[Fontconfig] realloc error in FcObjectToPtrLookup and proposed patch
Ming Zhao
ming at gentoo.org
Fri Apr 7 00:55:37 PDT 2006
Hello,
I got a realloc error when running gnome-terminal with fontconfig-2.3.94:
*** glibc detected *** realloc(): invalid next size: 0x00000000005da780***
I did some debugging and found the implementation of FcObjectToPtrLookup
didn't check user_obj_alloc against l->ntypes properly, which caused the
the tail of _FcUserObjectNames being modified unexpectedly. I think
"user_obj_alloc < l->ntypes" in fcname.c:222 should be changed to "<=".
Also, we can't assume that the newly allocated pointer by realloc is the same
as the older one, so we can't use "l->types == _FcUserObjectNames" after
realloc.
Attached is the proposed patch, hoping it would be useful.
Best,
Ming
-------------- next part --------------
A non-text attachment was scrubbed...
Name: realloc.patch
Type: text/x-patch
Size: 845 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/fontconfig/attachments/20060407/eb892db9/realloc.bin
More information about the Fontconfig
mailing list