[Bug 41132] New: Invalid Font Files Can Cause Wine To Crash Unexpectedly
https://bugs.winehq.org/show_bug.cgi?id=41132 Bug ID: 41132 Summary: Invalid Font Files Can Cause Wine To Crash Unexpectedly Product: Wine Version: 1.9.16 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: thexzoron(a)riseup.net Distribution: --- If wine picks up an invalid font file in /usr/share/fonts it can cause some programs to crash unexpectedly https://a.desu.sh/quohkg.log (warning opening this in browser can cause it to crash/hang) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41132 --- Comment #1 from thexzoron(a)riseup.net --- the package ttf-monoid-ibx from the infinality-bundle-fonts repo for archlinux was causing steam to crash instantly on startup. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41132 --- Comment #2 from thexzoron(a)riseup.net --- (In reply to thexzoron from comment #1)
the package ttf-monoid-ibx from the infinality-bundle-fonts repo for archlinux was causing steam to crash instantly on startup.
http://bohoomil.com/repo/fonts/ -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41132 Sebastian Lackner <sebastian(a)fds-team.de> changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |http://bohoomil.com/repo/fo | |nts/ttf-monoid-ibx-0.61-1-a | |ny.pkg.tar.xz Summary|Invalid Font Files Can |Invalid font files can |Cause Wine To Crash |cause Steam to crash |Unexpectedly |unexpectedly CC| |sebastian(a)fds-team.de --- Comment #3 from Sebastian Lackner <sebastian(a)fds-team.de> --- Thanks for the report. Relevant lines from the log file: --- snip --- 0056:Call KERNEL32.CreateFileW(00d18350 L"Z:\\usr\\share\\fonts\\ttf-monoid-ibx\\Monoid-Retina.ttf",80000000,00000003,00000000,00000003,00000080,00000000) ret=7d793aec 0056:Ret KERNEL32.CreateFileW() retval=00000138 ret=7d793aec [...] 0056:Call ntdll.RtlFreeHeap(00110000,00000000,001ecda0) ret=7d792a16 0056:Ret ntdll.RtlFreeHeap() retval=00000001 ret=7d792a16 0056:trace:seh:raise_exception code=c0000005 flags=0 addr=0x7d79ade8 ip=7d79ade8 tid=0056 0056:trace:seh:raise_exception info[0]=00000000 0056:trace:seh:raise_exception info[1]=00000000 0056:trace:seh:raise_exception eax=00000000 ebx=00000000 ecx=0033d7d6 edx=00000000 esi=00000000 edi=00d183c0 0056:trace:seh:raise_exception ebp=0033e268 esp=0033d6f0 cs=0023 ds=002b es=002b fs=0063 gs=006b flags=00210246 0056:trace:seh:call_stack_handlers calling handler at 0x3f02d560 code=c0000005 flags=0 --- snip --- I've also added a direct link to the ttf-monoid-ibx package above. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41132 Sebastian Lackner <sebastian(a)fds-team.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |dwrite Summary|Invalid font files can |Specific font files can |cause Steam to crash |cause Steam to crash |unexpectedly |unexpectedly CC| |bunglehead(a)gmail.com --- Comment #4 from Sebastian Lackner <sebastian(a)fds-team.de> --- I tracked the issue down to a bug in dwrite. The issue occurs while resolving the stretch name, see: http://source.winehq.org/git/wine.git/blob/HEAD:/dlls/dwrite/font.c#l3098 In this case font->stretch == DWRITE_FONT_STRETCH_SEMI_CONDENSED, but the stretchnamesW[] array contains a NULL pointer for this entry. It seems like the index -> name mapping are shifted by one because DWRITE_FONT_STRETCH_UNDEFINED is missing. @Nikolay: Since its your area, could you maybe take a look? -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41132 Nikolay Sivov <bunglehead(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever confirmed|0 |1 --- Comment #5 from Nikolay Sivov <bunglehead(a)gmail.com> --- Yes, that makes sense, thanks. 'make test' will trigger a crash, so no specific application is needed. I resent simplified version of your patch and another fix that will fix having undefined stretch (0) in a first place: https://www.winehq.org/pipermail/wine-patches/2016-August/153492.html https://www.winehq.org/pipermail/wine-patches/2016-August/153493.html -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41132 Nikolay Sivov <bunglehead(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED Fixed by SHA1| |1540a19359ff14a8380578c1ce7 | |f81f16a859dd3 --- Comment #6 from Nikolay Sivov <bunglehead(a)gmail.com> --- Fixed with http://source.winehq.org/git/wine.git/?a=commit;h=1540a19359ff14a8380578c1ce.... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41132 Nikolay Sivov <bunglehead(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC|bunglehead(a)gmail.com | -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41132 Michael Stefaniuc <mstefani(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |1.8.x CC| |mstefani(a)redhat.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41132 Alexandre Julliard <julliard(a)winehq.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #7 from Alexandre Julliard <julliard(a)winehq.org> --- Closing bugs fixed in 1.9.17. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=41132 Michael Stefaniuc <mstefani(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|1.8.x |--- --- Comment #8 from Michael Stefaniuc <mstefani(a)redhat.com> --- Removing 1.8.x milestone from bugs included in 1.8.4. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org