On Mon, 30 Mar 2026 18:37:08 GMT, Kevin Rushforth <[email protected]> wrote:
> This PR fixes a corner case where an uninitialized value could be passed to > free if a malloc of a small array fails. > > The cleanup code for > `Java_com_sun_javafx_font_freetype_OSFreetype_FT_1Outline_1Decompose` in > freetype.c checks the `data.pointTypes` and `data.pointCoords` pointers and > frees them if not null. > > if the malloc for the first of these two fails, the second will not have been > initialized yet, in which case the uninitialized value would be passed to > free. > > NOTE: This fix is in Linux-specific platform code. All code in freetype.c is > under an ifdef for Linux (or Android). +1 ------------- Marked as reviewed by arapte (Reviewer). PR Review: https://git.openjdk.org/jfx/pull/2132#pullrequestreview-4041552358
