fc-cache segfaults when scanning an italic BDF font with empty SETWIDTH_NAME

Bug #342717 reported by Tim Allen
128
This bug affects 1 person
Affects Status Importance Assigned to Milestone
fontconfig (Ubuntu)
Confirmed
High
Unassigned

Bug Description

Binary package hint: fontconfig

Steps to reproduce:
1. Save the attached .bdf font into an empty, temporary directory.
2. Run the following command:
    fc-cache .

Expected results:
- fc-cache scans the directory, finds no usable fonts, quits cleanly.

Actual results:
- Segmentation fault.

Notes: Deleting either of the properties in the font prevents the crash, as does changing the value of "SETWIDTH_NAME" to be non-empty.

ProblemType: Bug
Architecture: i386
DistroRelease: Ubuntu 8.10
Package: fontconfig 2.6.0-1ubuntu4
ProcEnviron:
 PATH=/home/username/bin:/home/username/bin-shared:/home/username/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_AU.UTF-8
 SHELL=/bin/bash
SourcePackage: fontconfig
Uname: Linux 2.6.27-11-generic i686

Tags: apport-bug
Revision history for this message
Tim Allen (screwtape) wrote :
Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

I'm tagging as Security because not only the attached file crashed fc-cache but also the whole session.

security vulnerability: no → yes
Changed in fontconfig (Ubuntu):
status: New → Confirmed
importance: Undecided → High
visibility: public → private
visibility: private → public
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Still segfaults in 10.04 LTS, but doesn't take down the whole session.

security vulnerability: yes → no
Revision history for this message
Danny Guinther (dannyguinther) wrote :

Related to the security issue, I don't know if the attached font is segfaulting for the same reason, but I had a session ending segfault when running fc-cache -fv. I went through the ~3000 custom fonts I have, and this is the only one I could find that segfaults. Though oddly, the segfault only killed my gnome-session the first time.

I don't know if it's a fontconfig issue or a gnome issue, but with the font in a font load path other gnome issues occur as well: If gnome is locked, the unlock dialog won't appear. If no session exists and you try to login, the login seems to succeed, but the desktop never loads. Removing the font resolves these issues.

Running fontconfig version 2.11.0 on Trusty.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.