GNOME Bugzilla – Bug 324831
Pango crash [pango_fc_font_real_get_glyph]
Last modified: 2006-01-26 20:52:59 UTC
I just upgraded to the lastest FC5-development RPMs, including: fontconfig-2.3.93-2 pango-1.11.1-2 Firefox now crashes on several pages. It looks like Pango is calling fontconfig with a null parameter, caused by face = PANGO_FC_FONT_LOCK_FACE (font) returning null: ------------ (gdb) thread apply all bt
+ Trace 64762
Thread 1 (Thread -1208592720 (LWP 3641))
511 FT_Face face; 512 FT_UInt index; 513 514 face = PANGO_FC_FONT_LOCK_FACE (font); 515 516 index = FcFreeTypeCharIndex (face, wc); 517 if (index > (FT_UInt)face->num_glyphs) 518 index = 0; 519 520 PANGO_FC_FONT_UNLOCK_FACE (font); (gdb) p font $2 = (PangoFcFont *) 0x8b181c8 (gdb) p *font $3 = {parent_instance = {parent_instance = {g_type_instance = {g_class = 0x86364a8}, ref_count = 6, qdata = 0x2}}, font_pattern = 0x8e38120, fontmap = 0x81f7840, priv = 0x8b182a0, matrix = {xx = 1, xy = 0, yx = 0, yy = 1, x0 = 0, y0 = 0}, description = 0x8d28ca8, metrics_by_lang = 0x0, is_hinted = 0, is_transformed = 0}
Is anyone looking at this? I can't visit certain web pages currently, and can't open Evolution Contacts or certain mail folders that contain mail with CYK characters. I think this bug was introduced in the recent Pango optimization efforts. See also Bug 324835, probably a dup.
Are you using Firefox from rawhide too? The crash has nothing to do with the optimization stuff, it's just that you are running pango+cairo now. Update to pango from CVS HEAD and latest fontconfig (CVS fc-2.4_branch) and see if you can still reproduce the problem. If you can, some gdb help is needed, otherwise there's not much that we can do without reproducing the problem. Most probably you have a weird font around...
Yes, it is Firefox from rawhide, but also Evolution from rawhide crashes. In both cases PANGO_FC_FONT_LOCK_FACE appears to be returning null. What does that indicate? I'm guessing it should never return null, because some code I looked at in both Firefox and Evolution definitely doesn't check for a null return value. So the problem is likely to be in Pango, Freetype or fontconfig, not in Firefox or Evolution. I am willing to set breakpoints an step through code as much as needed to debug and fix the problem, please leave instructions as to what you want me to trace through if that is possible. However I am not set up on this system to download and compile CVS versions of packages.
Ubuntu bug about that with evolution, gdm: https://launchpad.net/distros/ubuntu/+source/gdm/+bug/6119 https://launchpad.net/distros/ubuntu/+source/evolution/+bug/5967
*** Bug 326933 has been marked as a duplicate of this bug. ***
Somebody really need to invest some time into this issue. Most probably it's not like something that will be fixed with a two-line patch. Fonts all across the cairo backend need to be checked for nullity before they reach critical points that can crash...
Created attachment 57521 [details] gedit backtrace file in pango-1.11.2-1, fontconfig-2.3.93-3 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176409 in pango-1.11.1 See Also : https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177591
Created attachment 57522 [details] gvim backtrace file in pango-1.11.2, fontconfig-2.3.93 gvim 6.4.006-1
ok. Using OpenType font(otf), this problem ( comment 7, 8 ) happens. After downgrading fontcontconfig, select TrueType font(ttf) in gnoem-font-properties. And Updating fontconfig to 2.3.93 again. Execute gtk2 programs. this problem doesn't happen. Only using OpenType font(otf) on gtk2, this bug seem to happens in (fontconfig 2.3.93, pango 1.11.1, 1.11.2).
I think Bedhad's point in comment 6 was that it is very possible that this problem is potentially widespread, and that this will require an audit of the Cairo-Pango layer -- specific crashes may be fixed in any given version, but it is possible that there is more than one potential crash if null pointers are not checked for everywhere that is needed. (Did I read that right?)
This problem was fixed in fontconfig-2.3.93.cvs20060124-1. See Also : https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177904
*** Bug 324835 has been marked as a duplicate of this bug. ***
Re. comment #11: I can confirm that this does appear fixed in fontconfig-2.3.93.cvs20060124-1. (At least I can't make it crash now in the three or so test cases that had 100% reproducibility.)
I reviewed the pangocairo code. There's nothing that can be fixed in Pango. If this happens, it's either a cairo, a fontconfig, or a FreeType bug. The first two most probably. Specially, fontconfig 2.3.* are known to have lots of problems causing crashes, and cairo has it's own bugs, mostly hidden in the less-tested paths, like rendering bitmap fonts that I found a crashing bug and reported last night... Anyway. I'm going to close this for now. If someone can reproduce with an old (2.2ish) fontconfig, or with next beta relese, reopen. Thanks for all the reports by the way.