Closed Bug 370441 Opened 17 years ago Closed 15 years ago

OOM [@ GetMissingGlyphString] (allocation in pango_glyph_string_set_size)

Categories

(Core :: Graphics, defect)

Product:
Core
Component:
Graphics
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: MatsPalmgren_bugz, Unassigned)

Details

http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/gfx/thebes/src/gfxPangoFonts.cpp&rev=1.42&mark=1192,1210#1186

Note that glyphString->glyphs and/or glyphString->log_clusters
might be NULL after pango_glyph_string_set_size() is called.  Behold:

void
pango_glyph_string_set_size(PangoGlyphString *string, gint new_len)
{
  g_return_if_fail (new_len >= 0);

  while (new_len > string->space) {
    if (string->space == 0)
      string->space = 1;
    else
      string->space *= 2;

    if (string->space < 0)
      g_error("%s: glyph string length overflows maximum integer size",
              "pango_glyph_string_set_size");
  }

  string->glyphs = g_realloc(string->glyphs,
                             string->space * sizeof(PangoGlyphInfo));
  string->log_clusters = g_realloc(string->log_clusters,
                                   string->space * sizeof (gint));
  string->num_glyphs = new_len;
}


gpointer
g_realloc(gpointer p, gulong size)
{
	gpointer n;

	if (size == 0) {
		gm_free(p);
		return NULL;
	}

	n = gm_realloc(p, size);

	if (n)
		return n;

	g_error("re-allocation of %lu bytes failed", size);
	return NULL;
}
g_error calls abort (bug 430127 comment 32), so g_realloc only returns NULL when size is 0.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.