GNOME Bugzilla – Bug 129741
render_syllable crash at hangul-fc.c:249
Last modified: 2004-12-22 21:47:04 UTC
I was reading the comp.os.linux.announce newsgroup and found that my newsreader 'pan' was crashing in pango code whenever i loaded the newsgroup. I rebuilt pango with debugging enabled and here is the crash: core ~% gdb pan GNU gdb 5.3 Copyright 2002 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu"...(no debugging symbols found)...(gdb) r Starting program: /usr/local/bin/pan [New Thread 16384 (LWP 29194)] [New Thread 32769 (LWP 29195)] [New Thread 16386 (LWP 29196)] [New Thread 32771 (LWP 29197)] [New Thread 49156 (LWP 29198)] [New Thread 65541 (LWP 29199)] [New Thread 81926 (LWP 29200)] [New Thread 98311 (LWP 29201)] [New Thread 114696 (LWP 29204)] Program received signal SIGSEGV, Segmentation fault.
+ Trace 42799
Thread 16384 (LWP 29194)
$1 = 0 (gdb) print jindex $2 = 7936 (gdb) print __jamo_to_ksc5601[jindex] Cannot access memory at address 0x40bc81c0 Looks like we've walked off the end of the array ? This is 100% reproduceable (well right now anyhow until i guess the article expires, so am looking for a quick fix since i can test easily)
More debugging. Looks like __jamo_to_ksc5601[][] is [0x100][3], so only 256x3 long, though our jindex is 7936 - so definetly walking off the end of the array. From the source jindex is calculated as jindex = text[i] - LBASE; and (gdb) p i $13 = 3 (gdb) print text[3] $16 = 12288 (gdb) print text[3]-0x1100 $17 = 7936 maybe we should change for (j = 0; j < 3 && (__jamo_to_ksc5601[jindex][j] != 0); j++) to for (j = 0; jindex < 0x100 && j < 3 && (__jamo_to_ksc5601[jindex][j] != 0); j++) Probably a good check to have even if 'pan' is passing us duff unicode text.
*** Bug 134264 has been marked as a duplicate of this bug. ***
I don't know if this is relevant, but this happens regardless of my character-set... I don't get a lot of mail in non-latin alphabets... this crashes a variety of other applications, too. Thanks for looking into this!
Upgrading from fontconfig 2.2.1-58 to fontconfig 2.2.1-58.ximian.8.2 seems to have fixed my problem, although I'm not sure why.
Mitch, are you still seeing this?
This has nothing to do with fontconfig except coincidentally. I think we have sufficient information to come up with a patch from the above.
Yup i'm still here... Mitch
*** Bug 137396 has been marked as a duplicate of this bug. ***
My dupe is on Solaris 8, so should OS be "all"?
Once we have a diagnosis on the bug as we do here, the OS field is really completely irrelevant :-)
This is causing major problems in Evolution too. See http://bugzilla.ximian.com/show_bug.cgi?id=53592 (21 duplicates)
Sorry for the long delay. But I still don't understand why this happened. Please help if anyone can. Why was U+3000 (text[3] = 12288) put into hangul module? It's definitely out of the range of hangul module.
Not sure offhand what U+3000 is, but with Pango-1.4 all modules basically should be capable of handling any input Unicode character; while the Hangul shaper isn't going to get Han characters or roman characters in the normal case, it will get spaces, punctuation, combining marks if they are supported by the font. This is to: - Allow shapers to to do necessary tasks with control characters like ZWJ/ZWNJ/variant selectors - Make sure that combining marks go to the right font - Improve performance by not doing things like putting spaces in different runs than words. The Hangul module can do very simple fallback rendering of such characters, but it does need to handle them.
I see. It also explains bug 137347.
I believe it was fixed in CVS now. 2004-04-18 Changwoo Ryu <cwryu@debian.org> * modules/hangul/hangul-defs.h (IS_JAMO): * modules/hangul/hangul-fc.c (hangul_engine_shape, render_basic): handle non-Hangul unicode chars, fixes #129741, #137347.
*** Bug 138446 has been marked as a duplicate of this bug. ***
*** Bug 145164 has been marked as a duplicate of this bug. ***
Please consider a 1.4.1 release with this fixed ASAP. People are now being crashed from remote when using XChat with a single line of Korean text.
*** Bug 145662 has been marked as a duplicate of this bug. ***
*** Bug 146480 has been marked as a duplicate of this bug. ***
*** Bug 146771 has been marked as a duplicate of this bug. ***
*** Bug 147289 has been marked as a duplicate of this bug. ***
*** Bug 146984 has been marked as a duplicate of this bug. ***
*** Bug 147007 has been marked as a duplicate of this bug. ***
*** Bug 147088 has been marked as a duplicate of this bug. ***
*** Bug 148945 has been marked as a duplicate of this bug. ***
*** Bug 157478 has been marked as a duplicate of this bug. ***