Bug#959800: potential double-free in libfontconfig due to bad backported commit
Jonathan Kew
jfkthame at gmail.com
Mon May 11 11:11:16 BST 2020
On Sun, 10 May 2020 09:12:27 +0100 Phil Armstrong <phil at kantaka.co.uk>
wrote:
> On Tue, 5 May 2020 14:20:42 +0100 Jonathan Kew <jfkthame at gmail.com>
wrote:
> > Package: libfontconfig1
> > Version:|2.13.1-4|
> >
> > One of the commits backported in
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956157
> > to fix fontconfig memory leaks has a bug that introduces a potential
> double-free error.
> > See https://gitlab.freedesktop.org/fontconfig/fontconfig/-/issues/237
> for details, and
> >
> https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/94
> for a proposed
> > fix for upstream.
> >
> > This has resulted in crash reports for Firefox when running on
> bullseye/sid installations,
> > see https://bugzilla.mozilla.org/show_bug.cgi?id=1633467.
> >
> > I would suggest either taking the fix from the libfontconfig merge
> request 94 (above),
> > or reverting the backport of 61573ad5f7c4dd0860d613d99d0086433240eb75
> until the issue is
> > resolved upstream, as it would be better to leak than to risk a
> double-free error.
>
> Just confirming that this bug is real - I’m seeing consistent crashes
> when attempting to visit https://hmrc.gov.uk/ in firefox. Is there any
> chance of backporting the fix mentioned above?
>
> cheers, Phil
>
>
>
FWIW, FreeBSD was similarly affected, as they were also using a version
of libfontconfig with the recent (problematic) changes. They have now
just taken the fix from
https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/94,
and confirmed that it resolves the problem. See
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245915 for details.
It would be really helpful to Firefox users -- at least, obviously any
other software that uses libfontconfig is potentially also affected --
if Debian could do the same.
More information about the Pkg-freedesktop-maintainers
mailing list