GNOME Bugzilla – Bug 471261
Crash in pango_ot_ruleset_add_feature
Last modified: 2015-08-31 20:25:48 UTC
Steps to reproduce: The bug happens right away when I start Pidgin. I compiled my own version of pidgin (2.1.1) and pango (1.18.1) along with glib (2.14.0) and gtk+ (2.10.14). Using this combination pidgin crashes on startup. I tried a bunch of combination of the libraries until I started poking through the code. My guess is an uninitialized "rules" variable in the ruleset in pango_ot_ruleset_add_feature(). The only way I can get pidgin to run correctly is by using pango version 1.16.4 and that will crash if I hover over a URL in a chat window. Stack trace:
+ Trace 158626
Other information:
Can you run under valgrind?
I'm guessing this is the part you're interested in. I'll attach the whole valgrind report in case its useful. I ran valgrind with these arguments, let me know if I should run it differently. --leak-check=full --show-reachable=yes --num-callers=20 --log-file=valgrind.log Snippet of report: ==20825== Invalid read of size 1 ==20825== at 0x4006A21: memcpy (mac_replace_strmem.c:394) ==20825== by 0x46F7F7E: g_array_append_vals (in /home/kdouglas/newbase/lib/libglib-2.0.so.0.1400.0) ==20825== by 0x188699: pango_ot_ruleset_add_feature (in /usr/lib/libpangoxft-1.0.so.0.200.5) ==20825== by 0x4897392: pango_ot_ruleset_new_for (in /home/kdouglas/newbase/lib/libpangoft2-1.0.so.0.1800.1) ==20825== by 0x489743B: pango_ot_ruleset_new_from_description (in /home/kdouglas/newbase/lib/libpangoft2-1.0.so.0.1800.1) ==20825== by 0x489712B: pango_ot_ruleset_get_for_description (in /home/kdouglas/newbase/lib/libpangoft2-1.0.so.0.1800.1) ==20825== by 0x58E1102: basic_engine_shape (in /home/kdouglas/newbase/lib/pango/1.6.0/modules/pango-basic-fc.so) ==20825== by 0x460D06E: _pango_engine_shape_shape (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1) ==20825== by 0x4621C0D: pango_shape (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1) ==20825== by 0x46146B3: shape_run (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1) ==20825== by 0x46148AD: process_item (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1) ==20825== by 0x4614F5B: process_line (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1) ==20825== by 0x4615853: pango_layout_check_lines (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1) ==20825== by 0x4613906: pango_layout_get_extents_internal (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1) ==20825== by 0x4613DF2: pango_layout_get_extents (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1) ==20825== by 0x488E160: pango_fc_font_create_metrics_for_context (in /home/kdouglas/newbase/lib/libpangoft2-1.0.so.0.1800.1) ==20825== by 0x45F2359: pango_cairo_fc_font_create_metrics_for_context (in /home/kdouglas/newbase/lib/libpangocairo-1.0.so.0.1800.1) ==20825== by 0x45EF204: _pango_cairo_font_get_metrics (in /home/kdouglas/newbase/lib/libpangocairo-1.0.so.0.1800.1) ==20825== by 0x4603EA7: pango_font_get_metrics (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1) ==20825== by 0x461661E: pango_layout_line_get_empty_extents (in /home/kdouglas/newbase/lib/libpango-1.0.so.0.1800.1) ==20825== Address 0xBEFF8000 is not stack'd, malloc'd or (recently) free'd
Created attachment 95061 [details] Valgrind Output Full valgrind output mentioned previously.
I don't see anything wrong in the code, and am running pidgin 2.1.1 with pango 1.18.1 successfully. Something phishy in your setup. No idea.
Apparently this is caused by a specific font. If you can reproduce, let us know which font it is. Thanks.
I believe this is obsolete. you should use harfbuzz directly nowadays to access ot functionality