[Webkit-unassigned] [Bug 24592] [GTK] Crash in FcPatternHash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Mar 15 00:42:19 PDT 2009


https://bugs.webkit.org/show_bug.cgi?id=24592





------- Comment #1 from xan.lopez at gmail.com  2009-03-15 00:42 PDT -------
Just had this again, and it's crashing when trying to access the first pattern
element in here:

FcChar32
FcPatternHash (const FcPattern *p)
{
    int         i;
    FcChar32    h = 0;
    FcPatternElt    *pe = FcPatternElts(p);

    for (i = 0; i < p->num; i++)
    {
        h = (((h << 1) | (h >> 31)) ^ 
             pe[i].object ^ // <--- crash
             FcValueListHash (FcPatternEltValues(&pe[i])));
    }

so it seems we are passing an already deleted pattern to the function.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list