forwarded 422901 [EMAIL PROTECTED] tags 422901 pending thanks An, 2007 05 08 20:52 +0200, Eugeniy Meshcheryakov rašė: > Package: fontforge > Version: 0.0.20070501-1 > Severity: grave > Tags: patch > > fontforge crashes on amd64 during compilation on ttf-dejavu package: > > % ./generate.sh > Copyright (c) 2000-2007 by George Williams. > Executable based on sources from 13:10 1-May-2007. > Segmentation fault > > This does not happen on i386, but given multiple errors from valgrind I > think it can crash with other fonts, generate incorrect output or do > other strange things. > > The problem is in code like the following (from lookups.c): > > if ( cnt>=tot ) > lookups = grealloc(lookups,(tot++)*sizeof(uint32)); > lookups[cnt] = 0; > > Here there are two things: > 1. lookups = grealloc(lookups,(tot++)*sizeof(uint32)); > Befor those lines lookups was allocated as array of tot values, so > this line can be simplified to just: > tot++ > This line gives no other results. And line that follows will write to > random parts of memory (but see #2). > 2. In this part of code lookups is defined as array of pointers. Those > pointers are 64-bit on amd64. So this code will shrink allocated > memory. This point does not apply to other 2 instances of such code. > > Attached patch fixes this problem by replacing tot++ by tot=cnt+1, so > next line will write to allocated memory. This patch also fixes > incorrect type for lookups array. > > -- System Information: > Debian Release: lenny/sid > APT prefers unstable > APT policy: (500, 'unstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 2.6.21-me (SMP w/2 CPU cores; PREEMPT) > Locale: LANG=uk_UA.UTF-8, LC_CTYPE=uk_UA.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages fontforge depends on: > ii libc6 2.5-7 GNU C Library: Shared libraries > ii libfreetype6 2.2.1-5 FreeType 2 font engine, shared > lib > ii libice6 1:1.0.3-2 X11 Inter-Client Exchange library > ii libjpeg62 6b-13 The Independent JPEG Group's > JPEG > ii libpng12-0 1.2.15~beta5-1 PNG library - runtime > ii libsm6 1:1.0.2-2 X11 Session Management library > ii libtiff4 3.8.2-7 Tag Image File Format (TIFF) > libra > ii libungif4g 4.1.4-4 shared library for GIF images > ii libuninameslist0 0.0.20060907-2 a library of Unicode annotation > da > ii libx11-6 2:1.0.3-7 X11 client-side library > ii libxml2 2.6.28.dfsg-1 GNOME XML library > ii python2.4 2.4.4-4 An interactive high-level > object-o > ii zlib1g 1:1.2.3-13 compression library - runtime
Спасибі Евгеній. Especially for the patch. This patch already applied on my local copy and the bug will be closed on the next upload. George, what you can say about this patch? -- Kęstutis Biliūnas <[EMAIL PROTECTED]>
Index: fontforge/fontforge/lookups.c
===================================================================
--- fontforge/fontforge/lookups.c.orig 2007-05-08 20:33:22.000000000 +0200
+++ fontforge/fontforge/lookups.c 2007-05-08 20:34:13.000000000 +0200
@@ -187,7 +187,7 @@
qsort(scripts,cnt,sizeof(uint32),uint32_cmp);
/* add a 0 entry to mark the end of the list */
if ( cnt>=tot )
- scripts = grealloc(scripts,(tot++)*sizeof(uint32));
+ scripts = grealloc(scripts,(tot=cnt+1)*sizeof(uint32));
scripts[cnt] = 0;
return( scripts );
}
@@ -259,7 +259,7 @@
qsort(langs,cnt,sizeof(uint32),lang_cmp);
/* add a 0 entry to mark the end of the list */
if ( cnt>=tot )
- langs = grealloc(langs,(tot++)*sizeof(uint32));
+ langs = grealloc(langs,(tot=cnt+1)*sizeof(uint32));
langs[cnt] = 0;
return( langs );
}
@@ -373,7 +373,7 @@
/* lookup order is irrelevant here. might as well leave it in invocation order */
/* add a 0 entry to mark the end of the list */
if ( cnt>=tot )
- lookups = grealloc(lookups,(tot++)*sizeof(uint32));
+ lookups = grealloc(lookups,(tot=cnt+1)*sizeof(OTLookup *));
lookups[cnt] = 0;
return( lookups );
}
signature.asc
Description: Ši laiško dalis yra pasirašyta skaitmeniniu būdu
