$ vflbanner -f /usr/share/fonts/truetype/liberation/LiberationSans-Regular.ttf
free(): invalid pointer
Aborted
Hello,
this seems to be call to hbf_release done twice [1].
If I see it right, if hbf_load_hbf_file is left via
the "Unexpected_Error" label, the hbf_release is still
called in function HBF_Open in the "Error" label.
So I tried to remove that hbf_release in hbf_load_hbf_file,
and the process can finish without crash [2].
In [3] there is another uninitialized access to
variable "uncomp_prog" pointed out by valgrind.
Kind regards,
Bernhard
[1]
==24083== Invalid free() / delete / delete[] / realloc()
==24083== at 0x484317B: free (vg_replace_malloc.c:872)
==24083== by 0x48767B3: hbf_release.part.0 (hbf.c:481)
==24083== by 0x4878236: hbf_release (hbf.c:480)
==24083== by 0x4878236: HBF_Open (hbf.c:119)
==24083== by 0x4878691: hbf_create (drv_hbf.c:295)
==24083== by 0x485DFFF: do_open_font.constprop.0 (VFlib.c:659)
==24083== by 0x485E818: open_font (VFlib.c:559)
==24083== by 0x485EF91: vf_openfont1 (VFlib.c:348)
==24083== by 0x10941C: vflbanner (vflbanner.c:109)
==24083== by 0x1091F9: main (vflbanner.c:70)
==24083== Address 0x50141c0 is 0 bytes inside a block of size 64 free'd
==24083== at 0x484317B: free (vg_replace_malloc.c:872)
==24083== by 0x48767B3: hbf_release.part.0 (hbf.c:481)
==24083== by 0x48776A9: hbf_release (hbf.c:480)
==24083== by 0x48776A9: hbf_load_hbf_file (hbf.c:470)
==24083== by 0x48781E0: HBF_Open (hbf.c:100)
==24083== by 0x4878691: hbf_create (drv_hbf.c:295)
==24083== by 0x485DFFF: do_open_font.constprop.0 (VFlib.c:659)
==24083== by 0x485E818: open_font (VFlib.c:559)
==24083== by 0x485EF91: vf_openfont1 (VFlib.c:348)
==24083== by 0x10941C: vflbanner (vflbanner.c:109)
==24083== by 0x1091F9: main (vflbanner.c:70)
==24083== Block was alloc'd at
==24083== at 0x48407B4: malloc (vg_replace_malloc.c:381)
==24083== by 0x486EB3E: vf_strdup (str.c:45)
==24083== by 0x48781A0: HBF_Open (hbf.c:86)
==24083== by 0x4878691: hbf_create (drv_hbf.c:295)
==24083== by 0x485DFFF: do_open_font.constprop.0 (VFlib.c:659)
==24083== by 0x485E818: open_font (VFlib.c:559)
==24083== by 0x485EF91: vf_openfont1 (VFlib.c:348)
==24083== by 0x10941C: vflbanner (vflbanner.c:109)
==24083== by 0x1091F9: main (vflbanner.c:70)
[2]
--- vflib3-3.7.2+dfsg.orig/src/hbf.c
+++ vflib3-3.7.2+dfsg/src/hbf.c
@@ -467,7 +467,6 @@ hbf_load_hbf_file(HBF hbf, SEXP fontdirs
Unexpected_Error:
if (uncomp_prog != NULL)
vf_close_uncompress_stream(fp);
- hbf_release(hbf);
return -1;
}
[3]
==31327== Conditional jump or move depends on uninitialised value(s)
==31327== at 0x4877698: hbf_load_hbf_file (hbf.c:468)
==31327== by 0x48781B0: HBF_Open (hbf.c:100)
==31327== by 0x4878661: hbf_create (drv_hbf.c:295)
==31327== by 0x485DFFF: do_open_font.constprop.0 (VFlib.c:659)
==31327== by 0x485E818: open_font (VFlib.c:559)
==31327== by 0x485EF91: vf_openfont1 (VFlib.c:348)
==31327== by 0x10941C: vflbanner (vflbanner.c:109)
==31327== by 0x1091F9: main (vflbanner.c:70)
--- vflib3-3.7.2+dfsg.orig/src/hbf.c
+++ vflib3-3.7.2+dfsg/src/hbf.c
@@ -126,7 +126,7 @@ hbf_load_hbf_file(HBF hbf, SEXP fontdirs
FILE *fp;
char linebuf[160], prop_string[160], *name, *file_path, *p;
char charset_name[80], charset_name2[80], charset_enc2[5], charset[90];
- char *uncomp_prog;
+ char *uncomp_prog = NULL;
int index, r, i, n;
hbf->byte2_range_start = NULL;
