Bug#744756: marked as done (libftgl2: FTTextureFont crashes with large font-sizes)

Debian Bug Tracking System Mon, 18 Feb 2019 09:12:48 -0800

Your message dated Mon, 18 Feb 2019 18:08:49 +0100
with message-id <20190218170846.ga26...@reva.itsari.org>
and subject line Re: libftgl2: FTTextureFont crashes with large font-sizes
has caused the Debian Bug report #744756,
regarding libftgl2: FTTextureFont crashes with large font-sizes
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
744756: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744756
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libftgl2
Version: 2.1.3~rc5-4+nmu1
Severity: normal
Tags: patch

Dear Maintainer,

using FTTextureFont can lead to a crash with a "Floating Point Exception".
the problem only appears with very large font-sizes.

my system:
  integrated intel gfx card (Ivybridge Mobile)
  mesa
  maximum texture size: 8192

how to reproduce:
 - create a FTTextureFont from
    /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf (as found in the
    ttf-dejavu-core package)
      font=new 
FTGLTextureFont("/usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf")
 - set the fontsize to something large
      font->FaceSize(3033);
 - render the font
      font->Render("foo");

this will eventually hit the boundaries of the maximum texture size, leading to
a division by zero in src/FTFont/FTTextureFont.cpp:186.
this in turn crashes the host application.

i'm attaching a short demo program (crasher.cpp; based on FTGL's simple.cpp)
that increases the fontsize, until it crashes.
compile with:
  $ g++ -o crasher crasher.cpp $(pkg-config --cflags --libs ftgl) -lglut -lGLU 
-lGL


i'm also attaching a fix for the problem, that clamps the divisor to be >=1,
thus making a division by zero impossible.


fmgdsar
IOhannes



-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libftgl2 depends on:
ii  libc6                     2.18-4
ii  libfreetype6              2.5.2-1
ii  libgcc1                   1:4.8.2-19
ii  libgl1-mesa-glx [libgl1]  10.1.0-5
ii  libglu1-mesa [libglu1]    9.0.0-2
ii  libpng12-0                1.2.50-1
ii  libstdc++6                4.8.2-19
ii  multiarch-support         2.18-4
ii  zlib1g                    1:1.2.8.dfsg-1

libftgl2 recommends no packages.

libftgl2 suggests no packages.

-- no debconf information

#define FONT_FILE "/usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf"

#include <stdlib.h> // exit()

#include <GL/glut.h>
#include <FTGL/ftgl.h>

static FTFont *font;
static int fontsize=1024;

static void RenderScene(void)
{
    char str[10];
    GLint w, h;
    float scale=72./(float)fontsize;
    glGetTexLevelParameteriv(GL_TEXTURE_2D, 0, GL_TEXTURE_WIDTH, &w);
    glGetTexLevelParameteriv(GL_TEXTURE_2D, 0, GL_TEXTURE_HEIGHT, &h);
    snprintf(str, 9, "%d", fontsize);
    str[9]=0;

    font->FaceSize(fontsize);
    fprintf(stderr, "facesize=%d\ttexture=%dx%d\n", fontsize, w, h);
    fontsize+=10;

    glClear(GL_COLOR_BUFFER_BIT | GL_DEPTH_BUFFER_BIT);

    glEnable(GL_DEPTH_TEST);

    glPushMatrix();
        glTranslatef(-260.0, -0.2, 20.0);
        glColor3f(1.0, 1.0, 1.0);
        glScalef(scale, scale, scale);
        font->Render(str);
    glPopMatrix();

    glutSwapBuffers();
}

//
//  Main program entry point: set up GLUT window, load fonts, run GLUT loop.
//
int main(int argc, char **argv)
{
    char const *file = NULL;

    file = FONT_FILE;

    if(argc > 1)
    {
        file = argv[1];
    }

    // Initialise GLUT stuff
    glutInit(&argc, argv);
    glutInitDisplayMode(GLUT_DEPTH | GLUT_DOUBLE | GLUT_RGBA);
    glutInitWindowPosition(100, 100);
    glutInitWindowSize(640, 480);
    glutCreateWindow("simple FTGL C++ demo");

    glutDisplayFunc(RenderScene);
    glutIdleFunc(RenderScene);

    glMatrixMode(GL_PROJECTION);
    glLoadIdentity();
    gluPerspective(90, 640.0f / 480.0f, 1, 1000);
    glMatrixMode(GL_MODELVIEW);
    glLoadIdentity();
    gluLookAt(0.0, 0.0, 640.0f / 2.0f, 0.0, 0.0, 0.0, 0.0, 1.0, 0.0);

    // Initialise FTGL stuff
    font = new FTTextureFont(file);

    if(font->Error())
    {
        fprintf(stderr, "%s: could not load font `%s'\n", argv[0], file);
        return EXIT_FAILURE;
    }

    font->FaceSize(10);
    font->Depth(10);
    font->Outset(0, 3);
    font->CharMap(ft_encoding_unicode);

    // Run GLUT loop
    glutMainLoop();

    return EXIT_SUCCESS;
}

>From eee58e1a78af5439398cc0014809c0e994191d08 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?IOhannes=20m=20zm=C3=B6lnig?=
 <zmoel...@umlautq.umlaeute.mur.at>
Date: Mon, 14 Apr 2014 13:41:52 +0200
Subject: [PATCH] fix floating point exception

clamp minimum height of texture to 1, so we don't get a division-by-zero on very large texture sizes
---
 src/FTFont/FTTextureFont.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/FTFont/FTTextureFont.cpp b/src/FTFont/FTTextureFont.cpp
index 4e385ea..4c93598 100644
--- a/src/FTFont/FTTextureFont.cpp
+++ b/src/FTFont/FTTextureFont.cpp
@@ -181,6 +181,7 @@ void FTTextureFontImpl::CalculateTextureSize()
     textureWidth = textureWidth > maximumGLTextureSize ? maximumGLTextureSize : textureWidth;
 
     int h = static_cast<int>((textureWidth - (padding * 2)) / glyphWidth + 0.5);
+    if(h<1)h=1;
 
     textureHeight = NextPowerOf2(((numGlyphs / h) + 1) * glyphHeight);
     textureHeight = textureHeight > maximumGLTextureSize ? maximumGLTextureSize : textureHeight;
-- 
1.9.1

--- End Message ---

--- Begin Message ---

Version: 2.3.0-1


Hi,

2014-04-14 14:13 IOhannes m zmoelnig:

Package: libftgl2
Version: 2.1.3~rc5-4+nmu1
Severity: normal
Tags: patch

Dear Maintainer,

using FTTextureFont can lead to a crash with a "Floating Point Exception".
the problem only appears with very large font-sizes.

my system:
 integrated intel gfx card (Ivybridge Mobile)
 mesa
 maximum texture size: 8192

how to reproduce:
- create a FTTextureFont from
   /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf (as found in the
   ttf-dejavu-core package)
     font=new 
FTGLTextureFont("/usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf")
- set the fontsize to something large
     font->FaceSize(3033);
- render the font
     font->Render("foo");

this will eventually hit the boundaries of the maximum texture size, leading to
a division by zero in src/FTFont/FTTextureFont.cpp:186.
this in turn crashes the host application.

i'm attaching a short demo program (crasher.cpp; based on FTGL's simple.cpp)
that increases the fontsize, until it crashes.
compile with:
 $ g++ -o crasher crasher.cpp $(pkg-config --cflags --libs ftgl) -lglut -lGLU 
-lGL


i'm also attaching a fix for the problem, that clamps the divisor to be >=1,
thus making a division by zero impossible.


I attempted to reproduce the problem with your crasher application and I
couldn't.  There were changes in that area of the code, some mentioning
the same problem, e.g.:

https://github.com/frankheckenbach/ftgl/commit/2723c7d33b904ce25346d6c0253ecdf1efd36e98#diff-89082f0e702c2508944ab360a432aaf4

Frank (in copy) also confirmed that the bug had been addressed.

So I think that we can close this now.  Thanks for the report in any
case!


Cheers.
--
Manuel A. Fernandez Montecelo <manuel.montez...@gmail.com>

--- End Message ---

Bug#744756: marked as done (libftgl2: FTTextureFont crashes with large font-sizes)

Reply via email to