[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#298720: marked as done (libx11-6: XCreateFontSet crashes with "*" as font name)

Your message dated Mon, 12 Feb 2007 20:24:20 +0100
with message-id <45D0BEE4.4070307@ens-lyon.org>
and subject line Bug#298720: libx11-6: XCreateFontSet crashes with "*" as font name
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: libx11-6
Version: 4.3.0.dfsg.1-12.0.1
Severity: normal

Hello,

root-tail seems to trigger a bug in XLib, as reported in #298708.
It seems XCreateFontSet() crashes when passed the string "*" as
second argument (font name). Here is a simple test case which 
triggers the bug :

#include <X11/Xlib.h>
#include <stdio.h>

int 
main (int argc, char **argv)
{
  Display *dpy = NULL;
  char *base_name = "*";
  char **missing_charset = NULL;
  int missing_charsetn = -1;
  char *def_str = NULL;
  XFontSet font_set = NULL;
  
  dpy = XOpenDisplay (NULL);
  if (!dpy)
    {
      fprintf(stderr, "Cannot open display");
      return -1;
    }

  font_set = 
    XCreateFontSet(dpy,
		   base_name,
		   &missing_charset,
		   &missing_charsetn,
		   &def_str);
  
 if (font_set) 
     XFreeFontSet(dpy, font_set);

 XCloseDisplay(dpy);

 return 0;
}

Which gives :

$ gcc -Wall -ggdb test.c -o test -L/usr/X11R6/lib -lX11
$ gdb ./test
[...]
(gdb) r
Program received signal SIGSEGV, Segmentation fault.
0x40163af4 in mallopt () from /lib/tls/libc.so.6
(gdb) bt
#0  0x40163af4 in mallopt () from /lib/tls/libc.so.6
#1  0x40162a4b in free () from /lib/tls/libc.so.6
#2  0x4001f36a in _Xutf8DefaultDrawImageString ()
   from /usr/X11R6/lib/X11/locale/lib/common/xomGeneric.so.2
#3  0x4001f52f in _Xutf8DefaultDrawImageString ()
   from /usr/X11R6/lib/X11/locale/lib/common/xomGeneric.so.2
#4  0x4001f868 in _Xutf8DefaultDrawImageString ()
   from /usr/X11R6/lib/X11/locale/lib/common/xomGeneric.so.2
#5  0x4001fe09 in destroy_fontdata ()
   from /usr/X11R6/lib/X11/locale/lib/common/xomGeneric.so.2
#6  0x40079491 in XCreateOC () from /usr/X11R6/lib/libX11.so.6
#7  0x40078825 in XCreateFontSet () from /usr/X11R6/lib/libX11.so.6
#8  0x08048658 in main (argc=1, argv=0xbffffa64) at test.c:21
(gdb)

It seems like there's a double-free somewhere, but I couldn't 
find it at first look, and I'm surely not as familiar as you
are with this code. :)

Thanks a lot,

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-386
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro (charmap=ISO-8859-15)

Versions of packages libx11-6 depends on:
ii  debconf [debconf-2.0]    1.4.46          Debian configuration management sy
ii  libc6                    2.3.2.ds1-20    GNU C Library: Shared libraries an
ii  xfree86-common           4.3.0.dfsg.1-12 X Window System (XFree86) infrastr
ii  xlibs-data               4.3.0.dfsg.1-12 X Window System client data

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Closing since the test program that the submitter provided does not
crash anymore with Xorg/Etch.

Brice

--- End Message ---
Reply to: