gdi32: Avoid crash by initializing variable font_set.

Bernhard Übelacker bernhardu at mailbox.org
Tue Nov 24 06:54:21 CST 2020 

If the call pFcStrListNext returns NULL the loop is never entered and
the variable font_set never gets written, leading to a crash cleaning
up font_set by pFcFontSetDestroy.
Maybe caused by dir_list being empty.

Signed-off-by: Bernhard Übelacker <bernhardu at mailbox.org>

C:\windows\system32\winemenubuilder.exe -a -r
0034:err:module:LdrInitializeThunk "gdi32.dll" failed to initialize, aborting
0034:err:module:LdrInitializeThunk Initializing dlls for L"C:\\windows\\system32\\winemenubuilder.exe" failed, status c0000005

(rr) bt
#0  0x7edfea16 in IA__FcFontSetDestroy (s=0x7ee0bbec <IA__FcStrSetDestroy+12>) at fcfs.c:48
#1  0x7f114d9d in fontconfig_add_fonts_from_dir_list (config=0x7d81d740, dir_list=0x7d822c60, done_set=0x7d822c30, flags=5) at .../wine-git/dlls/gdi32/freetype.c:1509
#2  0x7f114d4a in fontconfig_add_fonts_from_dir_list (config=0x7d81d740, dir_list=0x7d822b70, done_set=0x7d822c30, flags=5) at .../wine-git/dlls/gdi32/freetype.c:1503
#3  0x7f114d4a in fontconfig_add_fonts_from_dir_list (config=0x7d81d740, dir_list=0x7d82a910, done_set=0x7d822c30, flags=5) at .../wine-git/dlls/gdi32/freetype.c:1503
#4  0x7f114d4a in fontconfig_add_fonts_from_dir_list (config=0x7d81d740, dir_list=0x7d82a570, done_set=0x7d822c30, flags=5) at .../wine-git/dlls/gdi32/freetype.c:1503
#5  0x7f114e52 in load_fontconfig_fonts () at .../wine-git/dlls/gdi32/freetype.c:1526
#6  0x7f115d46 in freetype_load_fonts () at .../wine-git/dlls/gdi32/freetype.c:1749
#7  0x6ca35fcc in font_init () at .../wine-git/dlls/gdi32/font.c:7944
#8  0x6ca37698 in DllMain at 12 (inst=0x6c9c0000, reason=1, reserved=0x31fd24) at .../wine-git/dlls/gdi32/gdiobj.c:629
#9  0x7bc2c266 in call_dll_entry_point ()
#10 0x7bc2f6e6 in MODULE_InitDLL (wm=<optimized out>, reason=<optimized out>, lpReserved=<optimized out>) at .../wine-git/dlls/ntdll/loader.c:1332
#11 0x7bc2fafc in process_attach (wm=0x110f10, lpReserved=0x31fd24) at .../wine-git/dlls/ntdll/loader.c:1426
#12 0x7bc2fa4a in process_attach (wm=0x1109a8, lpReserved=0x31fd24) at .../wine-git/dlls/ntdll/loader.c:1397
#13 0x7bc2fa4a in process_attach (wm=0x1107d8, lpReserved=0x31fd24) at .../wine-git/dlls/ntdll/loader.c:1397
#14 0x7bc32f58 in LdrInitializeThunk at 16 (context=0x31fd24, unknown2=268427264, unknown3=1, unknown4=0) at .../wine-git/dlls/ntdll/loader.c:1397
#15 0x00000000 in ?? ()
(rr)

(rr) print/x *dir_list
$14 = {set = 0x7d820190, n = 0x0}

Two frames up shows dir="/usr/share/fonts/X11/100dpi".
libfontconfig1:i386 in version 2.13.1-4.2.

Might be related to:
  a51d68e35c53
  gdi32: Load font list directly from fontconfig cache.
---
 dlls/gdi32/freetype.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dlls/gdi32/freetype.c b/dlls/gdi32/freetype.c
index 993110e6fe0..e7684728c9c 100644
--- a/dlls/gdi32/freetype.c
+++ b/dlls/gdi32/freetype.c
@@ -1468,7 +1468,7 @@ static void init_fontconfig(void)
 static void fontconfig_add_fonts_from_dir_list( FcConfig *config, FcStrList *dir_list, FcStrSet *done_set, DWORD flags )
 {
     const FcChar8 *dir;
-    FcFontSet *font_set;
+    FcFontSet *font_set = NULL;
     FcStrList *subdir_list = NULL;
     FcStrSet *subdir_set = NULL;
     FcCache *cache = NULL;
-- 
2.29.2

More information about the wine-devel mailing list