Oh, I see from your code change to wsfontload.c that you intended for the fi_numentries field to get copied out, it just doesn't seem to happen.
I also see that the addr==NULL case happens if malloc() (in wsfontload.c) failed - going ahead with the ioctl() in that case seems like a mistake, optimising away the error checking that way looks fragile. (And the magic 4096 even moreso). Just check the malloc() result, and then in the ioctl code, test for it as well, and return an error from there, rather than doing all the work for no benefit in that case. Alternatively, you could define that case to be a "fetch the count" variant of the ioctl, where all that happens in that case is that the fi_numentries field of the struct is filled in and returned. kre kre
