[ft-devel] Crash because of invalid use of setjmp

[Jens Claudius]

Hi,

on my system ftvalid crashes when I run it on SIL Charis (get it from
http://scripts.sil.org/cms/scripts/page.php?site_id=nrsi&id=CharisSILfont&_sc=1).

I’ve got a Gentoo AMD64, and use gcc (to be precise: (GCC) 4.1.1 (Gentoo
4.1.1)).
My compiler options are
-ggdb -O2 -fno-strict-aliasing -Wall -Wextra -DFT_DEBUG_LEVEL_TRACE
-DTT_CONFIG_OPTION_BYTECODE_INTERPRETER;
the crash doesn’t happen if I compile with -O0.

What happens is that this font has invalid GPOS tables. This is correctly
detected
by FreeType in otv_Coverage_validate(), which calls ft_validator_error(), which
calls ft_longjmp. This, however, jumps into otv_GPOS_validate(), although the
corresponding ft_validator_run() was called by otv_validate() (otvmod.c:137).
Here is a stack trace until the call to ft_validator_error():

#0  ft_validator_error (valid=0x7fffffec6100, error=8) at ftobjs.c:92
#1  0x00002ad3e026045b in otv_Coverage_validate (table=<value optimized out>,
valid=0x7fffffec61e0) at otvcommn.c:90
#2  0x00002ad3e02618a6 in otv_SinglePos_validate (table=0x5129cc "",
valid=0x7fffffec61e0) at otvgpos.c:398
#3  0x00002ad3e025f2df in otv_Lookup_validate (table=0x5129c4 "",
valid=0x7fffffec61e0) at otvcommn.c:344
#4  0x00002ad3e025f4b8 in otv_LookupList_validate (table=0x5129ba "",
valid=0x7fffffec61e0) at otvcommn.c:373
#5  0x00002ad3e0263b87 in otv_validate (face=0x50b080, ot_flags=<value
optimized out>, ot_base=0x7fffffec6350, ot_gdef=0x7fffffec6358,
ot_gpos=0x7fffffec6360, ot_gsub=0x7fffffec6368,  ot_jstf=0x7fffffec6370) at
otvgpos.c:1002
#6  0x00000000004017d4 in main (argc=<value optimized out>, argv=<value
optimized out>) at
/var/tmp/portage/freetype-2.2.1/work/ft2demos-2.2.1/src/ftvalid.c:438

It seems that the culprit is calling setjmp from within a function
(namely ft_validator_error()). So says the GNU libc manual:

“There are a lot of obscure but important restrictions on the use of
‘setjmp’ and ‘longjmp’. [...]

Return points are valid only during the dynamic extent of the
function that called ‘setjmp’ to establish them.  If you ‘longjmp’ to a
return point that was established in a function that has already
returned, unpredictable and disastrous things are likely to happen.”

So it seems that we cannot encapsulate setjmp() within a function. Indeed, if
I replace the function declaration of ft_validator_run() with a macro
like this

#define ft_validator_run( valid ) setjmp( (valid)->jump_buffer )

the crash is gone.

I would check in this change to CVS, but I’d like to know first why it
wasn’t done this way before. Are there compatibility problems with
systems that don’t have (working) setjmp/longjmp?

Jens

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com