On Sunday 20 August 2006 13:17, Daniel Stone wrote: > > I've now taken the time to test with the badfont. At the moment, > > following the above procedure, xfontsel still crashes, with > > > > X Error of failed request: BadAlloc (insufficient resources for > > operation) > > Major opcode of failed request: 45 (X_OpenFont) > > Serial number of failed request: 1392 > > Current serial number in output stream: 1393 > > > > CVE-2006-3467 refers in fact to freetype2.2, not libxfont. So while > > libxfont needs the patch, the bug is not fully solved until > > freetype's patch is also applied (reported in Debian bug > > #379920) > > That would seem to me to be the desired behaviour: the server is > staying alive, and it's refusing to let you open an invalid font.
Yes, when testing with the current sarge version, my whole xserver crashed; with the patched version I get a similar error to the one above which seems a vast improvement. Had to find out how to create a fonts.dir file from nothing (as mkfontdir refuses to parse the font) before I could do the test though :-/ BTW, The font also crashes fontforge (0.0.20041218-0.1) with a segfault.
pgpDyZqii0SCc.pgp
Description: PGP signature
