From 4d176b742774670c5c265a06f742e63a43f5f7ab Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Thu, 7 Jun 2018 18:53:26 -0700 Subject: [PATCH] Fix ftfont_open2 failure cleanup MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit * src/ftfont.c (ftfont_open2): Don’t increment counter if failing. Avoid use-after-free once the increment bug is fixed. --- src/ftfont.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/ftfont.c b/src/ftfont.c index 9a8777ef078..a53467000f3 100644 --- a/src/ftfont.c +++ b/src/ftfont.c @@ -1131,16 +1131,19 @@ ftfont_open2 (struct frame *f, return Qnil; } } - set_save_integer (val, 1, XSAVE_INTEGER (val, 1) + 1); size = XINT (AREF (entity, FONT_SIZE_INDEX)); if (size == 0) size = pixel_size; if (FT_Set_Pixel_Sizes (ft_face, size, size) != 0) { if (XSAVE_INTEGER (val, 1) == 0) - FT_Done_Face (ft_face); + { + FT_Done_Face (ft_face); + cache_data->ft_face = NULL; + } return Qnil; } + set_save_integer (val, 1, XSAVE_INTEGER (val, 1) + 1); ASET (font_object, FONT_FILE_INDEX, filename); font = XFONT_OBJECT (font_object); -- 2.39.5