I just sent a patch based on a Fedora bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1095405. That patch only addresses the printing of backtraces when a fatal error occurs. Now I want to understand how the fatal error happened in the first place. GDB shows that Ffc_font_match was called with the pattern argument bound to this object: struct fc_config { NORMAL_LIST_OBJECT_HEADER header = { ... }; FcConfig *fccfgPtr = NULL; }; So CHECK_FC_PATTERN (pattern) (font-mgr.c, line 990) passes, then p = XFC_PATTERN_PTR (pattern) (font-mgr.c, line 1000) gets set to NULL. Then we pass p == NULL as the second argument to FcConfigSubstitute (font-mgr.c, line 1003), and fontconfig dereferences the pointer. I don't know what the bug is here: that an fc_config object with fccfgPtr == NULL was created, or that Ffc_font_match() doesn't check that it is non-NULL. I suspect the former, since other functions also don't check that the pattern is non-NULL. Can someone who understands this code comment? Thanks, -- Jerry James http://www.jamezone.org/ _______________________________________________ XEmacs-Beta mailing list XEmacs-Beta(a)xemacs.org http://lists.xemacs.org/mailman/listinfo/xemacs-beta