<html>
<head>
<base href="https://bugs.freedesktop.org/">
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - Cairo-1.15.4 Denial-of-Service Attack due to Logical Problem in Program"
href="https://bugs.freedesktop.org/show_bug.cgi?id=100763#c5">Comment # 5</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - Cairo-1.15.4 Denial-of-Service Attack due to Logical Problem in Program"
href="https://bugs.freedesktop.org/show_bug.cgi?id=100763">bug 100763</a>
from <span class="vcard"><a class="email" href="mailto:pengjiaqi@iie.ac.cn" title="Jiaqi Peng <pengjiaqi@iie.ac.cn>"> <span class="fn">Jiaqi Peng</span></a>
</span></b>
<pre>(In reply to Chris Wilson from <a href="show_bug.cgi?id=100763#c4">comment #4</a>)
<span class="quote">> That was a lot of rigmarole where the simple gdb bt would suffice.
>
> Issue stems from commit 79d975f84bcc32e91db517d71a7312e2e1d653d4
> Author: Behdad Esfahbod <<a href="mailto:behdad@behdad.org">behdad@behdad.org</a>>
> Date: Wed Sep 12 17:45:11 2007 -0400
>
> [cairo-ft-font] Ignore FT_Load_Glyph errors other than out-of-memory
> Same for FT_Render_Glyph.
>
> When the user asks us to render a glyph that is not available in the
> font,
> it's mostly an unavoidable kind of error for them, as in, they can't
> avoid such a call. So it's not nice to put cairo_t in an error state and
> refuse any further drawying.
>
> Many PDF files are created using buggy software and cause such
> glpyh-not-fou
> nd
> errors for CID 0 for example.
>
> Eventually we should propagate these kind of errors up and return it from
> the function call causing it, but that needs API change to add return
> value
> to all text functions, so for now we just ignore these errors.</span >
I have sensed that you already make some consideration about the error
propagation. However the solution taken now really will cause some unexpected
results, such as the upper application using cairo may crash.
I report and disclosure this issue, so that the upper developers can pay some
attention to this problem and take some defense measures as soon as possible.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the QA Contact for the bug.</li>
</ul>
</body>
</html>