Re: [ft-devel] cff_get_name_index crash
Sean McBride [EMAIL PROTECTED] writes: Neither are currently included in glibc (and some effort with google seems to indicate this is likely to stay this way for the foreseeable future) Really? Oh well, that sucks. :) If you're interested in this sort of thing, it's probably a good idea to read up on the _reason_ why the glibc maintainer won't include them. -Miles -- The car has become... an article of dress without which we feel uncertain, unclad, and incomplete. [Marshall McLuhan, Understanding Media, 1964] ___ Freetype-devel mailing list Freetype-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/freetype-devel
Re: [ft-devel] cff_get_name_index crash
Uses of ft_strcpy and ft_strcat could also be replaced with the strn* varieties, which would be some improvement. Agreed, the 'n' variety is not as good as the 'l' variety, but better than the status quo. Patches, please. :-) Note, however, that I'm not aware of a place where strcpy is used unprotected. In case you find something, please report it! Werner ___ Freetype-devel mailing list Freetype-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/freetype-devel
Re: [ft-devel] cff_get_name_index crash
While trying to track down an evince crash (see http://bugzilla.gnome.org/show_bug.cgi?id=403791) I appear to have found an error in freetype, and I've got a patch to fix it. Applied, thanks. Werner ___ Freetype-devel mailing list Freetype-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/freetype-devel
Re: [ft-devel] cff_get_name_index crash
On 2007-02-06 17:28, Tom Parker said: The strcmp is done without checking that the return value was sane, and strcmp(), eh? That made me curious I searched the freetype code for strcpy() and found it is used (by way of ft_strcpy()) quite a lot. strcpy() is evil. Someone might want to consider doing the following replacements: ft_strcpy, ft_strncpy - strlcpy ft_strcat - strlcat For info on why, see: http://developer.apple.com/documentation/Security/Conceptual/ SecureCodingGuide/Articles/BufferOverflows.html -- Sean McBride, B. Eng [EMAIL PROTECTED] Rogue Researchwww.rogue-research.com Mac Software Developer Montréal, Québec, Canada ___ Freetype-devel mailing list Freetype-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/freetype-devel
Re: [ft-devel] cff_get_name_index crash
Sean McBride wrote: ft_strcpy, ft_strncpy - strlcpy ft_strcat - strlcat Neither are currently included in glibc (and some effort with google seems to indicate this is likely to stay this way for the foreseeable future), and so if freetype wants to use those it would have to maintain it's own variants of them. Uses of ft_strcpy and ft_strcat could also be replaced with the strn* varieties, which would be some improvement. Tom Parker -- [EMAIL PROTECTED] - http://tevp.net Illegitimus non carborundum ___ Freetype-devel mailing list Freetype-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/freetype-devel
[ft-devel] cff_get_name_index crash
While trying to track down an evince crash (see http://bugzilla.gnome.org/show_bug.cgi?id=403791) I appear to have found an error in freetype, and I've got a patch to fix it. Stack trace without the patch is as follows: #0 0x40d83d5a in strcmp () from /lib/tls/i686/cmov/libc.so.6 #1 0x412e7202 in cff_get_name_index (face=0x41c22ae0, glyph_name=0x412548d3 space) at /local/palfrey/src/freetype2/src/cff/cffdrivr.c:273 #2 0x412c633c in FT_Get_Name_Index (face=0x41c22ae0, glyph_name=0x412548d3 space) at /local/palfrey/src/freetype2/src/base/ftobjs.c:2868 #3 0x401cc374 in CairoFont::create (gfxFont=0x41c204e0, xref=0x82a27e0, lib=0x82e61c8, useCIDs=1) at CairoFontEngine.cc:130 #4 0x401cc9ea in CairoFontEngine::getFont (this=0x82eaf08, gfxFont=0x41c204e0, xref=0x82a27e0) at CairoFontEngine.cc:353 The strcmp is done without checking that the return value was sane, and so it crashes. This is mainly due to the test file in question being horribly corrupted, but that's still not a good excuse for crashing. With the attached patch, it doesn't crash. Thanks, Tom Parker -- [EMAIL PROTECTED] - http://tevp.net Illegitimus non carborundum ? fix-strcmp.patch ? src/cff/.cffdrivr.c.swp Index: src/cff/cffdrivr.c === RCS file: /sources/freetype/freetype2/src/cff/cffdrivr.c,v retrieving revision 1.64 diff -u -r1.64 cffdrivr.c --- src/cff/cffdrivr.c 17 Jan 2007 12:45:25 - 1.64 +++ src/cff/cffdrivr.c 6 Feb 2007 16:26:00 - @@ -270,6 +270,8 @@ else name = (FT_String *)psnames-adobe_std_strings( sid ); + if (name == NULL) +continue; result = ft_strcmp( glyph_name, name ); if ( sid 390 ) ___ Freetype-devel mailing list Freetype-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/freetype-devel