OOM [@ GetMissingGlyphString] (allocation in pango_glyph_string_set_size)

RESOLVED INVALID

Status

()

--
critical
RESOLVED INVALID
12 years ago
10 years ago

People

(Reporter: mats, Unassigned)

Tracking

Trunk
x86
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

12 years ago
http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/gfx/thebes/src/gfxPangoFonts.cpp&rev=1.42&mark=1192,1210#1186

Note that glyphString->glyphs and/or glyphString->log_clusters
might be NULL after pango_glyph_string_set_size() is called.  Behold:

void
pango_glyph_string_set_size(PangoGlyphString *string, gint new_len)
{
  g_return_if_fail (new_len >= 0);

  while (new_len > string->space) {
    if (string->space == 0)
      string->space = 1;
    else
      string->space *= 2;

    if (string->space < 0)
      g_error("%s: glyph string length overflows maximum integer size",
              "pango_glyph_string_set_size");
  }

  string->glyphs = g_realloc(string->glyphs,
                             string->space * sizeof(PangoGlyphInfo));
  string->log_clusters = g_realloc(string->log_clusters,
                                   string->space * sizeof (gint));
  string->num_glyphs = new_len;
}


gpointer
g_realloc(gpointer p, gulong size)
{
	gpointer n;

	if (size == 0) {
		gm_free(p);
		return NULL;
	}

	n = gm_realloc(p, size);

	if (n)
		return n;

	g_error("re-allocation of %lu bytes failed", size);
	return NULL;
}
g_error calls abort (bug 430127 comment 32), so g_realloc only returns NULL when size is 0.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.