https://bugs.winehq.org/show_bug.cgi?id=44287
Bug ID: 44287 Summary: Possible access to unintended variable in "wine/dlls/gdi32/freetype.c" line 2349 Product: Wine Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: gdi32 Assignee: wine-bugs@winehq.org Reporter: petrum@gmail.com Distribution: ---
While experimenting with a CodeSonar plugin we develop, we noticed a potential bug in file "wine/dlls/gdi32/freetype.c" line 2349 function map_font_family
Family *family = find_family_from_any_name(repl); if (family != NULL) { Family *new_family = HeapAlloc(GetProcessHeap(), 0, sizeof(*new_family)); if (new_family != NULL) { TRACE("mapping %s to %s\n", debugstr_w(repl), debugstr_w(orig)); new_family->FamilyName = strdupW(orig); new_family->EnglishName = NULL; list_init(&new_family->faces); new_family->replacement = &family->faces; //HERE list_add_tail(&font_list, &new_family->entry); return TRUE; } }
Shouldn't new_family be used (instead of family) at the mentioned position?
Thanks, Petru Florin Mihancea
https://bugs.winehq.org/show_bug.cgi?id=44287
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|UNCONFIRMED |RESOLVED
--- Comment #1 from Alexandre Julliard julliard@winehq.org ---
Shouldn't new_family be used (instead of family) at the mentioned position?
No, replacement should point to the original font.
https://bugs.winehq.org/show_bug.cgi?id=44287
André H. nerv@dawncrow.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED CC| |nerv@dawncrow.de
--- Comment #2 from André H. nerv@dawncrow.de --- closing invalid