From 64d48843d78b0b9afbba64b45dc7f7dc56208a16 Mon Sep 17 00:00:00 2001
From: Thomas Faber <thomas.faber@reactos.org>
Date: Mon, 28 Jan 2019 13:47:58 +0100
Subject: [PATCH] [FREETYPE] Handle allocation failures in our stack-saving
 hacks. CORE-15642

Running out of pool is likely at least during kmtest:ExPools.
There is a chance of crashing when dereferencing these null pointers -- but
worse, there's also a chance of overwriting the IVT or BDA if a VDM BIOS
call is in progress, which can lead to crashes in non-obvious places later.
---
 sdk/lib/3rdparty/freetype/src/autofit/afcjk.c    |  5 +++++
 sdk/lib/3rdparty/freetype/src/autofit/aflatin.c  |  5 +++++
 sdk/lib/3rdparty/freetype/src/autofit/afmodule.c |  6 ++++++
 sdk/lib/3rdparty/freetype/src/cid/cidgload.c     |  3 +++
 sdk/lib/3rdparty/freetype/src/psaux/psintrp.c    |  9 ++++++++-
 sdk/lib/3rdparty/freetype/src/raster/ftraster.c  |  6 ++++++
 sdk/lib/3rdparty/freetype/src/smooth/ftgrays.c   |  4 ++++
 sdk/lib/3rdparty/freetype/src/type1/t1gload.c    | 12 ++++++++++++
 8 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/sdk/lib/3rdparty/freetype/src/autofit/afcjk.c b/sdk/lib/3rdparty/freetype/src/autofit/afcjk.c
index dc77ed49e0e..40b14ac88cc 100644
--- a/sdk/lib/3rdparty/freetype/src/autofit/afcjk.c
+++ b/sdk/lib/3rdparty/freetype/src/autofit/afcjk.c
@@ -73,6 +73,7 @@
     /* scan the array of segments in each direction */
 #ifdef __REACTOS__
     AF_GlyphHintsRec *hints = malloc(sizeof(AF_GlyphHintsRec));
+    if (!hints) return;
 #else
     AF_GlyphHintsRec  hints[1];
 #endif
@@ -95,6 +96,9 @@
       int               dim;
 #ifdef __REACTOS__
       AF_CJKMetricsRec *dummy = malloc(sizeof(AF_CJKMetricsRec));
+      if (!dummy)
+        goto Exit;
+      {
 #else
       AF_CJKMetricsRec  dummy[1];
 #endif
@@ -274,6 +278,7 @@
       }
 #ifdef __REACTOS__
       free(dummy);
+      }
 #endif
     }
 
diff --git a/sdk/lib/3rdparty/freetype/src/autofit/aflatin.c b/sdk/lib/3rdparty/freetype/src/autofit/aflatin.c
index 7690e1e803a..0fa6233b945 100644
--- a/sdk/lib/3rdparty/freetype/src/autofit/aflatin.c
+++ b/sdk/lib/3rdparty/freetype/src/autofit/aflatin.c
@@ -64,6 +64,7 @@
     /* scan the array of segments in each direction */
 #ifdef __REACTOS__
     AF_GlyphHintsRec *hints = malloc(sizeof(AF_GlyphHintsRec));
+    if (!hints) return;
 #else
     AF_GlyphHintsRec  hints[1];
 #endif
@@ -86,6 +87,9 @@
       int                 dim;
 #ifdef __REACTOS__
       AF_LatinMetricsRec *dummy = malloc(sizeof(AF_LatinMetricsRec));
+      if (!dummy)
+        goto Exit;
+      {
 #else
       AF_LatinMetricsRec  dummy[1];
 #endif
@@ -267,6 +271,7 @@
       }
 #ifdef __REACTOS__
       free(dummy);
+      }
 #endif
     }
 
diff --git a/sdk/lib/3rdparty/freetype/src/autofit/afmodule.c b/sdk/lib/3rdparty/freetype/src/autofit/afmodule.c
index 4b994c3dc54..1360284ac55 100644
--- a/sdk/lib/3rdparty/freetype/src/autofit/afmodule.c
+++ b/sdk/lib/3rdparty/freetype/src/autofit/afmodule.c
@@ -552,6 +552,11 @@
 #ifdef __REACTOS__
     AF_GlyphHintsRec *hints = malloc(sizeof(AF_GlyphHintsRec));
     AF_LoaderRec *loader = malloc(sizeof(AF_LoaderRec));
+    if (!hints || !loader)
+    {
+        error =  FT_Err_Out_Of_Memory;
+        goto Exit;
+    }
 #else
     AF_GlyphHintsRec  hints[1];
     AF_LoaderRec      loader[1];
@@ -570,6 +575,7 @@
     af_glyph_hints_done( hints );
 
 #ifdef __REACTOS__
+Exit:
     free(hints);
     free(loader);
 #endif
diff --git a/sdk/lib/3rdparty/freetype/src/cid/cidgload.c b/sdk/lib/3rdparty/freetype/src/cid/cidgload.c
index dbc116c585e..4ae2e051e3b 100644
--- a/sdk/lib/3rdparty/freetype/src/cid/cidgload.c
+++ b/sdk/lib/3rdparty/freetype/src/cid/cidgload.c
@@ -343,8 +343,10 @@
     FT_Error       error;
 #ifdef __REACTOS__
     T1_DecoderRec *decoder = malloc(sizeof(T1_DecoderRec));
+    if (!decoder) return FT_Err_Out_Of_Memory;
 /* Ugly but it allows us to reduce the diff */
 #define decoder (*decoder)
+    {
 #else
     T1_DecoderRec  decoder;
 #endif
@@ -533,6 +535,7 @@
 #ifdef __REACTOS__
     free(&decoder);
 #undef decoder
+    }
 #endif
     return error;
   }
diff --git a/sdk/lib/3rdparty/freetype/src/psaux/psintrp.c b/sdk/lib/3rdparty/freetype/src/psaux/psintrp.c
index 1ac5b9392b0..bc86d00b275 100644
--- a/sdk/lib/3rdparty/freetype/src/psaux/psintrp.c
+++ b/sdk/lib/3rdparty/freetype/src/psaux/psintrp.c
@@ -527,6 +527,7 @@
     CF2_HintMaskRec   hintMask;
 #ifdef __REACTOS__
     CF2_GlyphPathRec *glyphPath = malloc(sizeof(CF2_GlyphPathRec));
+    if (!glyphPath) return;
 /* Ugly but it allows us to reduce the diff */
 #define glyphPath (*glyphPath)
 #else
@@ -2613,12 +2614,18 @@
            */
 #ifdef __REACTOS__
           CF2_HintMapRec *counterHintMap = malloc(sizeof(CF2_HintMapRec));
+          CF2_HintMaskRec  counterMask;
+          if (!counterHintMap)
+          {
+            lastError = FT_Err_Out_Of_Memory;
+            goto exit;
+          }
 /* Ugly but it allows us to reduce the diff */
 #define counterHintMap (*counterHintMap)
 #else
           CF2_HintMapRec   counterHintMap;
-#endif
           CF2_HintMaskRec  counterMask;
+#endif
 
 
           cf2_hintmap_init( &counterHintMap,
diff --git a/sdk/lib/3rdparty/freetype/src/raster/ftraster.c b/sdk/lib/3rdparty/freetype/src/raster/ftraster.c
index 7b76cdbed57..40d5d9d5a72 100644
--- a/sdk/lib/3rdparty/freetype/src/raster/ftraster.c
+++ b/sdk/lib/3rdparty/freetype/src/raster/ftraster.c
@@ -3208,6 +3208,12 @@
 #ifdef __REACTOS__
     worker = malloc(sizeof(black_TWorker));
     buffer = malloc(FT_MAX(FT_RENDER_POOL_SIZE, 2048));
+    if (!worker || !buffer)
+    {
+      free(worker);
+      free(buffer);
+      return FT_THROW( Out_Of_Memory );
+    }
 #endif
 
     ras.outline = *outline;
diff --git a/sdk/lib/3rdparty/freetype/src/smooth/ftgrays.c b/sdk/lib/3rdparty/freetype/src/smooth/ftgrays.c
index e5fb3c7d52e..a5ec55bf5a3 100644
--- a/sdk/lib/3rdparty/freetype/src/smooth/ftgrays.c
+++ b/sdk/lib/3rdparty/freetype/src/smooth/ftgrays.c
@@ -1757,6 +1757,10 @@ typedef ptrdiff_t  FT_PtrDist;
 
 #ifdef __REACTOS__
     buffer = malloc(FT_MAX(FT_RENDER_POOL_SIZE, 2048));
+    if (!buffer)
+    {
+      return 1;
+    }
 #endif
 
     /* set up vertical bands */
diff --git a/sdk/lib/3rdparty/freetype/src/type1/t1gload.c b/sdk/lib/3rdparty/freetype/src/type1/t1gload.c
index ee2656b476a..3e78b9e43a2 100644
--- a/sdk/lib/3rdparty/freetype/src/type1/t1gload.c
+++ b/sdk/lib/3rdparty/freetype/src/type1/t1gload.c
@@ -215,6 +215,9 @@
     FT_Error       error;
 #ifdef __REACTOS__
     T1_DecoderRec *decoder = malloc(sizeof(T1_DecoderRec));
+    if (!decoder)
+      return FT_THROW( Out_Of_Memory );
+    {
 /* Ugly but it allows us to reduce the diff */
 #define decoder (*decoder)
 #else
@@ -279,6 +282,7 @@
 #ifdef __REACTOS__
     free(&decoder);
 #undef decoder
+    }
 #endif
     return FT_Err_Ok;
   }
@@ -294,8 +298,11 @@
     T1_Face        face  = (T1_Face)t1face;
 #ifdef __REACTOS__
     T1_DecoderRec *decoder = malloc(sizeof(T1_DecoderRec));
+    if (!decoder)
+      return FT_THROW( Out_Of_Memory );
 /* Ugly but it allows us to reduce the diff */
 #define decoder (*decoder)
+    {
 #else
     T1_DecoderRec  decoder;
 #endif
@@ -358,6 +365,7 @@
 #ifdef __REACTOS__
     free(&decoder);
 #undef decoder
+    }
 #endif
     return FT_Err_Ok;
   }
@@ -373,8 +381,11 @@
     FT_Error                error;
 #ifdef __REACTOS__
     T1_DecoderRec *decoder = malloc(sizeof(T1_DecoderRec));
+    if (!decoder)
+      return FT_THROW( Out_Of_Memory );
 /* Ugly but it allows us to reduce the diff */
 #define decoder (*decoder)
+    {
 #else
     T1_DecoderRec           decoder;
 #endif
@@ -629,6 +640,7 @@
 #ifdef __REACTOS__
     free(&decoder);
 #undef decoder
+    }
 #endif
     return error;
   }