Bug 1951

Summary: _XftReleaseFile crashes if f->file == NULL
Product: xorg Reporter: James Henstridge <james>
Component: Lib/XftAssignee: Keith Packard <keithp>
Status: CLOSED FIXED QA Contact:
Severity: normal    
Priority: high CC: jay.hobson, mharris, roland.mainz
Version: unspecified   
Hardware: x86 (IA32)   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
xftreleasefile-crash.patch none

Description James Henstridge 2004-11-28 01:24:57 UTC 
Using the current CVS version of Xft, I observed a crash in _XftReleaseFile when
passing FT_Face objects directly to Xft.

I guess it was introduced in your 2004-08-03 commit, and appears to be due to a
simple operator precedence bug.  A patch will be attached shortly.

The problem expression is below:
  sizeof (XftFtFile) + f->file ? strlen (f->file) + 1 : 0

Which is interpreted as:
  (sizeof (XftFtFile) + f->file) ? (strlen (f->file) + 1) : 0

So the result of this expression will always be (strlen(f->file) + 1), even if
f->file is NULL.
Comment 1 James Henstridge 2004-11-28 01:25:39 UTC 
Created attachment 1411 [details] [review]
xftreleasefile-crash.patch
Comment 2 Keith Packard 2004-11-28 14:17:01 UTC 
Thanks, James.
Comment 3 Keith Packard 2004-11-30 15:32:13 UTC 
Roland -- this patch seems like good 6.8.2 material, but I don't know the state
of the Xft bits which are in the monolithic tree.  As you can see, the patch has
been applied to the upstream Xft source tree.
Comment 4 Mike A. Harris 2005-04-22 08:30:20 UTC 
Should we reassign this bug to Xorg now perhaps, for tracking in the mono
tree? Or should we file a new bug report to point to this one, and nominate
it for 6.8.3?
Comment 5 James Henstridge 2005-04-22 09:39:39 UTC 
I actually filed bug 1958 against Xorg, noting that it needed to pull in the fix
from standalone Xft.

However that bug didn't see any responses, and got marked as NOTOURBUG (which I
think was a mistake).

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.