[Devel] Memory corruption problem

[Werner LEMBERG]

After the flood we can hopefully start the discussion on the problem.

> Sorry about the format, no printf here, I had to plug my logging
> code.  Hope I got the maximum trace level right, as I had to make
> some changes in order to get rid of the non-const
> un/initialized-data used by the debugging code.

Please send your patches so that I can include them in the CVS.

> I added a few traces and found the following:
>
> sfobjs.c : sfnt_load_face()
> .....
> FT_Face    root = &face->root;
> ..... added trace("root=%d\n", root) everywhere
>
> the following line corrupts root :
>
>     tt_face_build_cmaps( face );
>
> A trace(root) after that line reports a different value (often 0)
> than the first one.  trace(face) reports that it has also
> changed...  so we have stack corruption. (sort of, seems just the sp
> is affected)
>
> Just tried on VC++ and root isn't corrupted.
>
> The setjmp stuff on tt_face_build_cmaps is causing the trouble.  I
> can't suggest a fix as I don't have the slightest idea on what the
> code is supposed to do.

The idea of setjmp is to simplify error handling.  As soon as an error
happens in the validation routines for cmaps, a longjmp call is
executed.  It is no longer necessary to test an error variable on each
function level.  Have a look at the new `otvalid' module which uses
exactly the same technique.

> A last comment regarding FreeType2: the problem is definitely the
> setjmp/longjmp constructs.  There's a local variable somewhere that
> must be marked as volatile but isn't.  Perhaps it's hidden in a
> macro.

I must admit that I don't know how to handle volatile stuff.  The
validation routines and macros are defined in the files
src/base/ftobjs.c (ft_validator_*) and
include/freetype/internal/ftvalid.h (a new file in the CVS; in older
versions the declarations are in include/freetype/internal/ftobjs.h).
Maybe you find something suspicious.


    Werner