Bug#24509: test patch for this issue

Sat, 11 May 2013 08:03:19 -0700 

Hello,

I rebuilt the package 'chimera2_2.0a19-7_amd64.deb' with '-g -O0' then
collected the core dump file. And try to look into the issue with gdb:

(gdb) frame 0
#0  0x00007fe43a1bc5b7 in XFreeFont () from
/usr/lib/x86_64-linux-gnu/libX11.so.6
(gdb) frame 1
#1  0x0000000000423064 in FreeFontList (lc=0x1918f78, fl=0x1919040) at
font.c:393
warning: Source file is more recent than executable.
393 XFreeFont(lc->dpy, fl->fontInfo[i].xfi);
(gdb) list
388    for (i = 0; i < XLFD_COUNT; i++)
389    {
390      if (fl->fontInfo[i].xfi != NULL &&
391  fl->fontInfo[i].xfi != lc->defaultFont)
392      {
393 XFreeFont(lc->dpy, fl->fontInfo[i].xfi);
394      }
395    }
396  }
397  if (fl->names != NULL) XFreeFontNames(fl->names);
(gdb) p i
$1 = 8
(gdb) p fl->count
$2 = 8

Here fl->count is 8, but XLFD_COUNT is defined as 13, as
'fl->fontInfo[8].xfi' is not accessable, segfault occurs..

And from the context, it seems that the XLFD_COUNT is related to the
XLFD, not the count of FontList info. I suspect that it would be
misused...

------ XLFD_COUNT related part ------
/*
 * ParseXLFD
 *
 * Yipe!
 */
static void
ParseXLFD(mp, xlfd, lfi)
MemPool mp;
char *xlfd;
HTMLFont lfi;
{
  char *fields[XLFD_COUNT];
  int i;
  char *t;

  t = MPStrDup(mp, xlfd);
  t++;
  fields[0] = t;
  for (i = 1; i < XLFD_COUNT; t++)
  {
    if (*t == '-')
    {
      *t = '\0';
      fields[i++] = t + 1;
    }
  }

  if (strcmp(fields[XLFD_WEIGHT_NAME], "bold") == 0 ||
      strcmp(fields[XLFD_WEIGHT_NAME], "demi") == 0 ||
      strcmp(fields[XLFD_WEIGHT_NAME], "demibold") == 0)
  {
    lfi->weight = 1;
  }
  else lfi->weight = 0;

  lfi->size = atoi(fields[XLFD_PIXEL_SIZE]);

  if (strcmp(fields[XLFD_SLANT], "i") == 0 ||
      strcmp(fields[XLFD_SLANT], "o") == 0)
  {
    lfi->slant = 1;
  }
  else lfi->slant = 0;

  return;
}
------

Based on above information, I create a patch for this issue:
------
$ cat chimera2-2.0a19-fontlist-count.patch
diff -uNr chimera2-2.0a19.orig/html/font.c chimera2-2.0a19/html/font.c
--- chimera2-2.0a19.orig/html/font.c 2013-05-11 22:15:07.281826881 +0800
+++ chimera2-2.0a19/html/font.c 2013-05-11 22:15:35.509468180 +0800
@@ -385,7 +385,7 @@

   if (fl->fontInfo != NULL)
   {
-    for (i = 0; i < XLFD_COUNT; i++)
+    for (i = 0; i < fl->count; i++)
     {
       if (fl->fontInfo[i].xfi != NULL &&
   fl->fontInfo[i].xfi != lc->defaultFont)

------

And I recompile the package, the segfault does not happen again.

Could someone please kindly help to test it? Thanks!

Cheers,
Shine


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to