Subject: xsrc/15306: X server crashes with X-TT (libfb bug?)
To: None <gnats-bugs@gnats.netbsd.org>
From: None <nrt@ff.iij4u.or.jp>
List: netbsd-bugs
Date: 01/20/2002 13:36:11
>Number: 15306
>Category: xsrc
>Synopsis: X server crashes with X-TT (libfb bug?)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: xsrc-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Jan 19 20:37:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: NARITA Tomio
>Release: NetBSD 1.5ZA, XFree86 4.1.0
>Organization:
>Environment:
System: NetBSD hal9000 1.5ZA NetBSD 1.5ZA (NRT) #26: Sat Jan 12 18:55:58 JST 2002 nrt@hal9000:/usr/home/nrt/CURRENT/src/sys/arch/i386/compile/NRT i386
Architecture: i386
Machine: i386
XFree86 4.1.0 + X-TrueType module
>Description:
When I use Japanese TrueType font on GIMP or Mozilla or etc
under XFree86 4.1.0 + X-TrueType module, X server crashes frequently.
Segmentation fault happens at fb/fbblt.c:fbBlt(),
accessing NULL "src" pointer which was created at fb/fbglyph.c:
fbPolyGlyphBlt() as NULL "pglyph" pointer.
>How-To-Repeat:
Start GIMP and create new canvas, and select Japanese TrueType font
using Text tool. When you determine the font clicking OK,
X crashes frequently.
>Fix:
I think first of all, I must avoid the NULL pointer access,
so I changed fb/fbglyph.c as below:
--- xsrc/xfree/xc/programs/Xserver/fb/fbglyph.c.ORG Sun Jan 20 02:13:14 2002
+++ xsrc/xfree/xc/programs/Xserver/fb/fbglyph.c Sun Jan 20 02:16:50 2002
@@ -286,6 +286,15 @@
{
pci = *ppci++;
pglyph = FONTGLYPHBITS(pglyphBase, pci);
+#if 1
+ if (NULL == pglyph) {
+ /*
+ * avoid segmentation fault
+ */
+ x += pci->metrics.characterWidth;
+ continue;
+ }
+#endif
gWidth = GLYPHWIDTHPIXELS(pci);
gHeight = GLYPHHEIGHTPIXELS(pci);
if (gWidth && gHeight)
This change has impact that X server cannot crash easily at least.
>Release-Note:
>Audit-Trail:
>Unformatted: