Bug#432762: fontforge: segfaults during scrolling

Kęstutis Biliūnas Thu, 12 Jul 2007 15:40:59 -0700

forwarded 432762 [EMAIL PROTECTED]
tags 432762 pending
thanks

Tr, 2007 07 11 22:19 +0200, Eugeniy Meshcheryakov rašė:
> Package: fontforge
> Version: 0.0.20070607-3
> Severity: important
> Tags: patch
> 
> Fontforge segfaults during scrolling (using PgDown button) of main window
> when DejaVuSans font is loaded. It segfaults just after showing first
> page with characters outside BMP.
> 
> Problem is in code like this:
> 
>    unicode_backtrans[ch>>8][ch&0xff]
> 
> Here unicode_backtrans is array with 256 memebers, ch is character code
> with value larger than 0xffff. So unicode_backtrans[ch>>8] gives some
> junk that than dereferenced.
> 
> Attached patch fixes this by returning 0 for such expressions.
> 
> There is also code like this:
> 
>     unicode_backtrans[ch>>8]!=NULL
> 
> It allway returns 1 for all valid values of ch, so probably should be
> removed. Attached patch does not do this.
> 
> -- System Information:
> Debian Release: lenny/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 2.6.22-me (SMP w/2 CPU cores; PREEMPT)
> Locale: LANG=uk_UA.UTF-8, LC_CTYPE=uk_UA.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> 
> Versions of packages fontforge depends on:
> ii  libc6                   2.6-2            GNU C Library: Shared libraries
> ii  libfreetype6            2.3.5-1          FreeType 2 font engine, shared 
> lib
> ii  libice6                 1:1.0.3-2        X11 Inter-Client Exchange library
> ii  libjpeg62               6b-13            The Independent JPEG Group's 
> JPEG 
> ii  libpng12-0              1.2.15~beta5-2   PNG library - runtime
> ii  libsm6                  2:1.0.3-1+b1     X11 Session Management library
> ii  libtiff4                3.8.2-7          Tag Image File Format (TIFF) 
> libra
> ii  libungif4g              4.1.4-5+b1       shared library for GIF images
> ii  libuninameslist0        0.0.20060907-2   a library of Unicode annotation 
> da
> ii  libx11-6                2:1.0.3-7        X11 client-side library
> ii  libxi6                  2:1.1.1-1        X11 Input extension library
> ii  libxml2                 2.6.29.dfsg-1    GNOME XML library
> ii  python2.4               2.4.4-4          An interactive high-level 
> object-o
> ii  zlib1g                  1:1.2.3.3.dfsg-5 compression library - runtime
> 
> fontforge recommends no packages.
> 
> -- no debconf information
-- 
Kęstutis Biliūnas <[EMAIL PROTECTED]>

Index: fontforge/gdraw/gdrawtxt.c
===================================================================
--- fontforge/gdraw/gdrawtxt.c.orig	2007-07-13 01:02:16.000000000 +0300
+++ fontforge/gdraw/gdrawtxt.c	2007-07-13 01:02:42.000000000 +0300
@@ -624,7 +624,7 @@
     above = 0;
     if ( ch=='\t' ) some = 0;
     else for ( level=0; level<name_cnt+3; ++level ) {
-	some = unicode_backtrans[ch>>8][ch&0xff] | (1<<em_unicode);
+	some = ((ch>>8 > 255)? 0 : unicode_backtrans[ch>>8][ch&0xff]) | (1<<em_unicode);
 	for ( ; level<name_cnt+3; ++level ) {
 	    if ( some&fi->level_masks[level] )
 	break;
@@ -651,7 +651,7 @@
 		/*  letter they combine with. Even if they aren't in that font*/
 	continue;
 	    else {
-		some = unicode_backtrans[ch>>8][ch&0xff] | (1<<em_unicode);
+		some = ((ch>>8 > 255)? 0 : unicode_backtrans[ch>>8][ch&0xff]) | (1<<em_unicode);
 	    }
 	    if ( some&above )		/* a better font matches this character*/
 	break;
@@ -733,7 +733,7 @@
 	    some = 0;
 	    if ( text!=strt && iscombining(ch))
 	continue;
-	    if ( (plane = unicode_backtrans[ch>>8])!=NULL )
+	    if ( (plane = (ch>>8 > 255)? 0 : unicode_backtrans[ch>>8])!=NULL )
 		some = plane[ch&0xff];
 	    if ( (some&above) ||
 		    UnicodeCharExists(fi->mapped_to,fi->fonts[em_unicode],ch,fi ) ||
@@ -754,7 +754,7 @@
 	    some = 0;
 	    if ( text!=strt && iscombining(ch))
 	continue;
-	    if ( (plane = unicode_backtrans[ch>>8])!=NULL )
+	    if ( (plane = (ch>>8 > 255)? 0 : unicode_backtrans[ch>>8])!=NULL )
 		some = plane[ch&0xff];
 	    if ( (some&above) )
 	break;
@@ -936,7 +936,7 @@
     }
 
     for ( level=0; level<fi->fam->name_cnt+3; ++level ) {
-	some = unicode_backtrans[ch>>8][ch&0xff] | (1<<em_unicode);
+	some = ((ch>>8 > 255)? 0 : unicode_backtrans[ch>>8][ch&0xff]) | (1<<em_unicode);
 	some &= fi->level_masks[level];
 	if ( some==(1<<em_unicode) ) {
 	    if ( UnicodeCharExists(fi->mapped_to,fi->unifonts[level],ch,fi)) {
@@ -954,7 +954,7 @@
 	if ( ch>=BottomAccent && ch<=TopAccent ) {
 	    apt = accents[ch-BottomAccent]; aend = apt+3;
 	    while ( apt<aend && *apt!='\0' ) {
-		some = unicode_backtrans[ch>>8][ch&0xff] | (1<<em_unicode);
+		some = ((ch>>8 > 255)? 0 : unicode_backtrans[ch>>8][ch&0xff]) | (1<<em_unicode);
 		some &= fi->level_masks[level];
 		if ( some==(1<<em_unicode) &&
 			UnicodeCharExists(fi->mapped_to,fi->unifonts[level],*apt,fi)) {

signature.asc
Description: Ši laiško dalis yra pasirašyta skaitmeniniu būdu

Bug#432762: fontforge: segfaults during scrolling

Reply via email to