Ming Zhao wrote:
Hello, I got a realloc error when running gnome-terminal with fontconfig-2.3.94: *** glibc detected *** realloc(): invalid next size: 0x00000000005da780*** I did some debugging and found the implementation of FcObjectToPtrLookup didn't check user_obj_alloc against l->ntypes properly, which caused the the tail of _FcUserObjectNames being modified unexpectedly. I think "user_obj_alloc < l->ntypes" in fcname.c:222 should be changed to "<=". Also, we can't assume that the newly allocated pointer by realloc is the same as the older one, so we can't use "l->types == _FcUserObjectNames" after realloc. Attached is the proposed patch, hoping it would be useful.
Thanks. I almost forgot about this patch, since I was travelling at the time. I've committed a minor variation on it.
pat _______________________________________________ Fontconfig mailing list Fontconfig@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/fontconfig
