Module: wine Branch: master Commit: e98cdc3215ccc826242573675ff37486c6707660 URL: http://source.winehq.org/git/wine.git/?a=commit;h=e98cdc3215ccc826242573675f...

Author: Piotr Caban piotr@codeweavers.com Date: Thu Apr 27 16:27:33 2017 +0200

dwrite: Don't crash on uninitialized cached and factory fields in dwritefontface_Release.

The function may be called with the fields uninitialized from create_fontface when init_font_data fails.

Signed-off-by: Piotr Caban piotr@codeweavers.com Signed-off-by: Nikolay Sivov nsivov@codeweavers.com Signed-off-by: Alexandre Julliard julliard@winehq.org

---

dlls/dwrite/font.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/dlls/dwrite/font.c b/dlls/dwrite/font.c index ca2d69a..328e5e4 100644 --- a/dlls/dwrite/font.c +++ b/dlls/dwrite/font.c @@ -501,8 +501,10 @@ static ULONG WINAPI dwritefontface_Release(IDWriteFontFace4 *iface) heap_free(This->glyphs[i]);

freetype_notify_cacheremove(iface); - factory_release_cached_fontface(This->cached); - IDWriteFactory4_Release(This->factory); + if (This->cached) + factory_release_cached_fontface(This->cached); + if (This->factory) + IDWriteFactory4_Release(This->factory); heap_free(This); }

@@ -4283,7 +4285,7 @@ HRESULT create_fontface(const struct fontface_desc *desc, struct list *cached_li

*ret = NULL;

- fontface = heap_alloc(sizeof(struct dwrite_fontface)); + fontface = heap_alloc_zero(sizeof(struct dwrite_fontface)); if (!fontface) return E_OUTOFMEMORY;

@@ -4301,11 +4303,6 @@ HRESULT create_fontface(const struct fontface_desc *desc, struct list *cached_li fontface->ref = 1; fontface->type = desc->face_type; fontface->file_count = desc->files_number; - memset(&fontface->cmap, 0, sizeof(fontface->cmap)); - memset(&fontface->vdmx, 0, sizeof(fontface->vdmx)); - memset(&fontface->gasp, 0, sizeof(fontface->gasp)); - memset(&fontface->cpal, 0, sizeof(fontface->cpal)); - memset(&fontface->colr, 0, sizeof(fontface->colr)); fontface->cmap.exists = TRUE; fontface->vdmx.exists = TRUE; fontface->gasp.exists = TRUE; @@ -4313,7 +4310,6 @@ HRESULT create_fontface(const struct fontface_desc *desc, struct list *cached_li fontface->colr.exists = TRUE; fontface->index = desc->index; fontface->simulations = desc->simulations; - memset(fontface->glyphs, 0, sizeof(fontface->glyphs));

for (i = 0; i < fontface->file_count; i++) { hr = get_stream_from_file(desc->files[i], &fontface->streams[i]); @@ -4338,7 +4334,6 @@ HRESULT create_fontface(const struct fontface_desc *desc, struct list *cached_li } }

- fontface->flags = 0; fontface->charmap = freetype_get_charmap_index(&fontface->IDWriteFontFace4_iface, &is_symbol); if (is_symbol) fontface->flags |= FONTFACE_IS_SYMBOL;