[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Devel] FTC_Manager - crashing on 'FTC_Manager_Done'
From: |
David Turner |
Subject: |
Re: [Devel] FTC_Manager - crashing on 'FTC_Manager_Done' |
Date: |
Tue, 05 Dec 2000 15:20:09 +0100 |
Hi Richard,
Richard Barber a écrit :
>
> Hi,
>
> I'm currently trying out the new cache module for Freetype2 but have run
> into a problem when I try to shut down the cache manager in
> FTC_Manager_Done, resulting in an access to a memory block that's already
> been free()'d - and therefore, in a crash.
>
> In ftcmanag.c (lines 299-300), it appears to first free the Size list for
> the specific LRU cache and THEN to attempt to free the Face list for the
> same cache. After that, in ftlru.c, while freeing the Face list, it then
> tries to free the list of Sizes for that face (which, by then have already
> been freed).
>
> Is there any reason for freeing the Size list as well as the Face list
> (in two seperate steps), since don't all FT_Size objects have a parent
> face which will already be in the face list - or are there some
> circumstances where this won't be the case?
>
Actually, the two lines were simply inverted. They should read:
FT_Lru_Done( manager->faces_lru );
FT_Lru_Done( manager->sizes_lru );
instead of the "current":
FT_Lru_Done( manager->sizes_lru );
FT_Lru_Done( manager->faces_lru );
in the current code, calling FT_Lru_Done( manager->sizes_lru )
leaves a dangling pointer in "manager->sizes_lru". Unfortunately,
the latter is used to destroy the faces, which explains the bug
When the lines are reset in order, all FT_Face and FT_Size
objects are destroyed by FT_Lru_Done( manager->faces_lru ),
while the call to FT_Lru_Done( manager->sizes_lru ) is only
used to release the empty cache object.
Thanks for the bug report, I've just committed the fix to
the CVS.
Regards,
- David Turner