[SCM] qtbase packaging branch, experimental, updated. debian/5.2.0+dfsg-5-6-g7ffab32

Lisandro Damián Nicanor Pérez lisandro at moszumanska.debian.org
Wed Jan 15 13:51:13 UTC 2014 

Gitweb-URL: http://git.debian.org/?p=pkg-kde/qt/qtbase.git;a=commitdiff;h=df47591

The following commit has been merged in the experimental branch:
commit df47591f7034f0736293f8f92ce7d9d07042dbc4
Author: Lisandro Damián Nicanor Pérez Meyer <perezmeyer at gmail.com>
Date:   Wed Jan 15 10:46:33 2014 -0300

    Backport fix_crash_stale_pointer_dereferencing.patch
    
    Solves a crash while using harfbuzz-ng.
---
 debian/changelog                                   |   9 +
 .../fix_crash_stale_pointer_dereferencing.patch    | 184 +++++++++++++++++++++
 debian/patches/series                              |   1 +
 3 files changed, 194 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 3e7216c..c578ebd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,18 @@
 qtbase-opensource-src (5.2.0+dfsg-6) UNRELEASED; urgency=medium
 
+<<<<<<<
   [ Dmitry Shachnev ]
   * Build-depend on libxcb-xkb-dev, to get more input languages support.
   * Also, build-depend on libxcb-sync-dev instead of removed libxcb-sync0-dev.
   * Fix misspelled DEB_HOST_ARCH_OS in debian/rules comments.
+=======
+  [ Dmitry Shachnev ]
+  * Build-depend on libxcb-xkb-dev, to get more input languages support.
+
+  [ Lisandro Damián Nicanor Pérez Meyer ]
+  * Backport fix_crash_stale_pointer_dereferencing.patch to solve a crash
+    while using harfbuzz-ng.
+>>>>>>>
 
  -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>  Fri, 03 Jan 2014 22:44:50 +0400
 
diff --git a/debian/patches/fix_crash_stale_pointer_dereferencing.patch b/debian/patches/fix_crash_stale_pointer_dereferencing.patch
new file mode 100644
index 0000000..d9fa2a9
--- /dev/null
+++ b/debian/patches/fix_crash_stale_pointer_dereferencing.patch
@@ -0,0 +1,184 @@
+From 557a3202b7b9574b557dbbfe1712849c949667ec Mon Sep 17 00:00:00 2001
+From: Konstantin Ritt <ritt.ks at gmail.com>
+Date: Tue, 14 Jan 2014 18:27:33 +0200
+Subject: [PATCH] Fix crash due to a stale pointer dereferencing
+
+The HB face caching mechanism introduced in 227e9a40cfeb7e00658cd3
+wasn't complete due that fact that HB-NG doesn't parse the entire
+font table at once but rather references a table on-demand.
+This incompleteness caused a crash in case the engine doesn't
+get cached or when it removed from the cache and then re-used.
+
+Task-number: QTBUG-36099
+
+Change-Id: I7816836107655ce7cf6eb9683bb5dc7f892f9cd1
+---
+ src/gui/text/qfontengine.cpp    | 13 ++++++++++++-
+ src/gui/text/qfontengine_ft.cpp | 29 +++++++++++++++++++----------
+ src/gui/text/qfontengine_p.h    |  5 +++++
+ src/gui/text/qharfbuzzng.cpp    | 22 +++++++++++++++-------
+ 4 files changed, 51 insertions(+), 18 deletions(-)
+
+--- a/src/gui/text/qfontengine.cpp
++++ b/src/gui/text/qfontengine.cpp
+@@ -171,7 +171,8 @@ static const HB_FontClass hb_fontClass =
+ static HB_Error hb_getSFntTable(void *font, HB_Tag tableTag, HB_Byte *buffer, HB_UInt *length)
+ {
+     QFontEngine *fe = (QFontEngine *)font;
+-    if (!fe->getSfntTableData(tableTag, buffer, length))
++    Q_ASSERT(fe->faceData.get_font_table);
++    if (!fe->faceData.get_font_table(fe->faceData.user_data, tableTag, buffer, length))
+         return HB_Err_Invalid_Argument;
+     return HB_Err_Ok;
+ }
+@@ -182,6 +183,13 @@ static void hb_freeFace(void *face)
+ }
+ 
+ 
++static bool qt_get_font_table_default(void *user_data, uint tag, uchar *buffer, uint *length)
++{
++    QFontEngine *fe = (QFontEngine *)user_data;
++    return fe->getSfntTableData(tag, buffer, length);
++}
++
++
+ #ifdef QT_BUILD_INTERNAL
+ // for testing purpose only, not thread-safe!
+ static QList<QFontEngine *> *enginesCollector = 0;
+@@ -210,6 +218,9 @@ QFontEngine::QFontEngine()
+       font_(0), font_destroy_func(0),
+       face_(0), face_destroy_func(0)
+ {
++    faceData.user_data = this;
++    faceData.get_font_table = qt_get_font_table_default;
++
+     cache_cost = 0;
+     fsType = 0;
+     symbol = false;
+--- a/src/gui/text/qfontengine_ft.cpp
++++ b/src/gui/text/qfontengine_ft.cpp
+@@ -116,6 +116,21 @@ QT_BEGIN_NAMESPACE
+ #define TRUNC(x)    ((x) >> 6)
+ #define ROUND(x)    (((x)+32) & -64)
+ 
++static bool ft_getSfntTable(void *user_data, uint tag, uchar *buffer, uint *length)
++{
++    FT_Face face = (FT_Face)user_data;
++
++    bool result = false;
++    if (FT_IS_SFNT(face)) {
++        FT_ULong len = *length;
++        result = FT_Load_Sfnt_Table(face, tag, 0, buffer, &len) == FT_Err_Ok;
++        *length = len;
++    }
++
++    return result;
++}
++
++
+ // -------------------------- Freetype support ------------------------------
+ 
+ class QtFreetypeData
+@@ -386,15 +401,7 @@ QFontEngine::Properties QFreetypeFace::p
+ 
+ bool QFreetypeFace::getSfntTable(uint tag, uchar *buffer, uint *length) const
+ {
+-    bool result = false;
+-#if (FREETYPE_MAJOR*10000 + FREETYPE_MINOR*100 + FREETYPE_PATCH) > 20103
+-    if (FT_IS_SFNT(face)) {
+-        FT_ULong len = *length;
+-        result = FT_Load_Sfnt_Table(face, tag, 0, buffer, &len) == FT_Err_Ok;
+-        *length = len;
+-    }
+-#endif
+-    return result;
++    return ft_getSfntTable(face, tag, buffer, length);
+ }
+ 
+ /* Some fonts (such as MingLiu rely on hinting to scale different
+@@ -739,6 +746,8 @@ bool QFontEngineFT::init(FaceId faceId,
+     fontDef.styleName = QString::fromUtf8(face->style_name);
+ 
+     if (!freetype->hbFace) {
++        faceData.user_data = face;
++        faceData.get_font_table = ft_getSfntTable;
+         freetype->hbFace = harfbuzzFace();
+         freetype->hbFace_destroy_func = face_destroy_func;
+     } else {
+@@ -1157,7 +1166,7 @@ QFixed QFontEngineFT::emSquareSize() con
+ 
+ bool QFontEngineFT::getSfntTableData(uint tag, uchar *buffer, uint *length) const
+ {
+-    return freetype->getSfntTable(tag, buffer, length);
++    return ft_getSfntTable(freetype->face, tag, buffer, length);
+ }
+ 
+ int QFontEngineFT::synthesized() const
+--- a/src/gui/text/qfontengine_p.h
++++ b/src/gui/text/qfontengine_p.h
+@@ -85,6 +85,7 @@ enum HB_Compat_Error {
+ };
+ 
+ typedef void (*qt_destroy_func_t) (void *user_data);
++typedef bool (*qt_get_font_table_func_t) (void *user_data, uint tag, uchar *buffer, uint *length);
+ 
+ class Q_GUI_EXPORT QFontEngine
+ {
+@@ -280,6 +281,10 @@ public:
+     mutable qt_destroy_func_t font_destroy_func;
+     mutable void *face_;
+     mutable qt_destroy_func_t face_destroy_func;
++    struct FaceData {
++        void *user_data;
++        qt_get_font_table_func_t get_font_table;
++    } faceData;
+ 
+     uint cache_cost; // amount of mem used in kb by the font
+     uint fsType : 16;
+--- a/src/gui/text/qharfbuzzng.cpp
++++ b/src/gui/text/qharfbuzzng.cpp
+@@ -623,19 +623,22 @@ hb_font_funcs_t *hb_qt_get_font_funcs()
+ 
+ 
+ static hb_blob_t *
+-_hb_qt_get_font_table(hb_face_t * /*face*/, hb_tag_t tag, void *user_data)
++_hb_qt_reference_table(hb_face_t * /*face*/, hb_tag_t tag, void *user_data)
+ {
+-    QFontEngine *fe = (QFontEngine *)user_data;
+-    Q_ASSERT(fe);
++    QFontEngine::FaceData *data = (QFontEngine::FaceData *)user_data;
++    Q_ASSERT(data);
++
++    qt_get_font_table_func_t get_font_table = data->get_font_table;
++    Q_ASSERT(get_font_table);
+ 
+     uint length = 0;
+-    if (Q_UNLIKELY(!fe->getSfntTableData(tag, 0, &length) || length == 0))
++    if (Q_UNLIKELY(!get_font_table(data->user_data, tag, 0, &length) || length == 0))
+         return hb_blob_get_empty();
+ 
+     char *buffer = (char *)malloc(length);
+     Q_CHECK_PTR(buffer);
+ 
+-    if (Q_UNLIKELY(!fe->getSfntTableData(tag, reinterpret_cast<uchar *>(buffer), &length)))
++    if (Q_UNLIKELY(!get_font_table(data->user_data, tag, reinterpret_cast<uchar *>(buffer), &length)))
+         length = 0;
+ 
+     return hb_blob_create(const_cast<const char *>(buffer), length,
+@@ -646,9 +649,14 @@ _hb_qt_get_font_table(hb_face_t * /*face
+ static inline hb_face_t *
+ _hb_qt_face_create(QFontEngine *fe)
+ {
+-    hb_face_t *face;
++    Q_ASSERT(fe);
++
++    QFontEngine::FaceData *data = (QFontEngine::FaceData *)malloc(sizeof(QFontEngine::FaceData));
++    Q_CHECK_PTR(data);
++    data->user_data = fe->faceData.user_data;
++    data->get_font_table = fe->faceData.get_font_table;
+ 
+-    face = hb_face_create_for_tables(_hb_qt_get_font_table, (void *)fe, NULL);
++    hb_face_t *face = hb_face_create_for_tables(_hb_qt_reference_table, (void *)data, free);
+     if (Q_UNLIKELY(hb_face_is_immutable(face))) {
+         hb_face_destroy(face);
+         return NULL;
diff --git a/debian/patches/series b/debian/patches/series
index bd7f15c..b04601b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,6 +9,7 @@ gnukfreebsd.diff
 enable_s390_detection.patch
 enable_sparc_detection.patch
 do_not_pass_wcast-align_on_sparc.patch
+fix_crash_stale_pointer_dereferencing.patch
 
 # Debian specific.
 change_sparc_qatomic.patch

-- 
qtbase packaging

More information about the pkg-kde-commits mailing list