Bug#959800: potential double-free in libfontconfig due to bad backported commit
Jonathan Kew
jfkthame at gmail.com
Tue May 5 14:20:42 BST 2020
Package: libfontconfig1
Version:|2.13.1-4|
One of the commits backported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956157
to fix fontconfig memory leaks has a bug that introduces a potential double-free error.
See https://gitlab.freedesktop.org/fontconfig/fontconfig/-/issues/237 for details, and
https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/94 for a proposed
fix for upstream.
This has resulted in crash reports for Firefox when running on bullseye/sid installations,
see https://bugzilla.mozilla.org/show_bug.cgi?id=1633467.
I would suggest either taking the fix from the libfontconfig merge request 94 (above),
or reverting the backport of 61573ad5f7c4dd0860d613d99d0086433240eb75 until the issue is
resolved upstream, as it would be better to leak than to risk a double-free error.
More information about the Pkg-freedesktop-maintainers
mailing list