diff options
-rw-r--r-- | xfa/fgas/font/cfgas_fontmgr.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/xfa/fgas/font/cfgas_fontmgr.cpp b/xfa/fgas/font/cfgas_fontmgr.cpp index b4e6bdc912..d7acc62eef 100644 --- a/xfa/fgas/font/cfgas_fontmgr.cpp +++ b/xfa/fgas/font/cfgas_fontmgr.cpp @@ -229,8 +229,12 @@ const FX_FONTDESCRIPTOR* CFGAS_FontMgr::FindFont(const wchar_t* pszFontFamily, if (!pszFontFamily) return nullptr; + // Use a named object to store the returned value of EnumGdiFonts() instead + // of using a temporary object. This can prevent use-after-free issues since + // pDesc may point to one of std::deque object's elements. + std::deque<FX_FONTDESCRIPTOR> namedFonts = EnumGdiFonts(pszFontFamily, wUnicode); params.pwsFamily = nullptr; - pDesc = MatchDefaultFont(¶ms, EnumGdiFonts(pszFontFamily, wUnicode)); + pDesc = MatchDefaultFont(¶ms, namedFonts); if (!pDesc) return nullptr; |