search

NiLuJe / FBInk

FrameBuffer eInker, a small tool & library to print text & images to an eInk Linux framebuffer
https://www.mobileread.com/forums/showthread.php?t=299110
GNU General Public License v3.0
315 stars 23 forks source link

free_ot_font: Double Free #36

Closed yparitcher closed 4 years ago

yparitcher commented 4 years ago

When calling fbink_free_ot_fonts() twice there is a double free. for example:

fbink_add_ot_font("font.ttf", FNT_REGULAR);
fbink_free_ot_fonts();
...
fbink_add_ot_font("font.ttf", FNT_REGULAR);
fbink_free_ot_fonts();

in a long running program.

https://github.com/NiLuJe/FBInk/blob/5642e16cd9859c9e815322f82626232396ecbdc5/fbink.c#L2720 only nulls the local copy of font_info however the global pointer otFonts.otRegular is not nulled, which leaves a dangling pointer -> double free.

I am not sure how to pass the pointer to fix this. Thanks

NiLuJe commented 4 years ago

Whoops.

Nice catch, and thanks for the PR, which I'll apply shortly, as that was the exact same thing I was going to try ;).