Bug 120

Summary: segfault with ghostscript fonts (again)
Product: fontconfig Reporter: Gustavo J. A. M. Carneiro <gjc>
Component: fc-cacheAssignee: Keith Packard <keithp>
Status: RESOLVED FIXED QA Contact:
Severity: critical    
Priority: high CC: albie
Version: 2_1   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Gustavo J. A. M. Carneiro 2003-10-02 07:18:22 UTC
fc-cache (HEAD) crashes with ghostscript fonts.  A similar problem happened a
long time ago, and got fixed I think.  Backtrace follows.

#0  0x4015f089 in free () from /lib/libc.so.6
#1  0x4004f484 in ft_free (memory=0x8050600, block=0xfffffff9)
    at /home/gjc/freetype-2.1.5/builds/unix/ftsystem.c:157
#2  0x4004f714 in FT_Free (memory=0x0, P=0x1)
    at /home/gjc/freetype-2.1.5/src/base/ftutil.c:134
#3  0x4008ff6c in T1_Face_Done (face=0x8062598)
    at /home/gjc/freetype-2.1.5/src/type1/t1objs.c:232
#4  0x400548c4 in destroy_face (memory=0x8050600, face=0x8062598,
    driver=0x4008fe00) at /home/gjc/freetype-2.1.5/src/base/ftobjs.c:695
#5  0x40052cf1 in FT_Done_Face (face=0x8062598)
    at /home/gjc/freetype-2.1.5/src/base/ftobjs.c:1838
#6  0x40028dfa in FcFreeTypeQuery (file=0x8062598 "\001", id=0,
    blanks=0x8050200, count=0xfffffff9) at fcfreetype.c:1054
#7  0x40027e82 in FcFileScanConfig (set=0x80501a8, dirs=0x8050970, cache=0x0,
    blanks=0x8050200, file=0x804aa48 "/usr/share/fonts/ghostscript/hrgrr.pfa",
    force=1, config=0xfffffff9) at fcdir.c:117
#8  0x40028257 in FcDirScanConfig (set=0x80501a8, dirs=0x8050970, cache=0x0,
    blanks=0x8050200, dir=0x804f4d8 "/usr/share/fonts/ghostscript", force=1,
    config=0x0) at fcdir.c:240
#9  0x40028312 in FcDirScan (set=0x80501a8, dirs=0x8050970, cache=0x0,
    blanks=0x8050200, dir=0x804f4d8 "/usr/share/fonts/ghostscript", force=1)
    at fcdir.c:263
#10 0x08048d33 in scanDirs (list=0x804e2f0, config=0x804a8f8,
    program=0xbffff961 "fc-cache", force=1, verbose=1) at fc-cache.c:179
#11 0x08048d95 in scanDirs (list=0x804e318, config=0x804a8f8,
    program=0xbffff961 "fc-cache", force=1, verbose=1) at fc-cache.c:210
#12 0x08049094 in main (argc=134538008, argv=0xbffff804) at fc-cache.c:291
Comment 1 Gustavo J. A. M. Carneiro 2003-10-02 07:47:18 UTC
  I'm beginning to think it is freetype's fault.  Anyway, here's the result of
running with valgrind:

fc-cache: "/usr/share/fonts/ghostscript": ==2945== Invalid free() / delete /
delete[]
==2945==    at 0x400296C7: free (vg_replace_malloc.c:220)
==2945==    by 0x4025C34B: ft_free
(/home/gjc/freetype-2.1.5/builds/unix/ftsystem.c:157)
==2945==    by 0x4025C777: FT_Free (/home/gjc/freetype-2.1.5/src/base/ftutil.c:134)
==2945==    by 0x4029A43A: T1_Face_Done
(/home/gjc/freetype-2.1.5/src/type1/t1objs.c:232)
==2945==    by 0x4025FC9F: destroy_face
(/home/gjc/freetype-2.1.5/src/base/ftobjs.c:695)
==2945==    by 0x40260F79: FT_Done_Face
(/home/gjc/freetype-2.1.5/src/base/ftobjs.c:1838)
==2945==    by 0x40235DF9: FcFreeTypeQuery (fcfreetype.c:1054)
==2945==    by 0x40234E81: FcFileScanConfig (fcdir.c:117)
==2945==    by 0x40235256: FcDirScanConfig (fcdir.c:240)
==2945==    by 0x40235311: FcDirScan (fcdir.c:263)
==2945==    Address 0x1 is not stack'd, malloc'd or free'd
==2945==
Comment 2 Josselin Mouette 2004-02-22 04:24:15 UTC
This was indeed a Freetype bug, solved in 2.1.6.
Comment 3 Gustavo J. A. M. Carneiro 2004-02-22 12:11:22 UTC
  Yeah, works with 2.1.7 as well. Closing.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.