From twchan@tns02950.singnet.com.sg  Wed Jul  5 09:49:40 2000
Return-Path: <twchan@tns02950.singnet.com.sg>
Received: from tns02950.singnet.com.sg (tns02950.singnet.com.sg [165.21.191.60])
	by hub.freebsd.org (Postfix) with ESMTP id 7EE1B37BC0E
	for <FreeBSD-gnats-submit@freebsd.org>; Wed,  5 Jul 2000 09:49:37 -0700 (PDT)
	(envelope-from twchan@tns02950.singnet.com.sg)
Received: (from twchan@localhost)
	by tns02950.singnet.com.sg (8.9.3/8.9.3) id AAA01323;
	Thu, 6 Jul 2000 00:48:17 +0800 (SGT)
	(envelope-from twchan)
Message-Id: <200007051648.AAA01323@tns02950.singnet.com.sg>
Date: Thu, 6 Jul 2000 00:48:17 +0800 (SGT)
From: twchan@singnet.com.sg
Sender: twchan@tns02950.singnet.com.sg
Reply-To: twchan@singnet.com.sg
To: FreeBSD-gnats-submit@freebsd.org
Subject: xfstt 1.1 core dumps on Courier New font and hangs X client
X-Send-Pr-Version: 3.2

>Number:         19716
>Category:       ports
>Synopsis:       xfstt 1.1 core dumps on Courier New font and hangs X client
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    steve
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 05 09:50:06 PDT 2000
>Closed-Date:    Fri Jul 7 09:20:58 PDT 2000
>Last-Modified:  Fri Jul 14 07:30:06 PDT 2000
>Originator:     Chan Tur Wei
>Release:        FreeBSD 4.0-STABLE i386
>Organization:
>Environment:

 FreeBSD zargrok 4.0-STABLE FreeBSD 4.0-STABLE #5: Sun Jul  2 22:55:03 SGT 2000

 XFree86-3.3.6

>Description:
 
	xfstt core dumps at times, especially when trying to serve the
	regular "Courier New" font (COUR.TTF).  As a result, X clients
	trying to set the font will hang, and killing the hung clients
	brings down X.

	The problem is that xfstt calls realloc(), through its #define
	shrinkMem(), but neglects to adjust a pointer that used to
	point to memory within the old block.  A subsequent copying of
	that pointer then merrily SIGSEGV's the code.

>How-To-Repeat:

	1) Run xfstt.
	2) Start X.
	3) Run netscape (in my case, netscape-communicator-4.72).
	4) Set "Fixed width font" to "Courier New".
	5) Load a HTML page with Courier New, or easier yet, simply
	   "View Page Source".
	6) Netscape hangs, and xfstt dumps core in
	   /usr/X11R6/lib/X11/fonts/TrueType

>Fix:

	Fix up the memory pointer after the realloc().  The following
	patch does that:

--- xfstt.cpp   Sat Jul  1 10:53:55 2000
+++ xfstt.cpp.fixed     Sat Jul  1 10:55:11 2000
@@ -470,10 +470,12 @@
        raster->getFontExtent( &xfs->fe);
 
        int used = (xfs->fe.bitmaps + xfs->fe.bmplen) - xfs->fe.buffer;
+       int bmpoff = xfs->fe.bitmaps - xfs->fe.buffer;
        xfs->fe.buffer = (U8*)shrinkMem( xfs->fe.buffer, used);
-       if( xfs->fe.buffer)
+       if( xfs->fe.buffer) {
                xfs->fe.buflen = used;
-       else {
+               xfs->fe.bitmaps = xfs->fe.buffer + bmpoff;
+       } else {
                xfs->fid = 0;   //###
                xfs = 0;
        }


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports->steve 
Responsible-Changed-By: steve 
Responsible-Changed-When: Thu Jul 6 19:11:00 PDT 2000 
Responsible-Changed-Why:  
I have this one ready to commit. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19716 
State-Changed-From-To: open->closed 
State-Changed-By: steve 
State-Changed-When: Fri Jul 7 09:20:58 PDT 2000 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=19716 

From: alex@big.endian.de (Alexander Langer)
To: twchan@singnet.com.sg
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: ports/19716: xfstt 1.1 core dumps on Courier New font and hangs X client
Date: Fri, 14 Jul 2000 16:27:42 +0200

 Thus spake twchan@singnet.com.sg (twchan@singnet.com.sg):
 
 > 	Fix up the memory pointer after the realloc().  The following
 > 	patch does that:
 
 Great!
 Not tested, but if that fixes the problem, that is awesome (I had the
 very same error when I used it months ago, now I'm using XFree86 4.0,
 which is way more stable, though).
 
 However, this should be contributed to the authors, not us. :)
 
 Alex
 
 -- 
 cat: /home/alex/.sig: No such file or directory
 
>Unformatted:
