[osg-submissions] Fix for freetype plugin - would cause already freed memory write
Thibault Genessay
tibogens at gmail.com
Fri Feb 8 00:11:02 PST 2008
Hi Robert,
On Dec 16 you introduced a fix to remove internal use of ref_ptr<>'s.
It contained a bug that would cause freed memory to be written again.
Specifically, in FreeTypeLibrary::~FreeTypeLibrary(), calling
font->setImplementation(0); deletes the content pointed to by the
fontImplementation pointer, while the line the immediately follows
tries to access it.
My fix is to make the second instruction part of an else clause rather
than always executed. This way, the fontImplementation->_facade = 0
instruction is only executed when the font implementation is not set
to 0 before (although I have no idea what it is here for and if this
code path is ever followed, since I don't know the plugin's internals
very well).
Attached is the modified FreeTypeLibrary.cpp file.
Regards
Thibault
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: FreeTypeLibrary.cpp
Url: http://lists.openscenegraph.org/pipermail/osg-submissions-openscenegraph.org/attachments/20080208/f03c677c/attachment.asc
More information about the osg-submissions
mailing list