On Mon, 30 Mar 2026 18:37:08 GMT, Kevin Rushforth <[email protected]> wrote:
> This PR fixes a corner case where an uninitialized value could be passed to > free if a malloc of a small array fails. > > The cleanup code for > `Java_com_sun_javafx_font_freetype_OSFreetype_FT_1Outline_1Decompose` in > freetype.c checks the `data.pointTypes` and `data.pointCoords` pointers and > frees them if not null. > > if the malloc for the first of these two fails, the second will not have been > initialized yet, in which case the uninitialized value would be passed to > free. > > NOTE: This fix is in Linux-specific platform code. All code in freetype.c is > under an ifdef for Linux (or Android). This pull request has now been integrated. Changeset: 8d1a946d Author: Kevin Rushforth <[email protected]> URL: https://git.openjdk.org/jfx/commit/8d1a946d4f0a578b39a4cbdac2fbd76664fe3f70 Stats: 4 lines in 1 file changed: 3 ins; 0 del; 1 mod 8379211: Uninitialised memory in Java_com_sun_javafx_font_freetype_OSFreetype_FT_1Outline_1Decompose Reviewed-by: lkostyra, arapte ------------- PR: https://git.openjdk.org/jfx/pull/2132
