Fri May 10 14:41:27 2002  Owen Taylor  <otaylor@redhat.com>

	* pango/opentype/ftxgdef.c (TT_Load_GDEF_Table): Fix acess
	outside of a loaded frame and some memory leaks
	on failure.

Index: ftxgdef.c
===================================================================
RCS file: /cvs/gnome/pango/pango/opentype/ftxgdef.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -p -r1.5 -r1.6
--- ftxgdef.c	7 May 2002 20:38:50 -0000	1.5
+++ ftxgdef.c	10 May 2002 18:44:47 -0000	1.6
@@ -187,7 +187,7 @@
       gdef->GlyphClassDef.loaded = FALSE;
 
     if ( ACCESS_Frame( 2L ) )
-      goto Fail0;
+      goto Fail1;
 
     new_offset = GET_UShort();
 
@@ -208,7 +208,7 @@
       gdef->AttachList.loaded = FALSE;
 
     if ( ACCESS_Frame( 2L ) )
-      return error;
+      goto Fail2;
 
     new_offset = GET_UShort();
 
@@ -232,8 +232,13 @@
        first have to scan the LookupFlag values to find out whether we
        must load it or not.  Here we only store the offset of the table. */
 
+    if ( ACCESS_Frame( 2L ) )
+      goto Fail3;
+
     new_offset = GET_UShort();
 
+    FORGET_Frame();
+
     if ( new_offset )
       gdef->MarkAttachClassDef_offset = new_offset + base_offset;
     else
@@ -248,6 +253,9 @@
 
     return TT_Err_Ok;
 
+  Fail3:
+    Free_LigCaretList( &gdef->LigCaretList, memory );
+    
   Fail2:
     Free_AttachList( &gdef->AttachList, memory );