On 20 Aug 2002, Christopher Keller wrote: > I've tracked down a situation which I believe to be a bug in XFree86. > I'm using RedHat 7.3, version 4.2.0-8.
> The gist is a null pointer exception in line 667 & 668 of xf86bigfont.c.
> pFont->info.props is null and it's being assigned without checking
> whether it's null or not. I'm not sure if the simple answer is to wrap
> the assign statements in a null pointer check or if it's more complex
> than that.
> I'm not an X developer, but I'd love to assist in the confirmation and
> patch of this particular error, as it's causing me a huge headache right
> now. I've been hanging out on #xfree86-devel, but I see no traffic.
> (gdb) list xf86bigfont.c:667
> 662 xFontProp* prFP;
> 663 int i;
> 664 for (i = 0, pFP = pFont->info.props, prFP =
> (xFontProp *) p;
> 665 i < nfontprops;
> 666 i++, pFP++, prFP++) {
> 667 prFP->name = pFP->name;
> 668 prFP->value = pFP->value;
> 669 if (client->swapped) {
> 670 char tmp;
> 671 swapl(&prFP->name, tmp);
> (gdb) print *pFont
> $5 = {refcnt = 142373721, info = {firstCol = 57392, lastCol = 16914,
> firstRow = 0, lastRow = 0, defaultCh = 0, noOverlap = 0, terminalFont =
> 0, constantMetrics = 0, constantWidth = 0, inkInside = 0, inkMetrics =
> 0, allExist = 0, drawDirection = 0, cachable = 1, anamorphic = 0,
> maxOverlap = 0, pad = 0, maxbounds = { leftSideBearing = 2,
> rightSideBearing = 18, characterWidth = 18, ascent = 18, descent = 4,
> attributes = 0}, minbounds = {leftSideBearing = -3, rightSideBearing =
> 1, characterWidth = 4, ascent = -2, descent = -11, attributes = 0},
> ink_maxbounds = {leftSideBearing = 2, rightSideBearing = 18,
> characterWidth = 18, ascent = 18, descent = 4, attributes = 0},
> ink_minbounds = {leftSideBearing = -3, rightSideBearing = 1,
> characterWidth = 4, ascent = -2, descent = -11, attributes = 0},
> fontAscent = 16, fontDescent = 4, nprops = 27, props = 0x0, isStringProp
> = 0x8a439a8 "\001\001\001\001\001\001"}, bit = 0 '\0', byte = 0 '\0',
> glyph = 4 '\004', scan = 1 '\001', format = 512, get_glyphs = 0x8121ee8
> <_fs_get_glyphs>, get_metrics = 0x8122418 <_fs_get_metrics>, unload_font
> = 0x8122726 <_fs_unload_font>, unload_glyphs = 0, fpe = 0x873f2a0,
> svrPrivate = 0x0, fontPrivate = 0x87d32b0, fpePrivate = 0x87d32c0,
> maxPrivate = 1, devPrivates = 0x8a43724}
> (gdb) quit
Humm. Perhaps a better question to ask is why nprops is non-zero when
props is NULL. With that in mind, I've gone through the source to ensure
both are kept in sync. In the process, I tripped over what looks like a
memory leak in the PCF code. The resulting patch is attached. Please try
it and report back whether or not it fixes the problem (or creates new
ones).
Thanks.
Marc.
+----------------------------------+-----------------------------------+
| Marc Aurele La France | work: 1-780-492-9310 |
| Computing and Network Services | fax: 1-780-492-1729 |
| 352 General Services Building | email: [EMAIL PROTECTED] |
| University of Alberta +-----------------------------------+
| Edmonton, Alberta | |
| T6G 2H1 | Standard disclaimers apply |
| CANADA | |
+----------------------------------+-----------------------------------+
XFree86 Core Team member. ATI driver and X server internals.
font.diff.gz
Description: Binary data
