Bug 471261 - Crash in pango_ot_ruleset_add_feature
Crash in pango_ot_ruleset_add_feature
Status: RESOLVED OBSOLETE
Product: pango
Classification: Platform
Component: general
1.18.x
Other All
: Normal critical
: ---
Assigned To: pango-maint
pango-maint
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2007-08-28 19:12 UTC by Kevin
Modified: 2015-08-31 20:25 UTC (History)
2 users (show)

See Also:
GNOME target: ---
GNOME version: Unversioned Enhancement

Attachments
Valgrind Output (262.06 KB, text/plain)
2007-09-06 14:45 UTC, Kevin 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Kevin 2007-08-28 19:12:06 UTC 
Steps to reproduce:
The bug happens right away when I start Pidgin.  I compiled my own version of pidgin (2.1.1) and pango (1.18.1) along with glib (2.14.0) and gtk+ (2.10.14).  Using this combination pidgin crashes on startup.  I tried a bunch of combination of the libraries until I started poking through the code.  My guess is an uninitialized "rules" variable in the ruleset in pango_ot_ruleset_add_feature().

The only way I can get pidgin to run correctly is by using pango version 1.16.4 and that will crash if I hover over a URL in a chat window.

Stack trace:

+ Trace 158626

  • #0 memcpy
    from /lib/tls/libc.so.6
  • #1 g_array_append_vals
    from /home/username/newbase/lib/libglib-2.0.so.0
  • #2 pango_ot_ruleset_add_feature
    from /usr/lib/libpangoxft-1.0.so.0
  • #3 pango_ot_ruleset_new_for
    from /home/username/newbase/lib/libpangoft2-1.0.so.0
  • #4 pango_ot_ruleset_new_from_description
    from /home/username/newbase/lib/libpangoft2-1.0.so.0
  • #5 pango_ot_ruleset_get_for_description
    from /home/username/newbase/lib/libpangoft2-1.0.so.0
  • #6 basic_engine_shape
    from /home/username/newbase/lib/pango/1.6.0/modules/pango-basic-fc.so
  • #7 _pango_engine_shape_shape
    from /home/username/newbase/lib/libpango-1.0.so.0
  • #8 pango_shape
    from /home/username/newbase/lib/libpango-1.0.so.0
  • #9 shape_run
    from /home/username/newbase/lib/libpango-1.0.so.0
  • #10 process_item
    from /home/username/newbase/lib/libpango-1.0.so.0
  • #11 process_line
    from /home/username/newbase/lib/libpango-1.0.so.0
  • #12 pango_layout_check_lines
    from /home/username/newbase/lib/libpango-1.0.so.0
  • #13 pango_layout_get_extents_internal
    from /home/username/newbase/lib/libpango-1.0.so.0
  • #14 pango_layout_get_extents
    from /home/username/newbase/lib/libpango-1.0.so.0
  • #15 pango_fc_font_create_metrics_for_context
    from /home/username/newbase/lib/libpangoft2-1.0.so.0
  • #16 pango_cairo_fc_font_create_metrics_for_context
    from /home/username/newbase/lib/libpangocairo-1.0.so.0
  • #17 _pango_cairo_font_get_metrics
    from /home/username/newbase/lib/libpangocairo-1.0.so.0
  • #18 pango_font_get_metrics
    from /home/username/newbase/lib/libpango-1.0.so.0
  • #19 pango_layout_line_get_empty_extents
    from /home/username/newbase/lib/libpango-1.0.so.0
  • #20 pango_layout_line_get_extents
    from /home/username/newbase/lib/libpango-1.0.so.0
  • #21 get_line_extents_layout_coords
    from /home/username/newbase/lib/libpango-1.0.so.0
  • #22 pango_layout_get_extents_internal
    from /home/username/newbase/lib/libpango-1.0.so.0
  • #23 pango_layout_get_extents
    from /home/username/newbase/lib/libpango-1.0.so.0
  • #24 gtk_text_layout_get_line_display
    from /home/username/newbase/lib/libgtk-x11-2.0.so.0
  • #25 gtk_text_layout_real_wrap
    from /home/username/newbase/lib/libgtk-x11-2.0.so.0
  • #26 gtk_text_layout_wrap
    from /home/username/newbase/lib/libgtk-x11-2.0.so.0
  • #27 _gtk_text_btree_validate_line
    from /home/username/newbase/lib/libgtk-x11-2.0.so.0
  • #28 gtk_text_layout_validate_yrange
    from /home/username/newbase/lib/libgtk-x11-2.0.so.0
  • #29 gtk_text_view_validate_onscreen
    from /home/username/newbase/lib/libgtk-x11-2.0.so.0
  • #30 gtk_text_view_value_changed
    from /home/username/newbase/lib/libgtk-x11-2.0.so.0
  • #31 gtk_text_view_set_scroll_adjustments
    from /home/username/newbase/lib/libgtk-x11-2.0.so.0
  • #32 _gtk_marshal_VOID__OBJECT_OBJECT
    from /home/username/newbase/lib/libgtk-x11-2.0.so.0
  • #33 g_type_class_meta_marshal
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #34 g_closure_invoke
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #35 signal_emit_unlocked_R
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #36 g_signal_emit_valist
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #37 g_signal_emit
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #38 gtk_widget_set_scroll_adjustments
    from /home/username/newbase/lib/libgtk-x11-2.0.so.0
  • #39 gtk_scrolled_window_add
    from /home/username/newbase/lib/libgtk-x11-2.0.so.0
  • #40 g_cclosure_marshal_VOID__OBJECT
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #41 g_type_class_meta_marshal
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #42 g_closure_invoke
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #43 signal_emit_unlocked_R
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #44 g_signal_emit_valist
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #45 g_signal_emit
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #46 gtk_container_add
    from /home/username/newbase/lib/libgtk-x11-2.0.so.0
  • #47 pidgin_create_imhtml
    at gtkutils.c line 203
  • #48 pidgin_status_box_init
    at gtkstatusbox.c line 1766
  • #49 g_type_create_instance
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #50 g_object_constructor
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #51 g_object_newv
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #52 g_object_new_valist
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #53 g_object_new
    from /home/username/newbase/lib/libgobject-2.0.so.0
  • #54 pidgin_status_box_new
    at gtkstatusbox.c line 1995
  • #55 pidgin_blist_show
    at gtkblist.c line 4557
  • #56 purple_blist_show
    at blist.c line 705
  • #57 main
    at gtkmain.c line 820 


Other information:
Comment 1 Behdad Esfahbod 2007-08-29 02:43:08 UTC 
Can you run under valgrind?
Comment 2 Kevin 2007-09-06 14:44:28 UTC 
I'm guessing this is the part you're interested in.  I'll attach the whole valgrind report in case its useful.  I ran valgrind with these arguments, let me know if I should run it differently.

--leak-check=full
--show-reachable=yes
--num-callers=20
--log-file=valgrind.log

Snippet of report:

==20825== Invalid read of size 1
==20825==    at 0x4006A21: memcpy (mac_replace_strmem.c:394)
==20825==    by 0x46F7F7E: g_array_append_vals (in /home/kdouglas/newbase/lib/libglib-2.0.so.0.1400.0)
==20825==    by 0x188699: pango_ot_ruleset_add_feature (in /usr/lib/libpangoxft-1.0.so.0.200.5)
==20825==    by 0x4897392: pango_ot_ruleset_new_for (in /home/kdouglas/newbase/lib/libpangoft2-1.0.so.0.1800.1)
==20825==    by 0x489743B: pango_ot_ruleset_new_from_description (in /home/kdouglas/newbase/lib/libpangoft2-1.0.so.0.1800.1)
==20825==    by 0x489712B: pango_ot_ruleset_get_for_description (in /home/kdouglas/newbase/lib/libpangoft2-1.0.so.0.1800.1)
==20825==    by 0x58E1102: basic_engine_shape (in /home/kdouglas/newbase/lib/pango/1.6.0/modules/pango-basic-fc.so)
==20825==    by 0x460D06E: _pango_engine_shape_shape (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1)
==20825==    by 0x4621C0D: pango_shape (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1)
==20825==    by 0x46146B3: shape_run (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1)
==20825==    by 0x46148AD: process_item (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1)
==20825==    by 0x4614F5B: process_line (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1)
==20825==    by 0x4615853: pango_layout_check_lines (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1)
==20825==    by 0x4613906: pango_layout_get_extents_internal (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1)
==20825==    by 0x4613DF2: pango_layout_get_extents (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1)
==20825==    by 0x488E160: pango_fc_font_create_metrics_for_context (in /home/kdouglas/newbase/lib/libpangoft2-1.0.so.0.1800.1)
==20825==    by 0x45F2359: pango_cairo_fc_font_create_metrics_for_context (in /home/kdouglas/newbase/lib/libpangocairo-1.0.so.0.1800.1)
==20825==    by 0x45EF204: _pango_cairo_font_get_metrics (in /home/kdouglas/newbase/lib/libpangocairo-1.0.so.0.1800.1)
==20825==    by 0x4603EA7: pango_font_get_metrics (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1)
==20825==    by 0x461661E: pango_layout_line_get_empty_extents (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1)
==20825==  Address 0xBEFF8000 is not stack'd, malloc'd or (recently) free'd
Comment 3 Kevin 2007-09-06 14:45:23 UTC 
Created attachment 95061 [details]
Valgrind Output

Full valgrind output mentioned previously.
Comment 4 Behdad Esfahbod 2007-09-07 02:19:24 UTC 
I don't see anything wrong in the code, and am running pidgin 2.1.1 with pango 1.18.1 successfully.  Something phishy in your setup.  No idea.
Comment 5 Behdad Esfahbod 2007-11-20 05:02:42 UTC 
Apparently this is caused by a specific font.  If you can reproduce, let us know which font it is.  Thanks.
Comment 6 Matthias Clasen 2015-08-31 20:25:48 UTC 
I believe this is obsolete. you should use harfbuzz directly nowadays to access ot functionality
Note You need to log in before you can comment on or make changes to this bug.