[Bug 489928] New: FreeType 2.3.8 is not binary compatible to version 2.3.7

bugzilla at redhat.com bugzilla at redhat.com
Thu Mar 12 15:31:48 UTC 2009

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: FreeType 2.3.8 is not binary compatible to version 2.3.7


           Summary: FreeType 2.3.8 is not binary compatible to version
           Product: Fedora
           Version: rawhide
          Platform: All
               URL: http://sourceforge.net/project/shownotes.php?group_id=
        OS/Version: Linux
            Status: NEW
          Severity: urgent
          Priority: low
         Component: freetype
        AssignedTo: besfahbo at redhat.com
        ReportedBy: xose.vazquez at gmail.com
         QAContact: extras-qa at fedoraproject.org
                CC: besfahbo at redhat.com, kevin at tigcc.ticalc.org,
                    fedora-fonts-bugs-list at redhat.com
    Classification: Fedora

- Very unfortunately, FreeType 2.3.8 contained a change that broke
      its  official ABI.  The  end result  is  that programs  compiled
      against previous versions of the library, but dynamically linked
      to  2.3.8 can  experience  memory corruption  if  they call  the
      `FT_Get_PS_Font_Info' function.

      We recommend all users to  upgrade to 2.3.9 as soon as possible,
      or to downgrade to a previous  release of the library if this is
      not an option.

      The  origin of the  bug is  that a  new field  was added  to the
      publicly  defined  `PS_FontInfoRec'  structure.   Unfortunately,
      objects of this  type can be stack or  heap allocated by callers
      of   `FT_Get_PS_Font_Info',  resulting   in   a  memory   buffer
      overwrite with its implementation in 2.3.8.

      If  you want to  know whether  your code  is vulnerable  to this
      issue,  simply  search  for  the  substrings  `PS_FontInfo'  and
      `PS_Font_Info' in your source code.  If none is found, your code
      is safe and is not affected.

      The FreeType team apologizes for the problem.

Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the fonts-bugs mailing list