GNOME Bugzilla – Bug 604128
Applications crash when displaying Hebrew characters
Last modified: 2010-06-14 22:08:22 UTC
Created attachment 149391 [details] Claws Mail backtrace Hi. Some applications (mainly Claws Mail and XChat) have been crashing when trying to display what appear to be Hebrew characters while a certain font is installed. Claws Mail crashes when loading this email message: http://lists.freebsd.org/pipermail/freebsd-multimedia/2009-December/010555.html XChat crashed when someone sent a message with similar Hebrew characters, and also when loading the channel log for the scrollback feature which contains that message. I have narrowed it down to one font that I had in ~/.fonts/ which was being used in an image creation. The font is called "Graffogie" (http://www.dafont.com/graffogie.font). With that font removed, Claws and XChat no longer crash on those operations. I have attached backtraces for both crashes. Also, the Inkscape graphics editor was crashing with a very similar backtrace when using the font selector for a text box. Even with a completely empty ~/.fonts/ directory, Inkscape still crashes but with a different backtrace so I am including that as well just in case it is related. Thanks in advance, -Mark pango-1.26.1 FreeBSD 8.0-STABLE amd64
Created attachment 149392 [details] XChat backtrace
Created attachment 149393 [details] Inkscape backtrace
Works fine here. 1) can you reproduce with gedit? 2) please install debuginfo and attach a new backtrace. Thanks.
Created attachment 149541 [details] gedit backtrace Hi. Yes, I can reproduce it with gedit by loading the XChat channel log with those characters in it. Attached is a backtrace for gedit which should have all the debugging symbols as requested. Thanks, -Mark
Hi it seems like this issue is not Hebrew specific, but rather font specific I've applications crashing with similar backtrace on opentype tahoma font taken from Windows 7, no problems since I've removed tahoma. pango-1.26.2 FreeBSD 8.0-RELEASE-p2/amd64
Created attachment 154105 [details] [review] make _try_make_writable_inplace_unix_locked 64-bit clean http://git.gnome.org/browse/pango/tree/pango/opentype/hb-blob.c?id=ee573c4e722c8ef7aff41c6cc98eaeab1ac57aec#n246 unsigned int should probably be size_t (or uintptr_t). On my amd64 FreeBSD 8.0-RELEASE machine, the blob's data is sometimes stored above what's addressable by a 32-bit integer. When mask is ANDed with the blob's data pointer, mask is padded with zeroes (on my machine, this results in the mask being equivalent to 00000000fffff000, not fffffffffffff000), so the page alignment done in _try_make_writable_inplace_unix_locked destroys the pointer passed to mprotect. This (tiny!) patch allows the sanitizer to run without exploding on Windows 7's tahoma.ttf. Additionally, I think it addresses Mark Kane's issue; Mark linked to a freebsd-multimedia message containing Hebrew characters. I installed Graffogie--I'm able to use pango-view to view a text file containing these Hebrew characters after applying the patch; before applying the patch, pango-view crashed.
*** Bug 610272 has been marked as a duplicate of this bug. ***
Fixed by switching to uintptr_t. Thanks!
*** Bug 621447 has been marked as a duplicate of this bug. ***