bin/83426: [ PATCH ] improper handling of malloc failures within
libvgl
Dan Lukes
dan at obluda.cz
Thu Jul 14 01:20:12 GMT 2005
>Number: 83426
>Category: bin
>Synopsis: [ PATCH ] improper handling of malloc failures within libvgl
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jul 14 01:20:11 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Dan Lukes
>Release: FreeBSD 5.4-STABLE i386
>Organization:
Obludarium
>Environment:
System: FreeBSD 5.4-STABLE #8: Sat Jul 9 16:31:08 CEST 2005 i386
lib/libvgl/text.c,v 1.8 2002/06/02 20:05:39 schweikh
>Description:
1. The failure of malloc() within VGLTextSetFontFile isn't handled properly.
2. When counting pos from 0 to strlen() then pos should be size_t - it's
more portable.
>How-To-Repeat:
>Fix:
--- patch begins here ---
--- lib/libvgl/Makefile.ORIG Sun Sep 29 03:09:39 2002
+++ lib/libvgl/Makefile Thu Jul 14 03:07:08 2005
@@ -38,4 +38,6 @@
vgl.3 VGLSetXY.3 \
vgl.3 VGLTextSetFontFile.3
+WARNS+= 2
+
.include <bsd.lib.mk>
--- lib/libvgl/text.c.ORIG Mon Jul 1 22:54:29 2002
+++ lib/libvgl/text.c Thu Jul 14 03:06:52 2005
@@ -63,6 +63,12 @@
fread(&VGLTextFont->Height, 1 , 1, fd);
VGLTextFont->BitmapArray =
(byte*)malloc(256*((VGLTextFont->Width + 7)/8)*VGLTextFont->Height);
+ if (VGLTextFont->BitmapArray == NULL) {
+ free(VGLTextFont);
+ VGLTextFont = NULL;
+ fclose(fd);
+ return(1);
+ }
fread(VGLTextFont->BitmapArray, 1,
(256*VGLTextFont->Width* VGLTextFont->Height), fd);
fclose(fd);
@@ -122,7 +128,7 @@
VGLBitmapString(VGLBitmap *Object, int x, int y, char *str,
byte fgcol, byte bgcol, int fill, int dir)
{
- int pos;
+ size_t pos;
for (pos=0; pos<strlen(str); pos++) {
switch (dir) {
--- patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list