[cairo] Error when creating pdf charts for new FreeSerifItalic.ttf
Chris Wilson
chris at chris-wilson.co.uk
Thu Apr 3 11:35:22 PDT 2008
On Thu, 2008-04-03 at 11:09 -0700, Carl Worth wrote:
> On Thu, 3 Apr 2008 17:28:37 +0200, Davide Viti wrote:
> > I get the following error when creating pdf (or ps) charts for
> > FreeSerifItalic.ttf
> >
> > zino at slurpy:~/dejavu/freefont$ fntsample -f FreeSerifItalic.ttf -o test.pdf
> > fntsample: /home/dajobe/dev/debian/cairo/cairo-1.4.14/src/cairo-array.c:301:
> > _cairo_array_allocate: Assertion `array->num_elements + num_elements
> > <= array->size' failed.
>
> Davide,
>
> Thanks so much for the bug report, (particularly with the nice easy
> recipe for replicating the bug).
My investigations suggest that the cause of the assertion failure is an
integer overflow during _cairo_array_grow_by() due to this chunk in
cairo-truetype-subset.c (line 574):
if (be16_to_cpu (header.index_to_loc_format) == 0) {
begin = be16_to_cpu (u.short_offsets[index]) * 2;
end = be16_to_cpu (u.short_offsets[index + 1]) * 2;
}
else {
begin = be32_to_cpu (u.long_offsets[index]);
end = be32_to_cpu (u.long_offsets[index + 1]);
}
size = end - begin; /* <--overflow */
I've added some defensive code to treat the symptoms, but I don't know
whether the root cause is either a bad font or that we are
misinterpreting it.
--
Chris Wilson
More information about the cairo
mailing list