Bug 107531 - Segmentation fault in FcFontMatch when attempting to render emoji
Summary: Segmentation fault in FcFontMatch when attempting to render emoji
Status: RESOLVED MOVED
Alias: None
Product: fontconfig
Classification: Unclassified
Component: fc-match (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: fontconfig-bugs
QA Contact: Behdad Esfahbod
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-09 00:13 UTC by Alexander Krotov
Modified: 2018-08-20 21:49 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
A program to reproduce segmentation fault (1001 bytes, text/x-csrc)
2018-08-09 00:13 UTC, Alexander Krotov 		Details
View All

Description Alexander Krotov 2018-08-09 00:13:44 UTC 
Created attachment 141016 [details]
A program to reproduce segmentation fault

dwm, dmenu and st (from https://suckless.org/) are known to segfault when trying to render emoji.

I have reduced dmenu segfault down to a simple program that reproduces the bug.

To reproduce, compile the program attached with

gcc bug.c -lX11 -lXft -I /usr/include/freetype2 -lfontconfig

and run.

Backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7821e71 in ?? () from /usr/lib/x86_64-linux-gnu/libfontconfig.so.1
(gdb) bt
#0  0x00007ffff7821e71 in ?? () from /usr/lib/x86_64-linux-gnu/libfontconfig.so.1
#1  0x00007ffff7821fc8 in ?? () from /usr/lib/x86_64-linux-gnu/libfontconfig.so.1
#2  0x00007ffff7823028 in FcConfigSubstituteWithPat () from /usr/lib/x86_64-linux-gnu/libfontconfig.so.1
#3  0x00007ffff78329dd in FcFontRenderPrepare () from /usr/lib/x86_64-linux-gnu/libfontconfig.so.1
#4  0x00007ffff7832fc4 in FcFontMatch () from /usr/lib/x86_64-linux-gnu/libfontconfig.so.1
#5  0x000055555555531c in main ()

Software versions:

$ cat /etc/debian_version
buster/sid

$ apt show fontconfig
Package: fontconfig
Version: 2.13.0-5
Comment 1 Alexander Krotov 2018-08-09 00:20:14 UTC 
Also, it is a null pointer dereference:

(gdb) x/i $rip
=> 0x7ffff7821e71:      movzwl (%rcx),%ebx
(gdb) p $rcx
$1 = 0

Fontconfig has quite a lot of null pointer dereference fixes since release, so maybe you just need to package a new release:
https://cgit.freedesktop.org/fontconfig/log/
Comment 2 Akira TAGOH 2018-08-09 04:51:18 UTC 
try git first. I can't reproduce this issue with even pure 2.13.0. so I'm not sure if this is fixed by those fixes.
Comment 3 Alexander Krotov 2018-08-09 08:47:35 UTC 
I also can't reproduce it on Ubuntu, with 2.12.6 fontconfig. Will try to install debug symbols and see what happened then.
Comment 4 GitLab Migration User 2018-08-20 21:49:42 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/fontconfig/fontconfig/issues/71.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.