Crash in Load_SBit_Png on Windows x64
Freetype uses libpng for CBDT/CBLC emoji & icon fonts containing png images (see here). Freetype additionally uses the default setjmp
/longjmp
mechanism for error handling with libpng and it does not provide user-defined memory allocation/deallocation functions to libpng. By default, libpng will use malloc
/free
for memory management.
The alignment of jmp_buf
on Windows x64 (x86-64) is 16-bytes when compiling with MSVC++ 2017 and 2019. png_struct_def
defines a jmp_buf
member variable so alignof(png_struct_def) >= 16
is true, which is what we want. The problem occurs when creating a png_struct
through the png_create_*
suite of APIs. By default, these functions simply call malloc
, which only guarantees that the returned pointer has 8-byte alignment on Windows x64. When evaluating ft_setjmp( png_jmpbuf( png ) )
this often results in an access violation executing a MOVDQA instruction when the given jmp_buf
address is not aligned to 16-bytes.
What's the best way to fix this problem? Should Freetype be changed to use png_create_read_struct_2
in order that _aligned_malloc
be used when allocating the png_struct
on Windows platforms?
A stacktrace of the crash is as follows:
Unhandled Exception At 0x007ffb8046fa5b -- Access violation reading location 0xffffffffffffffff
--- STACKTRACE ---
0# 0x007ffb8046fa5b in VCRUNTIME140.dll
1# Load_SBit_Png at vcpkg\buildtrees\freetype\src\827cda734a-239082ca76.clean\src\sfnt\pngshim.c(313)
2# tt_sbit_decoder_load_png at vcpkg\buildtrees\freetype\src\827cda734a-239082ca76.clean\src\sfnt\ttsbit.c(1098)
3# tt_sbit_decoder_load_bitmap at vcpkg\buildtrees\freetype\src\827cda734a-239082ca76.clean\src\sfnt\ttsbit.c(1242)
4# tt_sbit_decoder_load_image at vcpkg\buildtrees\freetype\src\827cda734a-239082ca76.clean\src\sfnt\ttsbit.c(1438)
5# tt_face_load_sbit_image at vcpkg\buildtrees\freetype\src\827cda734a-239082ca76.clean\src\sfnt\ttsbit.c(1646)
6# TT_Load_Glyph at vcpkg\buildtrees\freetype\src\827cda734a-239082ca76.clean\src\truetype\ttgload.c(2829)
7# FT_Load_Glyph at vcpkg\buildtrees\freetype\src\827cda734a-239082ca76.clean\src\base\ftobjs.c(951)
8# ...