[Pkg-fonts-bugs] Bug#422901: fontforge: crashes on amd64

Eugeniy Meshcheryakov eugen at debian.org
Tue May 8 18:52:56 UTC 2007


Package: fontforge
Version: 0.0.20070501-1
Severity: grave
Tags: patch

fontforge crashes on amd64 during compilation on ttf-dejavu package:

% ./generate.sh
Copyright (c) 2000-2007 by George Williams.
 Executable based on sources from 13:10 1-May-2007.
 Segmentation fault

This does not happen on i386, but given multiple errors from valgrind I
think it can crash with other fonts, generate incorrect output or do
other strange things.

The problem is in code like the following (from lookups.c):

     if ( cnt>=tot )
            lookups = grealloc(lookups,(tot++)*sizeof(uint32));
     lookups[cnt] = 0;

Here there are two things:
1. lookups = grealloc(lookups,(tot++)*sizeof(uint32));
   Befor those lines lookups was allocated as array of tot values, so
   this line can be simplified to just:
   tot++
   This line gives no other results. And line that follows will write to
   random parts of memory (but see #2).
2. In this part of code lookups is defined as array of pointers. Those
   pointers are 64-bit on amd64. So this code will shrink allocated
   memory. This point does not apply to other 2 instances of such code.

Attached patch fixes this problem by replacing tot++ by tot=cnt+1, so
next line will write to allocated memory. This patch also fixes
incorrect type for lookups array.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.21-me (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=uk_UA.UTF-8, LC_CTYPE=uk_UA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages fontforge depends on:
ii  libc6                     2.5-7          GNU C Library: Shared libraries
ii  libfreetype6              2.2.1-5        FreeType 2 font engine, shared lib
ii  libice6                   1:1.0.3-2      X11 Inter-Client Exchange library
ii  libjpeg62                 6b-13          The Independent JPEG Group's JPEG 
ii  libpng12-0                1.2.15~beta5-1 PNG library - runtime
ii  libsm6                    1:1.0.2-2      X11 Session Management library
ii  libtiff4                  3.8.2-7        Tag Image File Format (TIFF) libra
ii  libungif4g                4.1.4-4        shared library for GIF images
ii  libuninameslist0          0.0.20060907-2 a library of Unicode annotation da
ii  libx11-6                  2:1.0.3-7      X11 client-side library
ii  libxml2                   2.6.28.dfsg-1  GNOME XML library
ii  python2.4                 2.4.4-4        An interactive high-level object-o
ii  zlib1g                    1:1.2.3-13     compression library - runtime

fontforge recommends no packages.

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1000_fix_reallocs.diff
Type: text/x-c
Size: 1183 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-fonts-bugs/attachments/20070508/e1464b33/1000_fix_reallocs.bin


More information about the Pkg-fonts-bugs mailing list