From ec29c76e18f3a30e559e9eb31dfcc20b80b9522c Mon Sep 17 00:00:00 2001
From: Marc Mutz <marc.mutz@kdab.com>
Date: Sat, 5 Mar 2016 11:21:02 +0100
Subject: Fix UB in QFontEngineFT::loadGlyph()

Reported by UBSan:

   src/gui/text/qfontengine_ft.cpp:1079:54: runtime error: null pointer passed as argument 1, which is declared to never be null

The default-constructed QScopedArrayPointer is not
reset() in every code path. In fact, in the code
path leading to this memset, the only reset() call
is in the if block right above it, so move the
memset into the if block.

Change-Id: I1f793c313ca56f3315c6bdd55456cb025cafc089
Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com>
---
 src/gui/text/qfontengine_ft.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/gui/text/qfontengine_ft.cpp')

diff --git a/src/gui/text/qfontengine_ft.cpp b/src/gui/text/qfontengine_ft.cpp
index 0a0e174343..8fbeff3596 100644
--- a/src/gui/text/qfontengine_ft.cpp
+++ b/src/gui/text/qfontengine_ft.cpp
@@ -1073,8 +1073,8 @@ QFontEngineFT::Glyph *QFontEngineFT::loadGlyph(QGlyphSet *set, uint glyph,
     if (glyph_buffer_size < pitch * info.height) {
         glyph_buffer_size = pitch * info.height;
         glyph_buffer.reset(new uchar[glyph_buffer_size]);
+        memset(glyph_buffer.data(), 0, glyph_buffer_size);
     }
-    memset(glyph_buffer.data(), 0, glyph_buffer_size);
 
     if (slot->format == FT_GLYPH_FORMAT_OUTLINE) {
         FT_Bitmap bitmap;
-- 
cgit v1.2.3