https://bugzilla.gnome.org/show_bug.cgi?id=639882 --- pango/pangoft2-render.c 2009-11-16 23:49:11.000000000 -0500 +++ pango/pangoft2-render.c.oden 2011-01-31 03:50:08.000000000 -0500 @@ -121,9 +121,17 @@ pango_ft2_font_render_box_glyph (int box->bitmap.width = width; box->bitmap.rows = height; - box->bitmap.pitch = height; + box->bitmap.pitch = width; - box->bitmap.buffer = g_malloc0 (box->bitmap.rows * box->bitmap.pitch); + if (box->bitmap.pitch > 0) + box->bitmap.buffer = g_malloc0_n (box->bitmap.rows, box->bitmap.pitch); + else + box->bitmap.buffer = NULL; + + if (G_UNLIKELY (!box->bitmap.buffer)) { + g_slice_free (PangoFT2RenderedGlyph, box); + return NULL; + } /* draw the box */ for (j = 0; j < line_width; j++) @@ -226,6 +234,11 @@ pango_ft2_font_render_glyph (PangoFont * rendered->bitmap_left = face->glyph->bitmap_left; rendered->bitmap_top = face->glyph->bitmap_top; + if (G_UNLIKELY (!rendered->bitmap.buffer)) { + g_slice_free (PangoFT2RenderedGlyph, rendered); + return NULL; + } + return rendered; } else @@ -276,6 +289,8 @@ pango_ft2_renderer_draw_glyph (PangoRend if (rendered_glyph == NULL) { rendered_glyph = pango_ft2_font_render_glyph (font, glyph); + if (rendered_glyph == NULL) + return; add_glyph_to_cache = TRUE; }