freetype 2.3.7 crashes for me on x86_64 when calling the following small fontforge script:
[EMAIL PROTECTED]:/tmp/fontforge-bug$ cat copy-uni3231 #!/usr/bin/fontforge # # Copy U+3231 from Sazanami Gothic into Sazanami Mincho Open ("sazanami-gothic.ttf") Select("uni3231") Copy () Close () Open ("sazanami-mincho.ttf") Select ("uni3231") Paste () Generate ("sazanami-mincho.ttf", "ttf", 0) Close () [EMAIL PROTECTED]:/tmp/fontforge-bug$ fontforge calls FT_Open_Face() with 0 for the FT_Library argument, then error = FT_Stream_New( library, args, &stream ); if ( error ) goto Fail3; fails with error 0x21 ("invalid library handle") and Fail3: /* If we are on the mac, and we get an FT_Err_Invalid_Stream_Operation */ /* it may be because we have an empty data fork, so we need to check */ /* the resource fork. */ if ( FT_ERROR_BASE( error ) != FT_Err_Cannot_Open_Stream && FT_ERROR_BASE( error ) != FT_Err_Unknown_File_Format && FT_ERROR_BASE( error ) != FT_Err_Invalid_Stream_Operation ) goto Fail2; jumps to: Fail2: FT_Stream_Free( stream, external_stream ); which crashes because “stream” has not been initialized and contains some junk. That fontforge calls FT_Open_Face() with an invalid library handle might be a fontforge bug but freetype2 should not try to free “stream” if “stream” has not been allocated. Initializing stream with NULL in FT_Open_Face() fixes this. -- Mike FABIAN <[EMAIL PROTECTED]> http://www.suse.de/~mfabian 睡眠不足はいい仕事の敵だ。 I � Unicode
diff -ru freetype-2.3.7.orig//src/base/ftobjs.c freetype-2.3.7/src/base/ftobjs.c --- freetype-2.3.7.orig//src/base/ftobjs.c 2008-06-10 06:57:53.000000000 +0200 +++ freetype-2.3.7/src/base/ftobjs.c 2008-08-18 16:16:38.000000000 +0200 @@ -1713,7 +1713,7 @@ FT_Error error; FT_Driver driver; FT_Memory memory; - FT_Stream stream; + FT_Stream stream = NULL; FT_Face face = 0; FT_ListNode node = 0; FT_Bool external_stream;
_______________________________________________ Freetype-devel mailing list Freetype-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/freetype-devel