[cairo-bugs] [Bug 4674] New: ft-font-create-for-ft-face works by
pure chance
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Oct 3 07:54:56 PDT 2005
Please do not reply to this email: if you want to comment on the bug, go to
the URL shown below and enter yourcomments there.
https://bugs.freedesktop.org/show_bug.cgi?id=4674
Summary: ft-font-create-for-ft-face works by pure chance
Product: cairo
Version: 1.1.1
Platform: PC
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: ft font backend
AssignedTo: otaylor at redhat.com
ReportedBy: cbiesinger at web.de
QAContact: cairo-bugs at cairographics.org
The thing is, this file does:
53 font_face = cairo_ft_font_face_create_for_pattern (pattern);
With an empty pattern. However, cairo-ft-font.c does:
391 if (FcPatternGetString (pattern, FC_FILE, 0, &fc_filename) !=
FcResultMatch)
392 goto UNWIND;
and that code is hit; so that cairo_ft_font_face_create_for_pattern returns a
nil pattern:
2170 unscaled = _cairo_ft_unscaled_font_create_for_pattern (pattern);
2171 if (unscaled == NULL) {
2172 _cairo_error (CAIRO_STATUS_NO_MEMORY);
2173 return (cairo_font_face_t *)&_cairo_font_face_nil;
Bug #1: ft-font-create-for-ft-face doesn't check that create_for_pattern
returned a valid font face
This font face has the toy backend but is not a toy font face. It is a generic
font face.
(maybe) bug #2: the nil font face is not a toy face
But it goes on; ft-font-create-for-ft-face wants to create a scaled font. So it
calls cairo_scaled_font_create.
Bug #3: This function doesn't verify that face->status is OK.
It therefore goes on to create a scaled font using the default backend,
eventually leading to the FT backend trying to read ->family, which is random
memory.
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the cairo-bugs
mailing list