fc-cache segfaults when scanning an italic BDF font with empty SETWIDTH_NAME

Bug #342717 reported by Tim Allen on 2009-03-14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
fontconfig (Ubuntu)

Bug Description

Binary package hint: fontconfig

Steps to reproduce:
1. Save the attached .bdf font into an empty, temporary directory.
2. Run the following command:
    fc-cache .

Expected results:
- fc-cache scans the directory, finds no usable fonts, quits cleanly.

Actual results:
- Segmentation fault.

Notes: Deleting either of the properties in the font prevents the crash, as does changing the value of "SETWIDTH_NAME" to be non-empty.

ProblemType: Bug
Architecture: i386
DistroRelease: Ubuntu 8.10
Package: fontconfig 2.6.0-1ubuntu4
SourcePackage: fontconfig
Uname: Linux 2.6.27-11-generic i686

Tim Allen (screwtape) wrote :
Jean-Baptiste Lallement (jibel) wrote :

I'm tagging as Security because not only the attached file crashed fc-cache but also the whole session.

security vulnerability: no → yes
Changed in fontconfig (Ubuntu):
status: New → Confirmed
importance: Undecided → High
visibility: public → private
visibility: private → public
Jamie Strandboge (jdstrand) wrote :

Still segfaults in 10.04 LTS, but doesn't take down the whole session.

security vulnerability: yes → no
Danny Guinther (dannyguinther) wrote :

Related to the security issue, I don't know if the attached font is segfaulting for the same reason, but I had a session ending segfault when running fc-cache -fv. I went through the ~3000 custom fonts I have, and this is the only one I could find that segfaults. Though oddly, the segfault only killed my gnome-session the first time.

I don't know if it's a fontconfig issue or a gnome issue, but with the font in a font load path other gnome issues occur as well: If gnome is locked, the unlock dialog won't appear. If no session exists and you try to login, the login seems to succeed, but the desktop never loads. Removing the font resolves these issues.

Running fontconfig version 2.11.0 on Trusty.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers