It appears fribidi is not thread-safe by default, and using it from multiple threads can lead to crashes. It's possible to build fribidi in a thread-safe way (--enable-malloc AFAIK), but most distros don't do this. This should be considered an extremely critical issue, because libraries using frbidi will also not be thread-safe. I suggest disabling the unsafe behavior by default, and making a new release immediately.
I agree... I'll get to it soon hopefully...
Ping? All what's needed is changing the default, right? Or is there some kind of blocker?
I have to find time to fix a bunch of issues and make a new release...
How many years is that going to take? Sorry, but it's one line change and an EXTREMELY serious issue.
Here. Fixed it in master. Now does that really make much difference without a release?
Thank you! >Now does that really make much difference without a release? Yes, it makes a quite extreme difference. If I'd just care about some software I'm using only locally (or imagine I'd be a vendor of some closed-source binary ware), it wouldn't matter. I could patch it myself or statically link against a fixed version. However, is this software is supposed to be included by distros and what not, dynamically linking to their broken fribidi libs would just turn the software into a crash-party. So yes, it very much matters to actually _release_ fixes.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.