freetype-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ft-devel] avoiding a longjmp crash in ftgrays.c

From: Werner LEMBERG
Subject: Re: [ft-devel] avoiding a longjmp crash in ftgrays.c
Date: Sun, 09 Jan 2011 09:07:26 +0100 (CET) 
> I've reproduced the crash with a different font: mssong.ttf, glyph
> number 1006. This font is available for free from Microsoft.

OK, this one I have.

> Here is the program that crashes with mssong.ttf, glyph number 1006:

Thanks, testing right now on my GNU/Linux box.

> Here's the makefile: [...]
>
> [...]
>
> CFLAGS = $(OPT_FLAGS) -mwindows -DUNICODE=1 -Wall $(INCLUDE) \
>          -DFT_DEBUG_LEVEL_TRACE -DFT_DEBUG_MEMORY \
>          -DFT_AVOID_LONGJMP=0

This won't compile.  You need -DFT2_BUILD_LIBRARY also.

> I built it and ran it as follows:
>
> freetype_debug_gray mssong.ttf 1006 > test_mssong.txt 2>&1

Adding FT2_DEBUG=any:5 to the environment, I get the same output as
you but complete, without crash.

> The output is shown below. The stuff at the end about "# of
> contours: -1" and "Glyph 22971" is mysterious.

Not at all: -1 for the number of contours specifies that it is a
composite glyph.  What follows are the subglyphs.

> Glyph 1006
>   # of contours: -1
>   xMin:   11  xMax:  241
>   yMin:  -21  yMax:  194
>   advance width (font units): 256
>   left side bearing (font units): 4
>   advance height (font units): 256
>   top side bearing (font units): 0
> Glyph 22971
>   # of contours: 1
>   xMin:    4  xMax:  234
>   yMin:    0  yMax:  215
>   Instructions size: 0
>   x advance: 10368
>   y advance: 0
>   linear x advance: 10616832
>   linear y advance: 10616832
> FT_Outline_Decompose: Out

Using valgrind, I get two warnings specific to the demo program:

   Use of uninitialised value of size 4
      at 0x808F02F: __longjmp (__longjmp.S:68)

   Use of uninitialised value of size 4
      at 0x80759DD: gray_convert_glyph_inner (ftgrays.c:1718)
      by 0x8075CAB: gray_convert_glyph (ftgrays.c:1816)
      by 0x8075628: ft_smooth_render_generic (ftsmooth.c:292)
      by 0x8057ECA: FT_Render_Glyph_Internal (ftobjs.c:3932)
      by 0x8057F41: FT_Render_Glyph (ftobjs.c:3972)
      by 0x808E98F: (below main) (libc-start.c:226)

   Use of uninitialised value of size 4
      at 0x80759EC: gray_convert_glyph_inner (ftgrays.c:1721)
      by 0x8075CAB: gray_convert_glyph (ftgrays.c:1816)
      by 0x8075628: ft_smooth_render_generic (ftsmooth.c:292)
      by 0x8057ECA: FT_Render_Glyph_Internal (ftobjs.c:3932)
      by 0x8057F41: FT_Render_Glyph (ftobjs.c:3972)
      by 0x808E98F: (below main) (libc-start.c:226)

My knowledge of compiler details is too limited to really interpret
it.  The variable `error' is already defined as `volatile', and AFAIK
more is not needed to make longjmp work.


    Werner
reply via email to
[Prev in Thread] Current Thread [Next in Thread]