FcConfigDestroy crashes on null config pointers
Hi,
We're trying a bigger deployment of Fontconfig at Krita. We tried using the standard memory management facilities, std::shared_ptr<FcConfig*>
and QSharedPointer<FcConfig*>
; in both cases, the app crashes at initialization on Android because of the following stacktrace:
Thread 1 "krita" received signal SIGSEGV, Segmentation fault.
IA__FcConfigDestroy (config=0x0) at ../ext_fontconfig/src/fccfg.c:365
365 if (FcRefDec (&config->ref) != 1)
(gdb) bt
#0 IA__FcConfigDestroy (config=0x0) at ../ext_fontconfig/src/fccfg.c:365
#1 0x00007ffff6dc6134 in QtSharedPointer::ExternalRefCountData::destroy() (this=0x55555d4c7550) at /usr/include/qt/QtCore/qsharedpointer_impl.h:149
#2 QSharedPointer<_FcConfig>::deref(QtSharedPointer::ExternalRefCountData*) (dd=0x55555d4c7550) at /usr/include/qt/QtCore/qsharedpointer_impl.h:458
#3 QSharedPointer<_FcConfig>::deref() (this=<optimized out>) at /usr/include/qt/QtCore/qsharedpointer_impl.h:453
#4 QSharedPointer<_FcConfig>::~QSharedPointer() (this=<optimized out>) at /usr/include/qt/QtCore/qsharedpointer_impl.h:310
#5 QSharedPointer<_FcConfig>::reset<void (*)(_FcConfig*)>(_FcConfig*, void (*)(_FcConfig*)) (this=0x55555cf93910, t=0x555557cd4af0, deleter=<optimized out>) at /usr/include/qt/QtCore/qsharedpointer_impl.h:391
#6 KisLibraryResourcePointer<_FcConfig, &FcConfigDestroy>::reset(_FcConfig*) (this=0x55555cf93910, ptr=0x555557cd4af0) at /home/sh_zam/workspace/krita-text/libs/flake/text/KoFontLibraryResourceUtils.h:44
#7 KoFontRegistry::Private::Private() (this=0x55555cf93910) at /home/sh_zam/workspace/krita-text/libs/flake/text/KoFontRegistry.cpp:78
Upon review, it seems FcConfigDestroy
does not check the pointer for validity prior to trying to access it.
https://gitlab.freedesktop.org/fontconfig/fontconfig/-/blob/main/src/fccfg.c#L358-366
This makes it impossible to be directly used with the C++ STL or Qt's memory management facilities.