[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ft-devel] cff_get_name_index crash
From: |
Tom Parker |
Subject: |
[ft-devel] cff_get_name_index crash |
Date: |
Tue, 06 Feb 2007 17:28:00 +0100 |
User-agent: |
Icedove 1.5.0.9 (X11/20061220) |
While trying to track down an evince crash (see
http://bugzilla.gnome.org/show_bug.cgi?id=403791) I appear to have found
an error in freetype, and I've got a patch to fix it. Stack trace
without the patch is as follows:
#0 0x40d83d5a in strcmp () from /lib/tls/i686/cmov/libc.so.6
#1 0x412e7202 in cff_get_name_index (face=0x41c22ae0,
glyph_name=0x412548d3 "space")
at /local/palfrey/src/freetype2/src/cff/cffdrivr.c:273
#2 0x412c633c in FT_Get_Name_Index (face=0x41c22ae0,
glyph_name=0x412548d3 "space") at
/local/palfrey/src/freetype2/src/base/ftobjs.c:2868
#3 0x401cc374 in CairoFont::create (gfxFont=0x41c204e0, xref=0x82a27e0,
lib=0x82e61c8, useCIDs=1) at CairoFontEngine.cc:130
#4 0x401cc9ea in CairoFontEngine::getFont (this=0x82eaf08,
gfxFont=0x41c204e0, xref=0x82a27e0) at CairoFontEngine.cc:353
The strcmp is done without checking that the return value was sane, and
so it crashes. This is mainly due to the test file in question being
horribly corrupted, but that's still not a good excuse for crashing.
With the attached patch, it doesn't crash.
Thanks,
Tom Parker
--
address@hidden - http://tevp.net
Illegitimus non carborundum
? fix-strcmp.patch
? src/cff/.cffdrivr.c.swp
Index: src/cff/cffdrivr.c
===================================================================
RCS file: /sources/freetype/freetype2/src/cff/cffdrivr.c,v
retrieving revision 1.64
diff -u -r1.64 cffdrivr.c
--- src/cff/cffdrivr.c 17 Jan 2007 12:45:25 -0000 1.64
+++ src/cff/cffdrivr.c 6 Feb 2007 16:26:00 -0000
@@ -270,6 +270,8 @@
else
name = (FT_String *)psnames->adobe_std_strings( sid );
+ if (name == NULL)
+ continue;
result = ft_strcmp( glyph_name, name );
if ( sid > 390 )
- [ft-devel] cff_get_name_index crash,
Tom Parker <=