Issue 127929 - Possible crash in Freetype code
Summary: Possible crash in Freetype code
Status: RESOLVED FIXED
Alias: None
Product: General
Classification: Code
Component: code (show other issues)
Version: 4.1.6
Hardware: All Linux, all
: P2 Normal (vote)
Target Milestone: 4.1.7
Assignee: AOO issues mailing list
QA Contact:
URL:
Keywords: crash
: 127805 128193 (view as issue list)
Depends on:
Blocks:
 
Reported: 2018-11-08 20:32 UTC by Arrigo Marchiori
Modified: 2019-09-13 06:00 UTC (History)
6 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: 4.1.6
Developer Difficulty: ---


Attachments
Check the return value of the FT_Get_Glyph() function (749 bytes, patch)
2018-11-08 20:32 UTC, Arrigo Marchiori
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this issue.
Description Arrigo Marchiori 2018-11-08 20:32:44 UTC
Created attachment 86540 [details]
Check the return value of the FT_Get_Glyph() function

Method FreetypeServerFont::InitGlyphData() calls function FT_Get_Glyph() but does not check its return value.

On my system, the function fails when selecting the ``slide master'' in Impress, and the program crashes because the method continues with invalid data.

The attached patch repeats the same check as the previous call to FT_Load_Glyph().

Please note I have no idea what a glyph is, what those FT_ functions do, and why they fail. But the attached patch solves the crashes on my systems (tested on Linux) and looks logical IMHO.

I suppose the same problem is present in version 4.1.5 (Linux and FreeBSD), because it also crashes when selecting the slide master view.

Please let me know if you need any more information.
Comment 1 Peter 2018-11-08 21:10:54 UTC
*** Issue 127805 has been marked as a duplicate of this issue. ***
Comment 2 Peter 2018-11-08 21:12:02 UTC
Thanks a lot for the patch, we Try and come back for feedback :)
Comment 3 Pedro 2018-11-11 12:44:13 UTC
Thank you Arrigo Marchiori for fixing this crasher!
Comment 4 Arrigo Marchiori 2018-11-11 13:17:12 UTC
(In reply to Pedro from comment #3)
> Thank you Arrigo Marchiori for fixing this crasher!

You are welcome!

Please excuse me if the question is silly, but why did you mark it resolved-fixed if trunk is still affected?
Comment 5 Matthias Seidel 2018-11-11 13:21:06 UTC
Hi Pedro,

Please do not set an issue to RESOLVED/FIXED before the patch is in the code.

But we can leave it for now, as I plan to commit it to trunk soon...
Comment 6 SVN Robot 2018-11-11 13:32:30 UTC
"mseidel" committed SVN revision 1846349 into trunk:
i127929 - Fix for crash in Freetype code
Comment 7 Pedro 2018-11-11 14:28:31 UTC
(In reply to Arrigo Marchiori from comment #4)

> Please excuse me if the question is silly, but why did you mark it
> resolved-fixed if trunk is still affected?

I do not know if trunk is still affected. I could not compile and test a binary from trunk. What I do know is that it is fixed in the 4.1.6 branch which is the one we are currently testing. Hopefully it will be fixed on trunk as well :)
Since Matthias has committed your patch to trunk, I can test it soon.

(In reply to Matthias Seidel from comment #5)
> Hi Pedro,
> 
> Please do not set an issue to RESOLVED/FIXED before the patch is in the code.
> 
> But we can leave it for now, as I plan to commit it to trunk soon...

Sorry! Thanks!
Comment 8 Matthias Seidel 2018-11-11 19:22:00 UTC
(In reply to Pedro from comment #7)
> (In reply to Arrigo Marchiori from comment #4)
> 
> > Please excuse me if the question is silly, but why did you mark it
> > resolved-fixed if trunk is still affected?
> 
> I do not know if trunk is still affected. I could not compile and test a
> binary from trunk. What I do know is that it is fixed in the 4.1.6 branch
> which is the one we are currently testing. Hopefully it will be fixed on
> trunk as well :)

Hi Pedro,

Sorry, this is *not* fixed in 4.1.6.
Unfortunately this patch was too late for the release in process...

> Since Matthias has committed your patch to trunk, I can test it soon.

But I can confirm that this is fixed in trunk with latest build from buildbot on Ubuntu 18.04.1 x64.

Regards, Matthias
Comment 9 Pedro 2018-11-12 14:18:37 UTC
> Sorry, this is *not* fixed in 4.1.6.
> Unfortunately this patch was too late for the release in process...

I meant that the patch worked in 4.1.6 and the problem was fixed.
It is unfortunate that it wasn't included in 4.1.6
 
> But I can confirm that this is fixed in trunk with latest build from
> buildbot on Ubuntu 18.04.1 x64.

Excellent!
Comment 10 Mechtilde 2018-12-01 21:43:07 UTC
set new importance
Comment 11 Peter 2018-12-03 21:19:15 UTC
backdate to 4.1.6 and target milestone is 4.2.0 / 4.1.7 (when it gets done)
Comment 12 Peter 2019-09-13 06:00:42 UTC
*** Issue 128193 has been marked as a duplicate of this issue. ***