Bug 168362

Summary: pango memory leaks
Product: [Fedora] Fedora Reporter: Steve Grubb <sgrubb>
Component: pangoAssignee: Owen Taylor <otaylor>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-09-16 12:59:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steve Grubb 2005-09-15 12:41:31 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050909 Fedora/1.0.6-1.2.fc4 Firefox/1.0.6

Description of problem:
The first problem is in pango-1.10.0/modules/hangul/hangul-fc.c In that file, 
there is an array index that can be incremented by 3 or 1. It allocates more 
memory when it detects that the next pass is starting with the iterator 1 
beyond legal memory. Because the loop can be incremented by 1 sometimes, it 
can fail the test and then need to write to 3 locations. Example: array index 
is 7 - which is below the test to allocate memory (8). It may need to then write 
to locations 7,8,&9. Where 8 & 9 are beyond the array.

There was an unused variable, a number of divide by zeros which I did not fix, 
and 2 memory leaks.

Version-Release number of selected component (if applicable):
pango-1.10.0

How reproducible:
Always

Steps to Reproduce:
1. Problem found in code review

Additional info:

will attach patch that corrects problems
Comment 1 Owen Taylor 2005-09-16 12:59:19 UTC 
Filed upstream as:

 http://bugzilla.gnome.org/show_bug.cgi?id=316466
 http://bugzilla.gnome.org/show_bug.cgi?id=316467
 http://bugzilla.gnome.org/show_bug.cgi?id=316468
 http://bugzilla.gnome.org/show_bug.cgi?id=316469