Package: libfreetype6
Version: 2.12.1+dfsg-2
Severity: important
Tags: patch upstream
X-Debbugs-Cc: bunge...@chromium.org
With FreeType commit f93a897afedf4a634c74d3d2871519e675ee0d83 (which was
released in FreeType 2.12.0) support for OT-SVG was added. However, this
implementation contained a bug where if the `SVG ` table contained a mix of
compressed and uncompressed documents the uncompressed documents may be free'd
every time they are used. In general these documents were not malloc'ed so this
was also a wild free.
This issue has been fixed upstream with FreeType commit
c26872ed59cba3af2f407b5eefc92fcec92aa52b "[svg] Clear correct flags for doc
ownership" which landed after 2.12.1 was released (this commit is not yet in a
tagged release). The patch itself is almost trivial:
diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index eeda69c3e..f66273f3d 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -605,7 +605,7 @@
FT_FREE( doc->svg_document );
- slot->internal->load_flags &= ~FT_GLYPH_OWN_GZIP_SVG;
+ slot->internal->flags &= ~FT_GLYPH_OWN_GZIP_SVG;
}
}
#endif
and should be applied to the current 2.12.1 packages in bookworm and sid.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.17.0-1-amd64 (SMP w/32 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libfreetype6 depends on:
ii libbrotli1 1.0.9-2+b3
ii libc6 2.33-7
ii libpng16-16 1.6.37-5
ii zlib1g 1:1.2.11.dfsg-4
libfreetype6 recommends no packages.
libfreetype6 suggests no packages.
-- no debconf information
