Bug#959800: potential double-free in libfontconfig due to bad backported commit
Phil Armstrong
phil at kantaka.co.uk
Sun May 10 09:12:27 BST 2020
On Tue, 5 May 2020 14:20:42 +0100 Jonathan Kew <jfkthame at gmail.com> wrote:
> Package: libfontconfig1
> Version:|2.13.1-4|
>
> One of the commits backported in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956157
> to fix fontconfig memory leaks has a bug that introduces a potential
double-free error.
> See https://gitlab.freedesktop.org/fontconfig/fontconfig/-/issues/237
for details, and
>
https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/94
for a proposed
> fix for upstream.
>
> This has resulted in crash reports for Firefox when running on
bullseye/sid installations,
> see https://bugzilla.mozilla.org/show_bug.cgi?id=1633467.
>
> I would suggest either taking the fix from the libfontconfig merge
request 94 (above),
> or reverting the backport of 61573ad5f7c4dd0860d613d99d0086433240eb75
until the issue is
> resolved upstream, as it would be better to leak than to risk a
double-free error.
Just confirming that this bug is real - I’m seeing consistent crashes
when attempting to visit https://hmrc.gov.uk/ in firefox. Is there any
chance of backporting the fix mentioned above?
cheers, Phil
More information about the Pkg-freedesktop-maintainers
mailing list