Package: fontforge
Version: 0.0.20070607-3
Severity: important
Tags: patch
Fontforge segfaults during scrolling (using PgDown button) of main window
when DejaVuSans font is loaded. It segfaults just after showing first
page with characters outside BMP.
Problem is in code like this:
unicode_backtrans[ch>>8][ch&0xff]
Here unicode_backtrans is array with 256 memebers, ch is character code
with value larger than 0xffff. So unicode_backtrans[ch>>8] gives some
junk that than dereferenced.
Attached patch fixes this by returning 0 for such expressions.
There is also code like this:
unicode_backtrans[ch>>8])!=NULL
It allway returns 1 for all valid values of ch, so probably should be
removed. Attached patch does not do this.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.22-me (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=uk_UA.UTF-8, LC_CTYPE=uk_UA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages fontforge depends on:
ii libc6 2.6-2 GNU C Library: Shared libraries
ii libfreetype6 2.3.5-1 FreeType 2 font engine, shared lib
ii libice6 1:1.0.3-2 X11 Inter-Client Exchange library
ii libjpeg62 6b-13 The Independent JPEG Group's JPEG
ii libpng12-0 1.2.15~beta5-2 PNG library - runtime
ii libsm6 2:1.0.3-1+b1 X11 Session Management library
ii libtiff4 3.8.2-7 Tag Image File Format (TIFF) libra
ii libungif4g 4.1.4-5+b1 shared library for GIF images
ii libuninameslist0 0.0.20060907-2 a library of Unicode annotation da
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxi6 2:1.1.1-1 X11 Input extension library
ii libxml2 2.6.29.dfsg-1 GNOME XML library
ii python2.4 2.4.4-4 An interactive high-level object-o
ii zlib1g 1:1.2.3.3.dfsg-5 compression library - runtime
fontforge recommends no packages.
-- no debconf information
Index: fontforge/gdraw/gdrawtxt.c
===================================================================
--- fontforge/gdraw/gdrawtxt.c.orig 2007-07-11 22:04:19.000000000 +0200
+++ fontforge/gdraw/gdrawtxt.c 2007-07-11 22:04:27.000000000 +0200
@@ -624,7 +624,7 @@
above = 0;
if ( ch=='\t' ) some = 0;
else for ( level=0; level<name_cnt+3; ++level ) {
- some = unicode_backtrans[ch>>8][ch&0xff] | (1<<em_unicode);
+ some = ((ch>>8 > 255)? 0 : unicode_backtrans[ch>>8][ch&0xff]) | (1<<em_unicode);
for ( ; level<name_cnt+3; ++level ) {
if ( some&fi->level_masks[level] )
break;
@@ -651,7 +651,7 @@
/* letter they combine with. Even if they aren't in that font*/
continue;
else {
- some = unicode_backtrans[ch>>8][ch&0xff] | (1<<em_unicode);
+ some = ((ch>>8 > 255)? 0 : unicode_backtrans[ch>>8][ch&0xff]) | (1<<em_unicode);
}
if ( some&above ) /* a better font matches this character*/
break;
@@ -733,7 +733,7 @@
some = 0;
if ( text!=strt && iscombining(ch))
continue;
- if ( (plane = unicode_backtrans[ch>>8])!=NULL )
+ if ( (plane = (ch>>8 > 255)? 0 : unicode_backtrans[ch>>8])!=NULL )
some = plane[ch&0xff];
if ( (some&above) ||
UnicodeCharExists(fi->mapped_to,fi->fonts[em_unicode],ch,fi ) ||
@@ -754,7 +754,7 @@
some = 0;
if ( text!=strt && iscombining(ch))
continue;
- if ( (plane = unicode_backtrans[ch>>8])!=NULL )
+ if ( (plane = (ch>>8 > 255)? 0 : unicode_backtrans[ch>>8])!=NULL )
some = plane[ch&0xff];
if ( (some&above) )
break;
@@ -936,7 +936,7 @@
}
for ( level=0; level<fi->fam->name_cnt+3; ++level ) {
- some = unicode_backtrans[ch>>8][ch&0xff] | (1<<em_unicode);
+ some = ((ch>>8 > 255)? 0 : unicode_backtrans[ch>>8][ch&0xff]) | (1<<em_unicode);
some &= fi->level_masks[level];
if ( some==(1<<em_unicode) ) {
if ( UnicodeCharExists(fi->mapped_to,fi->unifonts[level],ch,fi)) {
@@ -954,7 +954,7 @@
if ( ch>=BottomAccent && ch<=TopAccent ) {
apt = accents[ch-BottomAccent]; aend = apt+3;
while ( apt<aend && *apt!='\0' ) {
- some = unicode_backtrans[ch>>8][ch&0xff] | (1<<em_unicode);
+ some = ((ch>>8 > 255)? 0 : unicode_backtrans[ch>>8][ch&0xff]) | (1<<em_unicode);
some &= fi->level_masks[level];
if ( some==(1<<em_unicode) &&
UnicodeCharExists(fi->mapped_to,fi->unifonts[level],*apt,fi)) {
