Hi Chris,
On Thu, Apr 03, 2008 at 07:35:22PM +0100, Chris Wilson wrote:
> My investigations suggest that the cause of the assertion failure is an
> integer overflow during _cairo_array_grow_by() due to this chunk in
> cairo-truetype-subset.c (line 574):
> if (be16_to_cpu (header.index_to_loc_format) == 0) {
> begin = be16_to_cpu (u.short_offsets[index]) * 2;
> end = be16_to_cpu (u.short_offsets[index + 1]) * 2;
> }
> else {
> begin = be32_to_cpu (u.long_offsets[index]);
> end = be32_to_cpu (u.long_offsets[index + 1]);
> }
>
> size = end - begin; /* <--overflow */
>
> I've added some defensive code to treat the symptoms, but I don't know
> whether the root cause is either a bad font or that we are
> misinterpreting it.Here are the details about the font file in case you had to dig deeper: ttf file is built from the fontforge package [1] version 20080323 using the latest version (20080330) of fontforge [2]. If you're using debian you're just an "apt-get source" away from those sources, since both packages have been uploaded already. Not sure it may help, but all started because of bug #472830, which hit me because of the new "FontForge Spline Font Database (SFD) 2 format" introduced in Fontforge and adopted by new freefont thanx to all for such a detailed set of infos. regards, Davide [1] http://ftp.gnu.org/gnu/freefont/freefont-sfd-20080323.tar.gz [2] http://sourceforge.net/project/showfiles.php?group_id=103338&package_id=111040
signature.asc
Description: Digital signature
