		149
186	Fail:	150	block2 = memory->realloc( memory, cur_size, new_size, block );
187	FT_ERROR(( "FT_QRealloc:" ));	151	if ( block2 == NULL )
188	FT_ERROR(( " Failed (current %ld, requested %ld)\n",	152	error = FT_Err_Out_Of_Memory;
189	current, size ));	153	else
190	return FT_Err_Out_Of_Memory;	154	block = block2;
191	}	155	}
192		156
		157	*p_error = error;
		158	return block;
		159	}
193		160
194	/* documentation is in ftmemory.h */
195		161
196	FT_BASE_DEF( void )	162	FT_BASE_DEF( void )
197	FT_Free( FT_Memory memory,	163	ft_mem_free( FT_Memory memory,
198	void** P )	164	const void *P )
199	{	165	{
200	FT_TRACE7(( "FT_Free:" ));	166	if ( P )
201	FT_TRACE7(( " Freeing block 0x%08p, ref 0x%08p\n",	167	memory->free( memory, (void*)P );
202	P, P ? P : (void)0 ));
203
204	if ( P && *P )
205	{
206	memory->free( memory, *P );
207	*P = 0;
208	}
209	}	168	}
210		169
211		170
Lines 399-405 Link Here
399	}	358	}
400		359
401		360
402	FT_BASE( FT_UInt32 )	361	FT_BASE_DEF( FT_UInt32 )
403	ft_highpow2( FT_UInt32 value )	362	ft_highpow2( FT_UInt32 value )
404	{	363	{
405	FT_UInt32 value2;	364	FT_UInt32 value2;
Lines 421-424 Link Here
421	}	380	}
422		381
423		382
		383	#ifdef FT_CONFIG_OPTION_OLD_INTERNALS
		384
		385	FT_BASE_DEF( FT_Error )
		386	FT_Alloc( FT_Memory memory,
		387	FT_Long size,
		388	void* *P )
		389	{
		390	FT_Error error;
		391
		392
		393	(void)FT_ALLOC( *P, size );
		394	return error;
		395	}
		396
		397
		398	FT_BASE_DEF( FT_Error )
		399	FT_QAlloc( FT_Memory memory,
		400	FT_Long size,
		401	void* *p )
		402	{
		403	FT_Error error;
		404
		405
		406	(void)FT_QALLOC( *p, size );
		407	return error;
		408	}
		409
		410
		411	FT_BASE_DEF( FT_Error )
		412	FT_Realloc( FT_Memory memory,
		413	FT_Long current,
		414	FT_Long size,
		415	void* *P )
		416	{
		417	FT_Error error;
		418
		419
		420	(void)FT_REALLOC( *P, current, size );
		421	return error;
		422	}
		423
		424
		425	FT_BASE_DEF( FT_Error )
		426	FT_QRealloc( FT_Memory memory,
		427	FT_Long current,
		428	FT_Long size,
		429	void* *p )
		430	{
		431	FT_Error error;
		432
		433
		434	(void)FT_QREALLOC( *p, current, size );
		435	return error;
		436	}
		437
		438
		439	FT_BASE_DEF( void )
		440	FT_Free( FT_Memory memory,
		441	void* *P )
		442	{
		443	if ( *P )
		444	FT_MEM_FREE( *P );
		445	}
		446
447	#endif /* FT_CONFIG_OPTION_OLD_INTERNALS */
448
424	/* END */	449	/* END */

Lines 100-109 Link Here

(-)freetype-2.1.10/src/cache/ftccache.c (-6 / +9 lines)
100	if ( p >= mask )	100	if ( p >= mask )
101	{	101	{
102	FT_Memory memory = cache->memory;	102	FT_Memory memory = cache->memory;
103		103	FT_Error error;
104		104
105	/* if we can't expand the array, leave immediately */	105	/* if we can't expand the array, leave immediately */
106	if ( FT_MEM_RENEW_ARRAY( cache->buckets, (mask+1)2, (mask+1)4 ) )	106	if ( FT_RENEW_ARRAY( cache->buckets, (mask+1)2, (mask+1)4 ) )
107	break;	107	break;
108	}	108	}
109		109
Lines 152-161 Link Here
152	if ( p == 0 )	152	if ( p == 0 )
153	{	153	{
154	FT_Memory memory = cache->memory;	154	FT_Memory memory = cache->memory;
155		155	FT_Error error;
156		156
157	/* if we can't shrink the array, leave immediately */	157	/* if we can't shrink the array, leave immediately */
158	if ( FT_MEM_RENEW_ARRAY( cache->buckets,	158	if ( FT_RENEW_ARRAY( cache->buckets,
159	( mask + 1 ) * 2, mask + 1 ) )	159	( mask + 1 ) * 2, mask + 1 ) )
160	break;	160	break;
161		161
Lines 246-252 Link Here
246		246
247		247
248	/* remove a node from the cache manager */	248	/* remove a node from the cache manager */
249	FT_EXPORT_DEF( void )	249	/* this function is FT_BASE since it may be called by old rogue clients */
		250	FT_BASE_DEF( void )
250	ftc_node_destroy( FTC_Node node,	251	ftc_node_destroy( FTC_Node node,
251	FTC_Manager manager )	252	FTC_Manager manager )
252	{	253	{
Lines 312-324 Link Here
312	ftc_cache_init( FTC_Cache cache )	313	ftc_cache_init( FTC_Cache cache )
313	{	314	{
314	FT_Memory memory = cache->memory;	315	FT_Memory memory = cache->memory;
		316	FT_Error error;
315		317
316		318
317	cache->p = 0;	319	cache->p = 0;
318	cache->mask = FTC_HASH_INITIAL_SIZE - 1;	320	cache->mask = FTC_HASH_INITIAL_SIZE - 1;
319	cache->slack = FTC_HASH_INITIAL_SIZE * FTC_HASH_MAX_LOAD;	321	cache->slack = FTC_HASH_INITIAL_SIZE * FTC_HASH_MAX_LOAD;
320		322
321	return ( FT_MEM_NEW_ARRAY( cache->buckets, FTC_HASH_INITIAL_SIZE * 2 ) );	323	(void)FT_NEW_ARRAY( cache->buckets, FTC_HASH_INITIAL_SIZE * 2 );
		324	return error;
322	}	325	}
323		326
324		327

Lines 99-110 Link Here

(-)freetype-2.1.10/src/gzip/ftgzip.c (-3 / +3 lines)
99	uInt size )	99	uInt size )
100	{	100	{
101	FT_ULong sz = (FT_ULong)size * items;	101	FT_ULong sz = (FT_ULong)size * items;
		102	FT_Error error;
102	FT_Pointer p;	103	FT_Pointer p;
103		104
104		105
105	FT_MEM_ALLOC( p, sz );	106	(void)FT_ALLOC( p, sz );
106		107	return p;
107	return (voidpf) p;
108	}	108	}
109		109
110		110

Lines 47-57 Link Here

(-)freetype-2.1.10/src/sfnt/sfobjs.c (-6 / +9 lines)
47	FT_String* string;	47	FT_String* string;
48	FT_UInt len, code, n;	48	FT_UInt len, code, n;
49	FT_Byte* read = (FT_Byte*)entry->string;	49	FT_Byte* read = (FT_Byte*)entry->string;
50		50	FT_Error error;
		51
51		52
52	len = (FT_UInt)entry->stringLength / 2;	53	len = (FT_UInt)entry->stringLength / 2;
53		54
54	if ( FT_MEM_NEW_ARRAY( string, len + 1 ) )	55	if ( FT_NEW_ARRAY( string, len + 1 ) )
55	return NULL;	56	return NULL;
56		57
57	for ( n = 0; n < len; n++ )	58	for ( n = 0; n < len; n++ )
Lines 77-87 Link Here
77	FT_String* string;	78	FT_String* string;
78	FT_UInt len, code, n;	79	FT_UInt len, code, n;
79	FT_Byte* read = (FT_Byte*)entry->string;	80	FT_Byte* read = (FT_Byte*)entry->string;
80		81	FT_Error error;
		82
81		83
82	len = (FT_UInt)entry->stringLength / 4;	84	len = (FT_UInt)entry->stringLength / 4;
83		85
84	if ( FT_MEM_NEW_ARRAY( string, len + 1 ) )	86	if ( FT_NEW_ARRAY( string, len + 1 ) )
85	return NULL;	87	return NULL;
86		88
87	for ( n = 0; n < len; n++ )	89	for ( n = 0; n < len; n++ )
Lines 107-117 Link Here
107	FT_String* string;	109	FT_String* string;
108	FT_UInt len, code, n;	110	FT_UInt len, code, n;
109	FT_Byte* read = (FT_Byte*)entry->string;	111	FT_Byte* read = (FT_Byte*)entry->string;
110		112	FT_Error error;
		113
111		114
112	len = (FT_UInt)entry->stringLength;	115	len = (FT_UInt)entry->stringLength;
113		116
114	if ( FT_MEM_NEW_ARRAY( string, len + 1 ) )	117	if ( FT_NEW_ARRAY( string, len + 1 ) )
115	return NULL;	118	return NULL;
116		119
117	for ( n = 0; n < len; n++ )	120	for ( n = 0; n < len; n++ )

Lines 684-698 Link Here

(-)freetype-2.1.10/src/truetype/ttgxvar.c (-1 / +3 lines)
684	goto Exit;	684	goto Exit;
685	}	685	}
686		686
687	if ( FT_ALLOC( face->blend, sizeof ( GX_BlendRec ) ) )	687	if ( FT_NEW( face->blend ) )
688	goto Exit;	688	goto Exit;
689		689
		690	/* XXX: TODO - check for overflows */
690	face->blend->mmvar_len =	691	face->blend->mmvar_len =
691	sizeof ( FT_MM_Var ) +	692	sizeof ( FT_MM_Var ) +
692	fvar_head.axisCount * sizeof ( FT_Var_Axis ) +	693	fvar_head.axisCount * sizeof ( FT_Var_Axis ) +
693	fvar_head.instanceCount * sizeof ( FT_Var_Named_Style ) +	694	fvar_head.instanceCount * sizeof ( FT_Var_Named_Style ) +
694	fvar_head.instanceCount * fvar_head.axisCount * sizeof ( FT_Fixed ) +	695	fvar_head.instanceCount * fvar_head.axisCount * sizeof ( FT_Fixed ) +
695	5 * fvar_head.axisCount;	696	5 * fvar_head.axisCount;
		697
696	if ( FT_ALLOC( mmvar, face->blend->mmvar_len ) )	698	if ( FT_ALLOC( mmvar, face->blend->mmvar_len ) )
697	goto Exit;	699	goto Exit;
698	face->blend->mmvar = mmvar;	700	face->blend->mmvar = mmvar;