From Thibault Genessay, "On Dec 16 you introduced a fix to remove internal use of ref_ptr<>'s.

It contained a bug that would cause freed memory to be written again. Specifically, in FreeTypeLibrary::~FreeTypeLibrary(), calling font->setImplementation(0); deletes the content pointed to by the fontImplementation pointer, while the line the immediately follows tries to access it. My fix is to make the second instruction part of an else clause rather than always executed. This way, the fontImplementation->_facade = 0 instruction is only executed when the font implementation is not set to 0 before (although I have no idea what it is here for and if this code path is ever followed, since I don't know the plugin's internals very well). Attached is the modified FreeTypeLibrary.cpp file."
2008-02-18 15:10:30 +00:00
parent 4cf9b9a947
commit e7e8d48980
1 changed files with 2 additions and 2 deletions
--- a/src/osgPlugins/freetype/FreeTypeLibrary.cpp
+++ b/src/osgPlugins/freetype/FreeTypeLibrary.cpp
@@ -46,7 +46,7 @@ FreeTypeLibrary::~FreeTypeLibrary()
        _fontImplementationSet.erase(_fontImplementationSet.begin());
        osgText::Font* font = fontImplementation->_facade;
        if (font) font->setImplementation(0);
-        fontImplementation->_facade = 0;
+        else fontImplementation->_facade = 0;
    }
    
    while(!_font3DImplementationSet.empty())
@@ -55,7 +55,7 @@ FreeTypeLibrary::~FreeTypeLibrary()
        _font3DImplementationSet.erase(_font3DImplementationSet.begin());
        osgText::Font3D* font3D = font3DImplementation->_facade;
        if (font3D) font3D->setImplementation(0);
-        font3DImplementation->_facade = 0;
+        else font3DImplementation->_facade = 0;
    }
    
    FT_Done_FreeType( _ftlibrary);