[Bug 2511] New: [IcedTea8] Reset success following calls in LayoutManager.cpp

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Fri Jul 10 16:34:14 UTC 2015 

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2511

            Bug ID: 2511
           Summary: [IcedTea8] Reset success following calls in
                    LayoutManager.cpp
           Product: IcedTea
           Version: 8-hg
          Hardware: all
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: IcedTea
          Assignee: gnu.andrew at redhat.com
          Reporter: gnu.andrew at redhat.com
                CC: unassigned at icedtea.classpath.org

In the LayoutEngineFactory function, the line
LEReferenceTo<GlyphSubstitutionTableHeader>
gsubTable(fontInstance,gsubTableTag,success) sets success to
LE_INDEX_OUT_OF_BOUNDS_ERROR because of an attempt to access element 12 from an
array of length 10. This return value is never checked at this point or reset.
So the same success value is used in:
LEReferenceTo<MorphTableHeader2> morxTable(fontInstance, morxTableTag,
success);
LEReferenceTo<MorphTableHeader> mortTable(fontInstance, mortTableTag, success);
new LayoutEngine(fontInstance, scriptCode, languageCode, typoFlags, success);

causing them all to immediately fail, the LayoutEngine gets deleted
and NULL is returned.

Manually resetting success on OpenJDK 7 avoids NULL and being returned and the
crash seen in 8023502 / PR2509.

(gdb) print success
$31 = (LEErrorCode &) @0x3b31694bdb4: LE_INDEX_OUT_OF_BOUNDS_ERROR
(gdb) set success = LE_NO_ERROR
...
(gdb) next
717                                result = new LayoutEngine(fontInstance,
scriptCode, languageCode, typoFlags, success);
(gdb) print success
$37 = (LEErrorCode &) @0x3b31694bdb4: LE_NO_ERROR
(gdb) next
724            if (result && LE_FAILURE(success)) {
(gdb) print success
$38 = (LEErrorCode &) @0x3b31694bdb4: LE_NO_ERROR

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150710/d100c638/attachment.html>

More information about the distro-pkg-dev mailing list