Bug 91206

Summary: Use of a pointer after it is freed
Product: cairo Reporter: Arpit <jain.arpit>
Component: generalAssignee: Arpit <jain.arpit>
Status: RESOLVED FIXED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Arpit 2015-07-03 07:12:40 UTC 
OVERVIEW:
Use of a pointer after it is freed.
 

DESCRIPTION:
 
In function 'draw' at line 76 in following file:

http://cgit.freedesktop.org/cairo/tree/test/bitmap-font.c

function 'free' frees the pointed 'filename'(at Line no. 97).

The pointer to freed memory 'filename' is dereferenced, used as a function argument at line 108:

cairo_test_log (ctx, "Error creating font face for %s: %s\n",
			filename,
			cairo_status_to_string (status));

			
EXPECTED:

The pointer 'filename' should not be used once it is freed.
Comment 1 Arpit 2015-07-03 10:12:51 UTC 
The patch for this Bug is submitted.
and the link for the patch is as follows:

http://lists.freedesktop.org/archives/cairo/2015-July/026342.html
Comment 2 Bryce Harrington 2015-07-07 22:30:32 UTC 
Thanks, a free is also needed at line 111, which fix pushed:

commit 399c034bb8c7424c2ed57242cad23e9323bc7978
Author: Arpit Jain <jain.arpit@samsung.com>
Date:   Fri Jul 3 15:31:48 2015 +0530

    test/bitmap-font: Fix use of pointer after freed pointer

    The pointer 'filename' is already freed and still used as a function
    argument.  This patch will free the pointer 'filename' only after it is
    used.

    Also, the patch ensures that it frees the pointer 'filename' before any
    return of this function.

    Fixes:  https://bugs.freedesktop.org/show_bug.cgi?id=91206
    Signed-off-by: Arpit Jain <jain.arpit@samsung.com>
    Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.