Hello,

  Incidentally, I'm playing with the FontPlugin.  There seems to be
couples of problems, but one of them is in enumFontsCallback() of
sqWin32FontPlugin.c:

	/* We check for unique names here since fonts will be listed in all available char sets */
	for(i = 0; i < numFontNames; i++) {
		if(strcmp(fontNameCache[i].logFont.lfFaceName, logFont->elfLogFont.lfFaceName) == 0) {
			/* we had this guy already */
			return 1; /* but continue enumerating */
		}
	}
	numFontNames++;
	fontNameCache[numFontNames].logFont = logFont->elfLogFont;
	fontNameCache[numFontNames].fontType = fontType;
	return 1; /* continue enumeration */

  The pre-increment (by the post-increment operator) of numFontNames
makes fontNameCache[0] uninitialized, but in the above, the 0-th
element is accessed in the for-loop.  It may work fine if you don't
grow the fontNameCache, but once you hit the realloc(), it is very
likely that the end of the fontNameCache is already broken.

  The last four lines should read:

	fontNameCache[numFontNames].logFont = logFont->elfLogFont;
	fontNameCache[numFontNames].fontType = fontType;
	numFontNames++;
	return 1; /* continue enumeration */

I think...

  This is very fun stuff to debug in the last weekend of a year, huh.

-- Yoshiki