http://bugs.winehq.org/show_bug.cgi?id=7698

--- Comment #230 from Sam Edwards CFSworks@gmail.com 2012-05-04 17:03:58 CDT --- Created attachment 40034 --> http://bugs.winehq.org/attachment.cgi?id=40034 Proposed patch

All,

If I understand the problem correctly, the bug happens because Freetype is rasterizing glyphs with a higher origin-y than the tmAscent inside the font itself. Source uses tmAscent as a "maximum value" for allocating its internal buffers, so when the origin-y exceeds this maximum ascent, it writes the font glyphs outside of the buffer, corrupting memory and eventually causing a crash sometime down the line.

I'm not sure if this is a Freetype bug or what, but here's a sanity-check patch that caps the origin-y at tmAscent. After light testing, it completely fixes the presumably-related bug 12044 and it seems to fix my Counter-Strike: Source crashes. Please try it and let me know.

I'll leave it up to the Wine developers to decide whether to include this patch as-is or fix the underlying problem instead, as I'm afraid I don't know enough about font handling to deal with this myself.