From c1dcd7c62cd0842f8c71668b955cde3a63ca5d57 Mon Sep 17 00:00:00 2001
From: Behdad Esfahbod <behdad@gnome.org>
Date: Mon, 10 Apr 2006 10:33:17 +0000
Subject: Fix minor bugs reported by the Coverity scan report.

2006-04-10  Behdad Esfahbod  <behdad@gnome.org>

        Fix minor bugs reported by the Coverity scan report.

        * pango/opentype/harfbuzz-gdef.c (HB_GDEF_Build_ClassDefinition):
        * pango/opentype/harfbuzz-gpos.c (HB_GPOS_Query_Scripts),
        (HB_GPOS_Query_Languages), (HB_GPOS_Query_Features): Do not access
        structs before we check them for nullity.

        * pango/pango-layout.c (pango_layout_index_to_line),
        (pango_layout_index_to_line_and_extents),
        (pango_layout_index_to_pos): Check for invalid iterators outside the
        loop, so we don't crash.

        * pango/pango-layout.c (pango_layout_line_x_to_index): Set
        char_trailing instead of trailing in one of too many paths.  Should
        have been a typo.

        * pango/pangox.c (get_font_metrics_from_subfonts): Check for nullity
        somewhere.
---
 ChangeLog                      |  21 +++++++++
 pango/opentype/harfbuzz-gdef.c |   3 +-
 pango/opentype/harfbuzz-gpos.c |   9 ++--
 pango/pango-layout.c           | 100 +++++++++++++++++++++--------------------
 pango/pangox.c                 |   2 +-
 5 files changed, 82 insertions(+), 53 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c4c17ad1..1a908154 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,24 @@
+2006-04-10  Behdad Esfahbod  <behdad@gnome.org>
+
+	Fix minor bugs reported by the Coverity scan report.
+
+	* pango/opentype/harfbuzz-gdef.c (HB_GDEF_Build_ClassDefinition):
+	* pango/opentype/harfbuzz-gpos.c (HB_GPOS_Query_Scripts),
+	(HB_GPOS_Query_Languages), (HB_GPOS_Query_Features): Do not access
+	structs before we check them for nullity.
+
+	* pango/pango-layout.c (pango_layout_index_to_line),
+	(pango_layout_index_to_line_and_extents),
+	(pango_layout_index_to_pos): Check for invalid iterators outside the
+	loop, so we don't crash.
+	
+	* pango/pango-layout.c (pango_layout_line_x_to_index): Set
+	char_trailing instead of trailing in one of too many paths.  Should
+	have been a typo.
+
+	* pango/pangox.c (get_font_metrics_from_subfonts): Check for nullity
+	somewhere.
+
 2006-04-09  Tor Lillqvist  <tml@novell.com>
 
 	* pango/pango-utils.c (pango_quantize_line_geometry): Fix typo in
diff --git a/pango/opentype/harfbuzz-gdef.c b/pango/opentype/harfbuzz-gdef.c
index 9b81fc7b..5a649deb 100644
--- a/pango/opentype/harfbuzz-gdef.c
+++ b/pango/opentype/harfbuzz-gdef.c
@@ -887,7 +887,7 @@ FT_Error  HB_GDEF_Build_ClassDefinition( HB_GDEFHeader*  gdef,
   FT_UShort              start, curr_glyph, curr_class;
   FT_UShort              n, m, count;
   FT_Error               error;
-  FT_Memory              memory = gdef->memory;
+  FT_Memory              memory;
 
   HB_ClassDefinition*   gcd;
   HB_ClassRangeRecord*  gcrr;
@@ -897,6 +897,7 @@ FT_Error  HB_GDEF_Build_ClassDefinition( HB_GDEFHeader*  gdef,
   if ( !gdef || !glyph_array || !class_array )
     return FT_Err_Invalid_Argument;
 
+  memory = gdef->memory;
   gcd = &gdef->GlyphClassDef;
 
   /* We build a format 2 table */
diff --git a/pango/opentype/harfbuzz-gpos.c b/pango/opentype/harfbuzz-gpos.c
index d668749e..95f9a72a 100644
--- a/pango/opentype/harfbuzz-gpos.c
+++ b/pango/opentype/harfbuzz-gpos.c
@@ -5771,7 +5771,7 @@ FT_Error  HB_GPOS_Query_Scripts( HB_GPOSHeader*  gpos,
 				 FT_ULong**       script_tag_list )
 {
   FT_Error           error;
-  FT_Memory          memory = gpos->memory;
+  FT_Memory          memory;
   FT_UShort          n;
   FT_ULong*          stl;
 
@@ -5782,6 +5782,7 @@ FT_Error  HB_GPOS_Query_Scripts( HB_GPOSHeader*  gpos,
   if ( !gpos || !script_tag_list )
     return FT_Err_Invalid_Argument;
 
+  memory = gpos->memory;
   sl = &gpos->ScriptList;
   sr = sl->ScriptRecord;
 
@@ -5804,7 +5805,7 @@ FT_Error  HB_GPOS_Query_Languages( HB_GPOSHeader*  gpos,
 				   FT_ULong**       language_tag_list )
 {
   FT_Error            error;
-  FT_Memory           memory = gpos->memory;
+  FT_Memory           memory;
   FT_UShort           n;
   FT_ULong*           ltl;
 
@@ -5817,6 +5818,7 @@ FT_Error  HB_GPOS_Query_Languages( HB_GPOSHeader*  gpos,
   if ( !gpos || !language_tag_list )
     return FT_Err_Invalid_Argument;
 
+  memory = gpos->memory;
   sl = &gpos->ScriptList;
   sr = sl->ScriptRecord;
 
@@ -5850,7 +5852,7 @@ FT_Error  HB_GPOS_Query_Features( HB_GPOSHeader*  gpos,
 {
   FT_UShort           n;
   FT_Error            error;
-  FT_Memory           memory = gpos->memory;
+  FT_Memory           memory;
   FT_ULong*           ftl;
 
   HB_ScriptList*     sl;
@@ -5867,6 +5869,7 @@ FT_Error  HB_GPOS_Query_Features( HB_GPOSHeader*  gpos,
   if ( !gpos || !feature_tag_list )
     return FT_Err_Invalid_Argument;
 
+  memory = gpos->memory;
   sl = &gpos->ScriptList;
   sr = sl->ScriptRecord;
 
diff --git a/pango/pango-layout.c b/pango/pango-layout.c
index 6a99d242..a136ec16 100644
--- a/pango/pango-layout.c
+++ b/pango/pango-layout.c
@@ -1184,7 +1184,7 @@ pango_layout_index_to_line (PangoLayout      *layout,
     {
       PangoLayoutLine *tmp_line = tmp_list->data;
 
-      if (tmp_line && tmp_line->start_index > index)
+      if (tmp_line->start_index > index)
         break; /* index was in paragraph delimiters */
 
       prev_line = line;
@@ -1220,23 +1220,24 @@ pango_layout_index_to_line_and_extents (PangoLayout     *layout,
   
   iter = pango_layout_get_iter (layout);
 
-  while (TRUE)
-    {
-      PangoLayoutLine *tmp_line = pango_layout_iter_get_line (iter);
+  if (!IS_INVALID (iter))
+    while (TRUE)
+      {
+	PangoLayoutLine *tmp_line = pango_layout_iter_get_line (iter);
 
-      if (tmp_line && tmp_line->start_index > index)
-          break; /* index was in paragraph delimiters */
+	if (tmp_line->start_index > index)
+	    break; /* index was in paragraph delimiters */
 
-      line = tmp_line;
-      
-      pango_layout_iter_get_line_extents (iter, NULL, line_rect);
-      
-      if (line->start_index + line->length > index)
-        break;
+	line = tmp_line;
+	
+	pango_layout_iter_get_line_extents (iter, NULL, line_rect);
+	
+	if (line->start_index + line->length > index)
+	  break;
 
-      if (!pango_layout_iter_next_line (iter))
-	break; /* Use end of last line */
-    }
+	if (!pango_layout_iter_next_line (iter))
+	  break; /* Use end of last line */
+      }
 
   pango_layout_iter_free (iter);
 
@@ -1612,46 +1613,49 @@ pango_layout_index_to_pos (PangoLayout    *layout,
   
   iter = pango_layout_get_iter (layout);
 
-  while (TRUE)
+  if (!IS_INVALID (iter))
     {
-      PangoLayoutLine *tmp_line = pango_layout_iter_get_line (iter);
+      while (TRUE)
+	{
+	  PangoLayoutLine *tmp_line = pango_layout_iter_get_line (iter);
 
-      if (tmp_line && tmp_line->start_index > index)
-        {
-          /* index is in the paragraph delimiters, move to
-           * end of previous line
-           */
-          index = layout_line->start_index + layout_line->length;
-          break;
-        }
+	  if (tmp_line->start_index > index)
+	    {
+	      /* index is in the paragraph delimiters, move to
+	       * end of previous line
+	       */
+	      index = layout_line->start_index + layout_line->length;
+	      break;
+	    }
 
-      layout_line = tmp_line;
-      
-      pango_layout_iter_get_line_extents (iter, NULL, &logical_rect);
-      
-      if (layout_line->start_index + layout_line->length > index)
-        break;
+	  layout_line = tmp_line;
+	  
+	  pango_layout_iter_get_line_extents (iter, NULL, &logical_rect);
+	  
+	  if (layout_line->start_index + layout_line->length > index)
+	    break;
 
-      if (!pango_layout_iter_next_line (iter))
-        {
-	  index = layout_line->start_index + layout_line->length;
-          break;
-        }
-    }
+	  if (!pango_layout_iter_next_line (iter))
+	    {
+	      index = layout_line->start_index + layout_line->length;
+	      break;
+	    }
+	}
 
-  pos->y = logical_rect.y;
-  pos->height = logical_rect.height;
+      pos->y = logical_rect.y;
+      pos->height = logical_rect.height;
 
-  pango_layout_line_index_to_x (layout_line, index, 0, &x_pos);
-  pos->x = logical_rect.x + x_pos;
+      pango_layout_line_index_to_x (layout_line, index, 0, &x_pos);
+      pos->x = logical_rect.x + x_pos;
 
-  if (index < layout_line->start_index + layout_line->length)
-    {
-      pango_layout_line_index_to_x (layout_line, index, 1, &x_pos);
-      pos->width = (logical_rect.x + x_pos) - pos->x;
+      if (index < layout_line->start_index + layout_line->length)
+	{
+	  pango_layout_line_index_to_x (layout_line, index, 1, &x_pos);
+	  pos->width = (logical_rect.x + x_pos) - pos->x;
+	}
+      else
+	pos->width = 0;
     }
-  else
-    pos->width = 0;
   
   pango_layout_iter_free (iter);
 }
@@ -3573,7 +3577,7 @@ pango_layout_line_x_to_index (PangoLayoutLine *line,
 
 	  if (properties.shape_set)
 	    {
-	      *trailing = 0;
+	      char_trailing = false;
 	    }
 	  else
 	    {
diff --git a/pango/pangox.c b/pango/pangox.c
index 841c51e3..62af25c6 100644
--- a/pango/pangox.c
+++ b/pango/pangox.c
@@ -830,7 +830,7 @@ get_font_metrics_from_subfonts (PangoFont        *font,
 		}
 	    }
 
-          if (get_int_prop (avg_width_atom, fs, &avg_width))
+          if (fs && get_int_prop (avg_width_atom, fs, &avg_width))
             {
               /* convert decipoints --> Pango units.
                * Resolution is in (points * PANGO_SCALE) / pixel,
-- 
cgit v1.2.1