Bug#422901: marked as done (fontforge: crashes on amd64)

Wed, 09 May 2007 23:46:44 -0700 

Your message dated Thu, 10 May 2007 06:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#422901: fixed in fontforge 0.0.20070501-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: fontforge
Version: 0.0.20070501-1
Severity: grave
Tags: patch

fontforge crashes on amd64 during compilation on ttf-dejavu package:

% ./generate.sh
Copyright (c) 2000-2007 by George Williams.
 Executable based on sources from 13:10 1-May-2007.
 Segmentation fault

This does not happen on i386, but given multiple errors from valgrind I
think it can crash with other fonts, generate incorrect output or do
other strange things.

The problem is in code like the following (from lookups.c):

     if ( cnt>=tot )
            lookups = grealloc(lookups,(tot++)*sizeof(uint32));
     lookups[cnt] = 0;

Here there are two things:
1. lookups = grealloc(lookups,(tot++)*sizeof(uint32));
   Befor those lines lookups was allocated as array of tot values, so
   this line can be simplified to just:
   tot++
   This line gives no other results. And line that follows will write to
   random parts of memory (but see #2).
2. In this part of code lookups is defined as array of pointers. Those
   pointers are 64-bit on amd64. So this code will shrink allocated
   memory. This point does not apply to other 2 instances of such code.

Attached patch fixes this problem by replacing tot++ by tot=cnt+1, so
next line will write to allocated memory. This patch also fixes
incorrect type for lookups array.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.21-me (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=uk_UA.UTF-8, LC_CTYPE=uk_UA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages fontforge depends on:
ii  libc6                     2.5-7          GNU C Library: Shared libraries
ii  libfreetype6              2.2.1-5        FreeType 2 font engine, shared lib
ii  libice6                   1:1.0.3-2      X11 Inter-Client Exchange library
ii  libjpeg62                 6b-13          The Independent JPEG Group's JPEG 
ii  libpng12-0                1.2.15~beta5-1 PNG library - runtime
ii  libsm6                    1:1.0.2-2      X11 Session Management library
ii  libtiff4                  3.8.2-7        Tag Image File Format (TIFF) libra
ii  libungif4g                4.1.4-4        shared library for GIF images
ii  libuninameslist0          0.0.20060907-2 a library of Unicode annotation da
ii  libx11-6                  2:1.0.3-7      X11 client-side library
ii  libxml2                   2.6.28.dfsg-1  GNOME XML library
ii  python2.4                 2.4.4-4        An interactive high-level object-o
ii  zlib1g                    1:1.2.3-13     compression library - runtime

fontforge recommends no packages.

-- no debconf information

Index: fontforge/fontforge/lookups.c
===================================================================
--- fontforge/fontforge/lookups.c.orig	2007-05-08 20:33:22.000000000 +0200
+++ fontforge/fontforge/lookups.c	2007-05-08 20:34:13.000000000 +0200
@@ -187,7 +187,7 @@
     qsort(scripts,cnt,sizeof(uint32),uint32_cmp);
     /* add a 0 entry to mark the end of the list */
     if ( cnt>=tot )
-	scripts = grealloc(scripts,(tot++)*sizeof(uint32));
+	scripts = grealloc(scripts,(tot=cnt+1)*sizeof(uint32));
     scripts[cnt] = 0;
 return( scripts );
 }
@@ -259,7 +259,7 @@
     qsort(langs,cnt,sizeof(uint32),lang_cmp);
     /* add a 0 entry to mark the end of the list */
     if ( cnt>=tot )
-	langs = grealloc(langs,(tot++)*sizeof(uint32));
+	langs = grealloc(langs,(tot=cnt+1)*sizeof(uint32));
     langs[cnt] = 0;
 return( langs );
 }
@@ -373,7 +373,7 @@
     /* lookup order is irrelevant here. might as well leave it in invocation order */
     /* add a 0 entry to mark the end of the list */
     if ( cnt>=tot )
-	lookups = grealloc(lookups,(tot++)*sizeof(uint32));
+	lookups = grealloc(lookups,(tot=cnt+1)*sizeof(OTLookup *));
     lookups[cnt] = 0;
 return( lookups );
 }

--- End Message ---
--- Begin Message --- 
Source: fontforge
Source-Version: 0.0.20070501-2

We believe that the bug you reported is fixed in the latest version of
fontforge, which is due to be installed in the Debian FTP archive:

fontforge-doc_0.0.20070501-2_all.deb
  to pool/main/f/fontforge/fontforge-doc_0.0.20070501-2_all.deb
fontforge_0.0.20070501-2.diff.gz
  to pool/main/f/fontforge/fontforge_0.0.20070501-2.diff.gz
fontforge_0.0.20070501-2.dsc
  to pool/main/f/fontforge/fontforge_0.0.20070501-2.dsc
fontforge_0.0.20070501-2_i386.deb
  to pool/main/f/fontforge/fontforge_0.0.20070501-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kęstutis Biliūnas <[EMAIL PROTECTED]> (supplier of updated fontforge package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 09 May 2007 12:00:28 +0300
Source: fontforge
Binary: fontforge-doc fontforge
Architecture: source i386 all
Version: 0.0.20070501-2
Distribution: unstable
Urgency: low
Maintainer: Kęstutis Biliūnas <[EMAIL PROTECTED]>
Changed-By: Kęstutis Biliūnas <[EMAIL PROTECTED]>
Description: 
 fontforge  - Font editor for PS, TrueType and OpenType fonts
 fontforge-doc - Documentation for FontForge
Closes: 422901
Changes: 
 fontforge (0.0.20070501-2) unstable; urgency=low
 .
   * debian/patches: added patch 1000_fix_reallocs.diff for fixing lookups
     allocating on the 64-bit architectures. Thanks to Eugeniy Meshcheryakov
     <[EMAIL PROTECTED]>. (Closes: #422901).
Files: 
 666868caf54bdc9deee099b7c34bc57a 932 graphics optional 
fontforge_0.0.20070501-2.dsc
 f68631c91fa62d4bb09ac66de65f4e28 14395 graphics optional 
fontforge_0.0.20070501-2.diff.gz
 4a3f4c09f086ccb3a1820e61cb1e6edd 4206104 graphics optional 
fontforge_0.0.20070501-2_i386.deb
 1ba7a314d1f3305f18f01d438fa21ebb 2600504 doc optional 
fontforge-doc_0.0.20070501-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGQrcq1OXtrMAUPS0RAgZwAJ4iTBhC6uejjTiEY1R3DNE4p/Uy2QCgnj4P
kjdJqV/0OiBwgcpJ2hUdXZs=
=VgQ5
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to