Piotr Caban : dwrite: Don' t crash on uninitialized cached and factory fields in dwritefontface_Release.

Thu Apr 27 15:49:10 CDT 2017

Module: wine
Branch: master
Commit: e98cdc3215ccc826242573675ff37486c6707660
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=e98cdc3215ccc826242573675ff37486c6707660

Author: Piotr Caban <piotr at codeweavers.com>
Date:   Thu Apr 27 16:27:33 2017 +0200

dwrite: Don't crash on uninitialized cached and factory fields in dwritefontface_Release.

The function may be called with the fields uninitialized from
create_fontface when init_font_data fails.

Signed-off-by: Piotr Caban <piotr at codeweavers.com>
Signed-off-by: Nikolay Sivov <nsivov at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/dwrite/font.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/dlls/dwrite/font.c b/dlls/dwrite/font.c
index ca2d69a..328e5e4 100644
--- a/dlls/dwrite/font.c
+++ b/dlls/dwrite/font.c
@@ -501,8 +501,10 @@ static ULONG WINAPI dwritefontface_Release(IDWriteFontFace4 *iface)
             heap_free(This->glyphs[i]);
 
         freetype_notify_cacheremove(iface);
-        factory_release_cached_fontface(This->cached);
-        IDWriteFactory4_Release(This->factory);
+        if (This->cached)
+            factory_release_cached_fontface(This->cached);
+        if (This->factory)
+            IDWriteFactory4_Release(This->factory);
         heap_free(This);
     }
 
@@ -4283,7 +4285,7 @@ HRESULT create_fontface(const struct fontface_desc *desc, struct list *cached_li
 
     *ret = NULL;
 
-    fontface = heap_alloc(sizeof(struct dwrite_fontface));
+    fontface = heap_alloc_zero(sizeof(struct dwrite_fontface));
     if (!fontface)
         return E_OUTOFMEMORY;
 
@@ -4301,11 +4303,6 @@ HRESULT create_fontface(const struct fontface_desc *desc, struct list *cached_li
     fontface->ref = 1;
     fontface->type = desc->face_type;
     fontface->file_count = desc->files_number;
-    memset(&fontface->cmap, 0, sizeof(fontface->cmap));
-    memset(&fontface->vdmx, 0, sizeof(fontface->vdmx));
-    memset(&fontface->gasp, 0, sizeof(fontface->gasp));
-    memset(&fontface->cpal, 0, sizeof(fontface->cpal));
-    memset(&fontface->colr, 0, sizeof(fontface->colr));
     fontface->cmap.exists = TRUE;
     fontface->vdmx.exists = TRUE;
     fontface->gasp.exists = TRUE;
@@ -4313,7 +4310,6 @@ HRESULT create_fontface(const struct fontface_desc *desc, struct list *cached_li
     fontface->colr.exists = TRUE;
     fontface->index = desc->index;
     fontface->simulations = desc->simulations;
-    memset(fontface->glyphs, 0, sizeof(fontface->glyphs));
 
     for (i = 0; i < fontface->file_count; i++) {
         hr = get_stream_from_file(desc->files[i], &fontface->streams[i]);
@@ -4338,7 +4334,6 @@ HRESULT create_fontface(const struct fontface_desc *desc, struct list *cached_li
         }
     }
 
-    fontface->flags = 0;
     fontface->charmap = freetype_get_charmap_index(&fontface->IDWriteFontFace4_iface, &is_symbol);
     if (is_symbol)
         fontface->flags |= FONTFACE_IS_SYMBOL;


