10817 – Crash in _cairo_ft_unscaled_font_lock_face()

Bug 10817 - Crash in _cairo_ft_unscaled_font_lock_face()

Summary: Crash in _cairo_ft_unscaled_font_lock_face()

Status:	RESOLVED FIXED

Alias:	None

Product:	cairo
Classification:	Unclassified
Component:	freetype font backend (show other bugs)
Version:	1.4.5
Hardware:	Other All

Importance:	medium normal
Assignee:	Behdad Esfahbod
QA Contact:	cairo-bugs mailing list

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-04-30 05:38 UTC by Vincent Untz
Modified:	2007-06-13 15:47 UTC (History)
CC List:	3 users (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Vincent Untz 2007-04-30 05:38:12 UTC

Stack trace from http://bugzilla.gnome.org/show_bug.cgi?id=431255:

Distribution: Fedora release 6.93 (Rawhide)
Gnome Release: 2.18.0 2007-03-23 (Red Hat, Inc)
BugBuddy Version: 2.18.0

System: Linux 2.6.20-2925.5.fc7xen #1 SMP Thu Mar 22 13:51:40 EDT 2007 x86_64
X Vendor: The X.Org Foundation
X Vendor Release: 10299905
Selinux: Permissive
Accessibility: Disabled
GTK+ Theme: Clearlooks
Icon Theme: Echo

Memory status: size: 302784512 vsize: 302784512 resident: 15691776 share:
9338880 rss: 15691776 rss_rlim: 18446744073709551615
CPU usage: start_time: 1177926261 rtime: 15 utime: 10 stime: 5 cutime:0 cstime:
0 timeout: 0 it_real_value: 0 frequency: 100

Backtrace was generated from '/usr/bin/gnome-about'

(no debugging symbols found)
Using host libthread_db library "/lib64/libthread_db.so.1".
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 46912496339424 (LWP 14062)]
0x00000036ec60d805 in __libc_waitpid (pid=14066, stat_loc=0x7fff90d5a2dc, 
    options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:32
32            return INLINE_SYSCALL (wait4, 4, pid, stat_loc, options, NULL);
#0  0x00000036ec60d805 in __libc_waitpid (pid=14066, stat_loc=0x7fff90d5a2dc, 
    options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:32
#1  0x00000036fb857c97 in libgnomeui_segv_handle (signum=11)
    at gnome-ui-init.c:872
#2  <signal handler called>
#3  __pthread_mutex_lock (mutex=0xd0) at pthread_mutex_lock.c:46
#4  0x00000036f1e27883 in _cairo_ft_unscaled_font_lock_face (unscaled=0x0)
    at cairo-ft-font.c:519
#5  0x00000036f1e27baf in _cairo_ft_ucs4_to_index (
    abstract_font=<value optimized out>, ucs4=48) at cairo-ft-font.c:2034
#6  0x00000036f1e19b64 in _cairo_scaled_font_text_to_glyphs (
    scaled_font=0x36f2075c00, x=0, y=0, utf8=<value optimized out>, 
    glyphs=0x7fff90d5a898, num_glyphs=0x7fff90d5a8a4)
    at cairo-scaled-font.c:932
#7  0x00000036f1e1a033 in cairo_scaled_font_text_extents (scaled_font=0xd0, 
    utf8=0x30 <Address 0x30 out of bounds>, extents=0x7fff90d5a930)
    at cairo-scaled-font.c:777
#8  0x000000306ca03e82 in _pango_cairo_font_get_hex_box_info (cfont=0xad7bf0)
    at pangocairo-font.c:252
#9  0x000000306ca04111 in _pango_cairo_get_glyph_extents_missing (cfont=0xd0, 
    glyph=48, ink_rect=0x36f2075340, logical_rect=0x0)
    at pangocairo-font.c:311
#10 0x000000306ca06792 in pango_cairo_fc_font_get_glyph_extents (
    font=0xad7bf0, glyph=268435543, ink_rect=0x0, logical_rect=0x7fff90d5ab50)
    at pangocairo-fcfont.c:392
#11 0x00000036f1a17a5a in fallback_engine_shape (
    engine=<value optimized out>, font=<value optimized out>, 
    text=<value optimized out>, length=<value optimized out>, 
    analysis=0x883710, glyphs=0x8e0280) at pango-engine.c:119
#12 0x00000036f1a26ecf in pango_shape (text=0x8fb110 "Will Walker", 
    length=11, analysis=0x883710, glyphs=0x8e0280) at shape.c:108
#13 0x00000036f1a1ae9c in shape_run (line=0xade400, state=0x7fff90d5ad80, 
    item=0x883700) at pango-layout.c:3020
#14 0x00000036f1a1d6ef in process_item (layout=0x873940, line=0xade400, 
    state=0x7fff90d5ad80, force_fit=1, no_break_at_end=0)
    at pango-layout.c:3112
#15 0x00000036f1a1dc0a in pango_layout_check_lines (layout=0x873940)
    at pango-layout.c:3349
#16 0x00000036f1a1e4ed in pango_layout_get_extents_internal (layout=0xd0, 
    ink_rect=0x0, logical_rect=0x7fff90d5af60, line_extents=0x0)
    at pango-layout.c:2318
#17 0x00000036f1a1f480 in pango_layout_get_pixel_extents (layout=0x873940, 
    ink_rect=0x0, logical_rect=0x7fff90d5af60) at pango-layout.c:2520
#18 0x00000036f1a1f4ee in pango_layout_get_pixel_size (layout=0xd0, 
    width=0x8576a8, height=0x8576ac) at pango-layout.c:2568
#19 0x00000036fc4181d7 in gnome_canvas_text_set_property (
    object=<value optimized out>, param_id=20, value=0x7fff90d5b140, 
    pspec=0x69b240) at gnome-canvas-text.c:1089
#20 0x00000036f0611296 in IA__g_object_set_valist (object=0x857580, 
    first_property_name=<value optimized out>, var_args=0x7fff90d5b1f0)
    at gobject.c:697
#21 0x00000036fc423616 in gnome_canvas_item_set_valist (item=0x857580, 
    first_arg_name=0x40538b "markup", args=0x7fff90d5b1f0)
    at gnome-canvas.c:558
#22 0x00000036fc4236c2 in gnome_canvas_item_set (item=0xd0, 
    first_arg_name=0x30 <Address 0x30 out of bounds>) at gnome-canvas.c:539
#23 0x0000000000404452 in _start ()

Thread 1 (Thread 46912496339424 (LWP 14062)):
#0  0x00000036ec60d805 in __libc_waitpid (pid=14066, stat_loc=0x7fff90d5a2dc, 
    options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:32
        oldtype = <value optimized out>
        result = <value optimized out>
#1  0x00000036fb857c97 in libgnomeui_segv_handle (signum=11)
    at gnome-ui-init.c:872
        estatus = 32767
        sa = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, 
  sa_mask = {__val = {235877637613, 140735623307916, 6989200, 
      140735623307972, 235919178208, 24, 235919187456, 6989200, 3990956413, 
      11494400, 6989200, 140735623308360, 235919191830, 11381680, 
      235919178208, 0}}, sa_flags = 0, sa_restorer = 0x6aa688}
        pid = -512
        in_segv = 1
#2  <signal handler called>
No locals.
#3  __pthread_mutex_lock (mutex=0xd0) at pthread_mutex_lock.c:46
        oldval = <value optimized out>
        retval = <value optimized out>
#4  0x00000036f1e27883 in _cairo_ft_unscaled_font_lock_face (unscaled=0x0)
    at cairo-ft-font.c:519
        font_map = <value optimized out>
        face = (FT_Face) 0x0
        __PRETTY_FUNCTION__ = "_cairo_ft_unscaled_font_lock_face"
#5  0x00000036f1e27baf in _cairo_ft_ucs4_to_index (
    abstract_font=<value optimized out>, ucs4=48) at cairo-ft-font.c:2034
        unscaled = (cairo_ft_unscaled_font_t *) 0x0
        face = <value optimized out>
        index = <value optimized out>
#6  0x00000036f1e19b64 in _cairo_scaled_font_text_to_glyphs (
    scaled_font=0x36f2075c00, x=0, y=0, utf8=<value optimized out>, 
    glyphs=0x7fff90d5a898, num_glyphs=0x7fff90d5a8a4)
    at cairo-scaled-font.c:932
        i = 0
        ucs4 = (uint32_t *) 0xaf4fe0
        status = CAIRO_STATUS_SUCCESS
        scaled_glyph = (cairo_scaled_glyph_t *) 0x306ca06e01
#7  0x00000036f1e1a033 in cairo_scaled_font_text_extents (scaled_font=0xd0, 
    utf8=0x30 <Address 0x30 out of bounds>, extents=0x7fff90d5a930)
    at cairo-scaled-font.c:777
        status = <value optimized out>
        glyphs = (cairo_glyph_t *) 0xae3960
        num_glyphs = 1
#8  0x000000306ca03e82 in _pango_cairo_font_get_hex_box_info (cfont=0xad7bf0)
    at pangocairo-font.c:252
        extents = {x_bearing = 1.1654051408699419e-312, 
  y_bearing = 1.9739404748295323e-319, width = 3.0434443783820787e-320, 
  height = 1.165390343258003e-312, x_advance = 1.1656161886784618e-312, 
  y_advance = 6.9532636623399061e-310}
        c = "0"
        mini_font = (PangoFont *) 0xae6bf0
        hbi = <value optimized out>
        scale_x = 1
        scale_x_inv = 1
        scale_y = 1
        scale_y_inv = 1
        is_hinted = 1
        rows = 1
        pad = <value optimized out>
        width = 0
        height = 0
        font_options = <value optimized out>
        font_extents = {ascent = 5.6232180294550644e-317, 
  descent = 5.6195105608486717e-317, height = 6.9532636623517637e-310, 
  max_x_advance = 4.6526043293115185e-317, 
  max_y_advance = 5.6232180294550644e-317}
        size = 0
        mini_size = 0
        desc = <value optimized out>
        mini_desc = <value optimized out>
        scaled_font = (cairo_scaled_font_t *) 0x36f2075c00
        scaled_mini_font = (cairo_scaled_font_t *) 0x36f2075c00
        pango_ctm = {xx = 1, xy = 0, yx = 0, yy = 1, x0 = 0, y0 = 0}
        cairo_ctm = {xx = 1, yx = 0, xy = 0, yy = 1, x0 = 0, y0 = 0}
        hexdigits = "0123456789ABCDEF"
#9  0x000000306ca04111 in _pango_cairo_get_glyph_extents_missing (cfont=0xd0, 
    glyph=48, ink_rect=0x36f2075340, logical_rect=0x0)
    at pangocairo-font.c:311
        hbi = <value optimized out>
#10 0x000000306ca06792 in pango_cairo_fc_font_get_glyph_extents (
    font=0xad7bf0, glyph=268435543, ink_rect=0x0, logical_rect=0x7fff90d5ab50)
    at pangocairo-fcfont.c:392
        entry = <value optimized out>
#11 0x00000036f1a17a5a in fallback_engine_shape (
    engine=<value optimized out>, font=<value optimized out>, 
    text=<value optimized out>, length=<value optimized out>, 
    analysis=0x883710, glyphs=0x8e0280) at pango-engine.c:119
        logical_rect = {x = -297149120, y = 54, width = -240985648, 
  height = 54}
        glyph = 268435543
        n_chars = 11
        i = 1
        p = 0x8fb110 "Will Walker"
#12 0x00000036f1a26ecf in pango_shape (text=0x8fb110 "Will Walker", 
    length=11, analysis=0x883710, glyphs=0x8e0280) at shape.c:108
        fallback_engine = (PangoEngineShape *) 0xd0
        i = <value optimized out>
        last_cluster = <value optimized out>
        warned_quark = 851
#13 0x00000036f1a1ae9c in shape_run (line=0xade400, state=0x7fff90d5ad80, 
    item=0x883700) at pango-layout.c:3020
        layout = (PangoLayout *) 0x873940
        glyphs = (PangoGlyphString *) 0x8e0280
#14 0x00000036f1a1d6ef in process_item (layout=0x873940, line=0xade400, 
    state=0x7fff90d5ad80, force_fit=1, no_break_at_end=0)
    at pango-layout.c:3112
        num_chars = <value optimized out>
        break_num_chars = <value optimized out>
        break_width = <value optimized out>
        retrying_with_char_breaks = <value optimized out>
        item = (PangoItem *) 0x883700
        width = <value optimized out>
        i = <value optimized out>
        processing_new_item = <value optimized out>
#15 0x00000036f1a1dc0a in pango_layout_check_lines (layout=0x873940)
    at pango-layout.c:3349
        delim_len = 0
        end = <value optimized out>
        next_para_index = 11
        state = {attrs = 0x8e0580, items = 0x8df160, 
  base_dir = PANGO_DIRECTION_LTR, first_line = 1, line_start_index = 0, 
  remaining_width = -1, start_offset = 0, glyphs = 0x0, properties = {
    uline = PANGO_UNDERLINE_NONE, strikethrough = 0, rise = 0, 
    letter_spacing = 0, shape_set = 0, shape_ink_rect = 0x0, 
    shape_logical_rect = 0x0}, log_widths = 0x0, 
  log_widths_offset = -1865044388}
        delimiter_index = 11
        start = 0x8fb110 "Will Walker"
        done = 1
        start_offset = 0
        attrs = (PangoAttrList *) 0x8e0580
        no_shape_attrs = (PangoAttrList *) 0x0
        iter = (PangoAttrIterator *) 0x8e0300
        prev_base_dir = PANGO_DIRECTION_LTR
        base_dir = PANGO_DIRECTION_LTR
        __PRETTY_FUNCTION__ = "pango_layout_check_lines"
#16 0x00000036f1a1e4ed in pango_layout_get_extents_internal (layout=0xd0, 
    ink_rect=0x0, logical_rect=0x7fff90d5af60, line_extents=0x0)
    at pango-layout.c:2318
        line_list = <value optimized out>
        y_offset = <value optimized out>
        width = <value optimized out>
        __PRETTY_FUNCTION__ = "pango_layout_get_extents_internal"
#17 0x00000036f1a1f480 in pango_layout_get_pixel_extents (layout=0x873940, 
    ink_rect=0x0, logical_rect=0x7fff90d5af60) at pango-layout.c:2520
        __PRETTY_FUNCTION__ = "pango_layout_get_pixel_extents"
#18 0x00000036f1a1f4ee in pango_layout_get_pixel_size (layout=0xd0, 
    width=0x8576a8, height=0x8576ac) at pango-layout.c:2568
        logical_rect = {x = 8746368, y = 0, width = -62818497, height = 54}
#19 0x00000036fc4181d7 in gnome_canvas_text_set_property (
    object=<value optimized out>, param_id=20, value=0x7fff90d5b140, 
    pspec=0x69b240) at gnome-canvas-text.c:1089
        font_name = <value optimized out>
        font_desc = (PangoFontDescription *) 0x69aa30
        item = (GnomeCanvasItem *) 0x857580
        text = (GnomeCanvasText *) 0x857580
        color = {pixel = 0, red = 0, green = 0, blue = 0}
        have_pixel = 0
        align = <value optimized out>
        __PRETTY_FUNCTION__ = "gnome_canvas_text_set_property"
#20 0x00000036f0611296 in IA__g_object_set_valist (object=0x857580, 
    first_property_name=<value optimized out>, var_args=0x7fff90d5b1f0)
    at gobject.c:697
        _cvalue = <value optimized out>
        value = {g_type = 60, data = {{v_int = 0, v_uint = 0, v_long = 0, 
      v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, 
      v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, 
      v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
        pspec = (GParamSpec *) 0x69b240
        error = <value optimized out>
        nqueue = (GObjectNotifyQueue *) 0x8deec0
        name = (const gchar *) 0x14 <Address 0x14 out of bounds>
        __PRETTY_FUNCTION__ = "IA__g_object_set_valist"
#21 0x00000036fc423616 in gnome_canvas_item_set_valist (item=0x857580, 
    first_arg_name=0x40538b "markup", args=0x7fff90d5b1f0)
    at gnome-canvas.c:558
        __PRETTY_FUNCTION__ = "gnome_canvas_item_set_valist"
#22 0x00000036fc4236c2 in gnome_canvas_item_set (item=0xd0, 
    first_arg_name=0x30 <Address 0x30 out of bounds>) at gnome-canvas.c:539
        args = {{gp_offset = 48, fp_offset = 64, 
    overflow_arg_area = 0x7fff90d5b2d0, reg_save_area = 0x7fff90d5b210}}
#23 0x0000000000404452 in _start ()
No symbol table info available.
0x00000036ec60d805      32            return INLINE_SYSCALL (wait4, 4, pid,
stat_loc, options, NULL);
The program is running.  Quit anyway (and detach it)? (y or n) [answered Y;
input not from terminal]


----------- .xsession-errors ---------------------
(gnome-terminal:13540): Vte-WARNING **: Can not find appropiate font for
character U+ac04.
(gnome-terminal:13540): Vte-WARNING **: Can not find appropiate font for
character U+ac08.
(gnome-terminal:13540): Vte-WARNING **: Can not find appropiate font for
character U+ac10.
(gnome-about:13911): Pango-WARNING **: shape engine failure, expect ugly
output. the offending font is 'DejaVu LGC Sans Bold Not-Rotated 0'
(gnome-about:14019): Pango-WARNING **: shape engine failure, expect ugly
output. the offending font is 'DejaVu LGC Sans Bold Not-Rotated 0'
(gnome-about:14062): Pango-WARNING **: shape engine failure, expect ugly
output. the offending font is 'DejaVu LGC Sans Bold Not-Rotated 0'
--------------------------------------------------

Comment 1 Sebastien Bacher 2007-05-21 05:14:24 UTC

Ubuntu bug with a similar crash on https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/115482

When setting the fonts to "7" nautilus crashes, using "8" works correctly

Comment 2 Behdad Esfahbod 2007-06-13 15:47:33 UTC

Most probably fixed already.  Reopen if happens with 1.4.8.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.