[bdf] Fix up user properties.

Fallout reported as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40027 * src/bdf/bdflib.c (_bdf_add_property): Cosmetic NULL. (bdf_create_property): Limit allocations to customary signed FT_Long and NULL-initialize unused storage. (bdf_free_font): Do not free unused storage.
2021-10-16 23:02:47 -04:00 · 2021-10-16 23:02:47 -04:00 · 30ca63d4fb
commit 30ca63d4fb
parent afd1cb2881
1 changed files with 5 additions and 8 deletions
--- a/src/bdf/bdflib.c
+++ b/src/bdf/bdflib.c
@ -852,7 +852,7 @@
    p = font->user_props + font->nuser_props;

    n = ft_strlen( name ) + 1;
-    if ( n > FT_ULONG_MAX )
+    if ( n > FT_LONG_MAX )
      return FT_THROW( Invalid_Argument );

    if ( FT_QALLOC( p->name, n ) )
@ -860,8 +860,9 @@

    FT_MEM_COPY( (char *)p->name, name, n );

-    p->format  = format;
-    p->builtin = 0;
+    p->format     = format;
+    p->builtin    = 0;
+    p->value.atom = NULL;  /* nothing is ever stored here */

    n = _num_bdf_properties + font->nuser_props;

@ -1181,7 +1182,7 @@
    switch ( prop->format )
    {
    case BDF_ATOM:
-      fp->value.atom = 0;
+      fp->value.atom = NULL;
      if ( value && value[0] )
      {
        if ( FT_STRDUP( fp->value.atom, value ) )
@ -2351,11 +2352,7 @@
    /* Free up the user defined properties. */
    for ( prop = font->user_props, i = 0;
          i < font->nuser_props; i++, prop++ )
-    {
      FT_FREE( prop->name );
-      if ( prop->format == BDF_ATOM )
-        FT_FREE( prop->value.atom );
-    }

    FT_FREE( font->user_props );