GNOME Bugzilla – Bug 744118
PANGO_WRAP_WORD_CHAR unreliable
Last modified: 2015-02-26 17:08:22 UTC
Using PANGO_WRAP_WORD_CHAR can wrap lines inside a single grapheme as the is_char_break field is read as uninitialised memory. diff --git a/pango/break.c b/pango/break.c index 1f4aafd..5b2e489 100644 --- a/pango/break.c +++ b/pango/break.c @@ -917,6 +917,7 @@ pango_default_break (const gchar *text, g_assert (prev_break_type != G_UNICODE_BREAK_SPACE); + attrs[i].is_char_break = FALSE; attrs[i].is_line_break = FALSE; attrs[i].is_mandatory_break = FALSE;
Created attachment 296317 [details] help to find bug $ make pango-test && ./pango-test g++ -o pango-test -pthread -I/usr/local/include/pango-1.0 -I/usr/include/cairo -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng16 -I/usr/include/freetype2 -I/usr/include/libdrm -I/usr/include/libpng16 -I/usr/lib/jvm/java-1.8.0-openjdk/include -I/usr/lib/jvm/java-1.8.0-openjdk/include/linux -Inowide -I../../../flatbuffers/include -std=c++1y -MMD -O3 -Wall -g -L/usr/local/lib -lpangocairo-1.0 -lpango-1.0 -lgobject-2.0 -lglib-2.0 -lcairo -lpcre -lpcrecpp pango-test.cpp oops, we split the A from it's accent at offset 40 $ valgrind ./pango-test ==29244== Memcheck, a memory error detector ==29244== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==29244== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==29244== Command: ./pango-test ==29244== ==29244== Conditional jump or move depends on uninitialised value(s) ==29244== at 0x3654A1E2DB: process_item (pango-layout.c:3475) ==29244== by 0x3654A20915: process_line (pango-layout.c:3704) ==29244== by 0x3654A20915: pango_layout_check_lines (pango-layout.c:4027) ==29244== by 0x3654A22F47: pango_layout_get_iter (pango-layout.c:5681) ==29244== by 0x4010A6: do_layout(unsigned int) (pango-test.cpp:59) ==29244== by 0x400E11: main (pango-test.cpp:85) ==29244== oops, we split the A from it's accent at offset 235 ==29244== ==29244== HEAP SUMMARY: ==29244== in use at exit: 7,648,617 bytes in 41,756 blocks ==29244== total heap usage: 306,107 allocs, 264,351 frees, 28,315,562 bytes allocated ==29244== ==29244== LEAK SUMMARY: ==29244== definitely lost: 240,696 bytes in 977 blocks ==29244== indirectly lost: 6,977,526 bytes in 35,730 blocks ==29244== possibly lost: 10,710 bytes in 108 blocks ==29244== still reachable: 418,261 bytes in 4,934 blocks ==29244== suppressed: 0 bytes in 0 blocks ==29244== Rerun with --leak-check=full to see details of leaked memory ==29244== ==29244== For counts of detected and suppressed errors, rerun with: -v ==29244== Use --track-origins=yes to see where uninitialised values come from ==29244== ERROR SUMMARY: 100385 errors from 1 contexts (suppressed: 0 from 0)
valgrind tells you where: pango-layout.c:3475 see my initial patch for a fix
Created attachment 296319 [details] a better program
Oh wow! I remember seeing that valgrind error forever and never figuring out the root. Thanks.