[base] Report used stream's external status (!240) · Merge requests · FreeType / FreeType

Ben Wagner requested to merge bungeman/freetype:fix_woff_stream_leak into master Jan 05, 2023

In open_face the initial stream is set on the face, along with the information about if FreeType is the owner of the stream object itself. The loaders may in the course of their work replace this stream with a new stream (as in woff and woff2) which may have a different ownership than the initial stream object (likely the original stream object is owned by the user and is external, while the new stream object is created internally to FreeType and is internal). When the stream is replaced, the face's flags are updated with the new ownership status.

However, open_face cannot itself free this stream as its caller ft_open_face_internal is responsible for this. In addition, in the case of an error open_face cannot return an actual face with the new stream and its ownership status to the caller. As a result, it must pass this information back to the caller as a sort of "failed face" so that the caller can clean up.

open_face was already passing back the new stream but was not passing back the stream ownership information. As a result the stream may not have been free'd when needed. Modify open_face to pass back the ownership information as well.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54700

src/base/ftobjs.c (open_face): do it. (ft_open_face_internal) use it.

[base] Report used stream's external status

Merge request reports