From e7e8d48980fa9d7d5cf7150ef76d69fef81a3d2a Mon Sep 17 00:00:00 2001 From: Robert Osfield Date: Mon, 18 Feb 2008 15:10:30 +0000 Subject: [PATCH] From Thibault Genessay, "On Dec 16 you introduced a fix to remove internal use of ref_ptr<>'s. It contained a bug that would cause freed memory to be written again. Specifically, in FreeTypeLibrary::~FreeTypeLibrary(), calling font->setImplementation(0); deletes the content pointed to by the fontImplementation pointer, while the line the immediately follows tries to access it. My fix is to make the second instruction part of an else clause rather than always executed. This way, the fontImplementation->_facade = 0 instruction is only executed when the font implementation is not set to 0 before (although I have no idea what it is here for and if this code path is ever followed, since I don't know the plugin's internals very well). Attached is the modified FreeTypeLibrary.cpp file." --- src/osgPlugins/freetype/FreeTypeLibrary.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/osgPlugins/freetype/FreeTypeLibrary.cpp b/src/osgPlugins/freetype/FreeTypeLibrary.cpp index 8dca50ee4..842291f03 100644 --- a/src/osgPlugins/freetype/FreeTypeLibrary.cpp +++ b/src/osgPlugins/freetype/FreeTypeLibrary.cpp @@ -46,7 +46,7 @@ FreeTypeLibrary::~FreeTypeLibrary() _fontImplementationSet.erase(_fontImplementationSet.begin()); osgText::Font* font = fontImplementation->_facade; if (font) font->setImplementation(0); - fontImplementation->_facade = 0; + else fontImplementation->_facade = 0; } while(!_font3DImplementationSet.empty()) @@ -55,7 +55,7 @@ FreeTypeLibrary::~FreeTypeLibrary() _font3DImplementationSet.erase(_font3DImplementationSet.begin()); osgText::Font3D* font3D = font3DImplementation->_facade; if (font3D) font3D->setImplementation(0); - font3DImplementation->_facade = 0; + else font3DImplementation->_facade = 0; } FT_Done_FreeType( _ftlibrary);