Segfaults when using the 39C3 font from Chaos Communication congress

[berlincount]

What did you do?

I was trying to work with the TTF font from https://events.ccc.de/congress/2025/infos/styleguide.html (39C3-Design-Package/39C3-Fonts/Kario 39C3 Variable/Desktop/Kario39C3Var-Roman.ttf within https://events.ccc.de/congress/2025/infos/styleguide/39c3-styleguide-full-v2.zip), starting with listing the styles.

What did you expect to happen?

I expected to get a list of the styles of the font, and to be able to work with it further.

What actually happened?

SIGSEGV/Segmentation fault

What are your OS, Python and Pillow versions?

• OS: python3-slim Docker image on Ubuntu 24.04.3 LTS on WSL2 as well as native
• Python: 3.14.2
• Pillow: 12.0.0

--------------------------------------------------------------------
Pillow 12.0.0
Python 3.14.2 (main, Dec 30 2025, 00:42:55) [GCC 12.2.0]
--------------------------------------------------------------------
Python modules loaded from /opt/venv/python3/dist-packages/PIL
Binary modules loaded from /opt/venv/python3/dist-packages/PIL
--------------------------------------------------------------------
--- PIL CORE support ok, compiled for 12.0.0
--- TKINTER support not installed
--- FREETYPE2 support ok, loaded 2.14.1
--- LITTLECMS2 support ok, loaded 2.17
--- WEBP support ok, loaded 1.6.0
--- AVIF support ok, loaded 1.3.0
--- JPEG support ok, compiled for libjpeg-turbo 3.1.2
--- OPENJPEG (JPEG2000) support ok, loaded 2.5.4
--- ZLIB (PNG/ZIP) support ok, loaded 1.2.13, compiled for zlip-ng 2.2.5
--- LIBTIFF support ok, loaded 4.7.1
*** RAQM (Bidirectional Text) support not installed
--- LIBIMAGEQUANT (Quantization method) support not installed
--- XCB (X protocol) support ok
--------------------------------------------------------------------

#!/usr/bin/env python3

from PIL import ImageFont
import pprint

font = ImageFont.truetype('Kario39C3Var-Roman.ttf')
pprint.pp(font.get_variation_names())

NOTE: This also might be a security issue, as this essentially seems to be Null Pointer Exception. I think this should be better contained / captured.

[radarhere]

Interesting. Looking at the font, I see that there is a duplicate variation - there are two variations of "XXtended Regular". I've created #9362 to handle this, and exclude the duplicate. With that, font.get_variation_names() would return

[b'XXCondensed Ultra', b'XXCondensed Black', b'XXCondensed Bold', b'XXCondensed Medium', b'XXCondensed Regular', b'XXCondensed Light', b'XXCondensed Thin', b'XCondensed Ultra', b'XCondensed Black', b'XCondensed Bold', b'XCondensed Medium', b'XCondensed Regular', b'XCondensed Light', b'XCondensed Thin', b'Condensed Ultra', b'Condensed Black', b'Condensed Bold', b'Condensed Medium', b'Condensed Regular', b'Condensed Light', b'Condensed Thin', b'Narrow Ultra', b'Narrow Black', b'Narrow Bold', b'Narrow Medium', b'Narrow Regular', b'Narrow Light', b'Narrow Thin', b'Ultra', b'Black', b'Bold', b'Medium', b'Regular', b'Light', b'Thin', b'Xtended Ultra', b'Xtended Black', b'Xtended Bold', b'Xtended Medium', b'Xtended Regular', b'Xtended Light', b'Xtended Thin', b'XXtended Ultra', b'XXtended Black', b'XXtended Regular', b'XXtended Medium', b'XXtended Light', b'XXtended Thin']

If you find a security problem in the future, we do have a security policy.

[berlincount]

Wow, that was quick :) thank you!

[radarhere]

The fix has now been released as part of Pillow 12.1.0.