Package: libfreetype6 Version: 2.12.1+dfsg-2 Severity: important Tags: patch upstream X-Debbugs-Cc: bunge...@chromium.org
With FreeType commit f93a897afedf4a634c74d3d2871519e675ee0d83 (which was released in FreeType 2.12.0) support for OT-SVG was added. However, this implementation contained a bug where if the `SVG ` table contained a mix of compressed and uncompressed documents the uncompressed documents may be free'd every time they are used. In general these documents were not malloc'ed so this was also a wild free. This issue has been fixed upstream with FreeType commit c26872ed59cba3af2f407b5eefc92fcec92aa52b "[svg] Clear correct flags for doc ownership" which landed after 2.12.1 was released (this commit is not yet in a tagged release). The patch itself is almost trivial: diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c index eeda69c3e..f66273f3d 100644 --- a/src/base/ftobjs.c +++ b/src/base/ftobjs.c @@ -605,7 +605,7 @@ FT_FREE( doc->svg_document ); - slot->internal->load_flags &= ~FT_GLYPH_OWN_GZIP_SVG; + slot->internal->flags &= ~FT_GLYPH_OWN_GZIP_SVG; } } #endif and should be applied to the current 2.12.1 packages in bookworm and sid. -- System Information: Debian Release: bookworm/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.17.0-1-amd64 (SMP w/32 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libfreetype6 depends on: ii libbrotli1 1.0.9-2+b3 ii libc6 2.33-7 ii libpng16-16 1.6.37-5 ii zlib1g 1:1.2.11.dfsg-4 libfreetype6 recommends no packages. libfreetype6 suggests no packages. -- no debconf information