Fix crash when font server connection lost

Always initialize the return value of fs_new_block_rec. Even if the
conn->blockState is FS_BROKEN_CONNECTION | FS_RECONNECTING, we must not
return with an uninitialized blockrec on the block list. When the
blockrec times out, _fs_clean_aborted_blockrec calls fs_cleanup_bfont,
which will try to follow pointers in the blockrec (which has not been
initialized).

Signed-off-by: Peter Harris <pharris@opentext.com>

1 files changed, 10 insertions, 10 deletions

diff --git a/src/fc/fserve.c b/src/fc/fserve.c
index 2d9c2c2..23895d6 100644
--- a/src/fc/fserve.c
+++ b/src/fc/fserve.c
@@ -1697,16 +1697,6 @@ fs_send_open_font(pointer client, FontPathElementPtr fpe, Mask flags,
 	return AllocError;
     }
 
-    /*
-     * Must check this before generating any protocol, otherwise we'll
-     * mess up a reconnect in progress
-     */
-    if (conn->blockState & (FS_BROKEN_CONNECTION | FS_RECONNECTING))
-    {
-	_fs_pending_reply (conn);
-	return Suspended;
-    }
-
     fsd->generation = conn->generation;
 
     bfont = (FSBlockedFontPtr) blockrec->data;
@@ -1718,6 +1708,16 @@ fs_send_open_font(pointer client, FontPathElementPtr fpe, Mask flags,
     bfont->clients_depending = (FSClientsDependingPtr)0;
     bfont->freeFont = (flags & FontReopen) == 0;
 
+    /*
+     * Must check this before generating any protocol, otherwise we'll
+     * mess up a reconnect in progress
+     */
+    if (conn->blockState & (FS_BROKEN_CONNECTION | FS_RECONNECTING))
+    {
+	_fs_pending_reply (conn);
+	return Suspended;
+    }
+
     _fs_client_access (conn, client, (flags & FontOpenSync) != 0);
     _fs_client_resolution(conn);