[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Devel] [BUG] freetype2 CVS/HEAD: crash in FT_Get_Name_Index (ftobjs.c:2
|
From: |
Melchior FRANZ |
|
Subject: |
[Devel] [BUG] freetype2 CVS/HEAD: crash in FT_Get_Name_Index (ftobjs.c:2407) |
|
Date: |
Thu, 8 Apr 2004 13:10:45 +0200 |
|
User-agent: |
KMail/1.6.51 |
Some applications crash for me with a bt like this:
$ gdb ../../../programs/mkfontscale/mkfontscale core.mkfontscale.21662
...
Core was generated by `../../../programs/mkfontscale/mkfontscale .'.
Program terminated with signal 11, Segmentation fault.
...
Reading symbols from /usr/X11R6/lib/libfontenc.so.1...done.
Loaded symbols for /usr/X11R6/lib/libfontenc.so.1
Reading symbols from /usr/lib/libfreetype.so.6...done.
Loaded symbols for /usr/lib/libfreetype.so.6
Reading symbols from /lib/libz.so.1...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib/i686/libc.so.6...done.
Loaded symbols for /lib/i686/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0 0x74732d65 in ?? ()
(gdb) bt
#0 0x74732d65 in ?? ()
#1 0x4005d01f in FT_Get_Name_Index (face=0x80588a0, glyph_name=0x80766f8
"space") at ftobjs.c:2407
#2 0x0804b1be in checkEncoding (face=0x80588a0, encoding_name=0x80766f8
"space") at mkfontscale.c:1025
#3 0x0804aa93 in doDirectory (dirname_given=0x805662b "l048013t.pfa",
numEncodings=0, encodingsToDo=0x0)
at mkfontscale.c:912
#4 0x08049549 in main (argc=2, argv=0xbfffefc4) at mkfontscale.c:264
(gdb) up
#1 0x4005d01f in FT_Get_Name_Index (face=0x80588a0, glyph_name=0x80766f8
"space") at ftobjs.c:2407
2407 result = service->name_index( face, glyph_name );
(gdb) list
2402 FT_FACE_LOOKUP_SERVICE( face,
2403 service,
2404 GLYPH_DICT );
2405
2406 if ( service && service->name_index )
2407 result = service->name_index( face, glyph_name );
2408 }
2409
2410 return result;
2411 }
(gdb) print face
$1 = 0x80588a0
(gdb) print *face
$2 = {num_faces = 1, face_index = 0, face_flags = 529, style_flags = 0,
num_glyphs = 310,
family_name = 0x8062a48 "Luxi Sans", style_name = 0x806a51a "Regular",
num_fixed_sizes = 0,
available_sizes = 0x0, num_charmaps = 2, charmaps = 0x806a5c8, generic =
{data = 0x0, finalizer = 0}, bbox = {
xMin = -215, yMin = -211, xMax = 988, yMax = 993}, units_per_EM = 1000,
ascender = 993, descender = -211,
height = 1444, max_advance_width = 1015, max_advance_height = 1444,
underline_position = -1,
underline_thickness = 0, glyph = 0x8057fc8, size = 0x806a378, charmap =
0x80624c0, driver = 0x8055358,
memory = 0x804f050, stream = 0x806dbf0, sizes_list = {head = 0x806a3a8, tail
= 0x806a3a8}, autohint = {
data = 0x0, finalizer = 0}, extensions = 0x0, internal = 0x8062a10}
(gdb) print glyph_name
$3 = (FT_String *) 0x80766f8 "space"
(gdb) print *glyph_name
$4 = 115 's'
The valgrind debugger (http://valgrind.kde.org/) says:
==25130== Conditional jump or move depends on uninitialised value(s)
==25130== at 0x3C06BFF2: FT_Get_Name_Index (ftobjs.c:2406)
==25130== by 0x804B1BD: checkEncoding (mkfontscale.c:1025)
==25130== by 0x804AA92: doDirectory (mkfontscale.c:912)
==25130== by 0x8049548: main (mkfontscale.c:264)
==25130==
==25130== Use of uninitialised value of size 4
==25130== at 0x3C06BFF4: FT_Get_Name_Index (ftobjs.c:2406)
==25130== by 0x804B1BD: checkEncoding (mkfontscale.c:1025)
==25130== by 0x804AA92: doDirectory (mkfontscale.c:912)
==25130== by 0x8049548: main (mkfontscale.c:264)
==25130==
==25130== Use of uninitialised value of size 4
==25130== at 0x3C06C01C: FT_Get_Name_Index (ftobjs.c:2407)
==25130== by 0x804B1BD: checkEncoding (mkfontscale.c:1025)
==25130== by 0x804AA92: doDirectory (mkfontscale.c:912)
==25130== by 0x8049548: main (mkfontscale.c:264)
==25130==
==25130== Jump to the invalid address stated on the next line
==25130== at 0x74732D65: ???
==25130== by 0x804B1BD: checkEncoding (mkfontscale.c:1025)
==25130== by 0x804AA92: doDirectory (mkfontscale.c:912)
==25130== by 0x8049548: main (mkfontscale.c:264)
==25130== Address 0x74732D65 is not stack'd, malloc'd or free'd
==25130==
==25130== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==25130== Bad permissions for mapped region at address 0x74732D65
==25130== at 0x74732D65: ???
==25130== by 0x804B1BD: checkEncoding (mkfontscale.c:1025)
==25130== by 0x804AA92: doDirectory (mkfontscale.c:912)
==25130== by 0x8049548: main (mkfontscale.c:264)
The first entry ("conditional jump") is especially worrying.
Attaching gdb from valgrind to the first warning (that's before
the crash happens):
==26305== Conditional jump or move depends on uninitialised value(s)
==26305== at 0x3C06C878: FT_Get_Name_Index (ftobjs.c:2375)
==26305== by 0x804B1BD: checkEncoding (mkfontscale.c:1025)
==26305== by 0x804AA92: doDirectory (mkfontscale.c:912)
==26305== by 0x8049548: main (mkfontscale.c:264)
0x3c06c878 in FT_Get_Name_Index (face=0x3c213a70,
glyph_name=0x3c0c4660
".\224\n<¦\224\n<þ\224\n<+g\n<lh\n<\235g\n<\f\225\n<`\225\n<\222Î\n<hF\f<\207Î\n<`F\f<$Ï\n<£æ\n<\vÏ\n<xF\f<ñÎ\n<lF\f<")
at ftobjs.c:2375
2375 if ( service && service->name_index )
(gdb) bt
#0 0x3c06c878 in FT_Get_Name_Index (face=0x3c213a70,
glyph_name=0x3c0c4660
".\224\n<¦\224\n<þ\224\n<+g\n<lh\n<\235g\n<\f\225\n<`\225\n<\222Î\n<hF\f<\207Î\n<`F\f<$Ï\n<£æ\n<\vÏ\n<xF\f<ñÎ\n<lF\f<")
at ftobjs.c:2375
#1 0x0804b1be in checkEncoding (face=0x3c213a70,
encoding_name=0x3c0c4660
".\224\n<¦\224\n<þ\224\n<+g\n<lh\n<\235g\n<\f\225\n<`\225\n<\222Î\n<hF\f<\207Î\n<`F\f<$Ï\n<£æ\n<\vÏ\n<xF\f<ñÎ\n<lF\f<")
at mkfontscale.c:1025
#2 0x0804aa93 in doDirectory (dirname_given=0x3c21252b "l047033t.pfa",
numEncodings=0, encodingsToDo=0x0)
at mkfontscale.c:912
#3 0x08049549 in main (argc=2, argv=0x4fffdf74) at mkfontscale.c:264
Ohh ... doesn't look good ...
(gdb) frame 0
#0 0x3c06c878 in FT_Get_Name_Index (face=0x3c213a70,
glyph_name=0x3c0c4660
".\224\n<¦\224\n<þ\224\n<+g\n<lh\n<\235g\n<\f\225\n<`\225\n<\222Î\n<hF\f<\207Î\n<`F\f<$Ï\n<£æ\n<\vÏ\n<xF\f<ñÎ\n<lF\f<")
at ftobjs.c:2375
2375 if ( service && service->name_index )
(gdb) list
2370
2371 FT_FACE_LOOKUP_SERVICE( face,
2372 service,
2373 GLYPH_DICT );
2374
2375 if ( service && service->name_index )
2376 result = service->name_index( face, glyph_name );
2377 }
2378
2379 return result;
(gdb) print service
$1 = 0x3c213a70
(gdb) print *service
$2 = {get_name = 0x1, name_index = 0}
(gdb) print face
$3 = 0x3c213a70
(gdb) print *face
$4 = {num_faces = 1, face_index = 0, face_flags = 533, style_flags = 1,
num_glyphs = 310,
family_name = 0x3c213d48 "Luxi Mono", style_name = 0x3c214782 "Oblique",
num_fixed_sizes = 0,
available_sizes = 0x0, num_charmaps = 2, charmaps = 0x3c23c690, generic =
{data = 0x0, finalizer = 0}, bbox = {
xMin = -15, yMin = -211, xMax = 758, yMax = 993}, units_per_EM = 1000,
ascender = 993, descender = -211,
height = 1444, max_advance_width = 600, max_advance_height = 1444,
underline_position = -36,
underline_thickness = 72, glyph = 0x3c23c6c8, size = 0x3c3298b8, charmap =
0x3c23c2d0, driver = 0x3c211118,
memory = 0x3c20ac60, stream = 0x3c290ca0, sizes_list = {head = 0x3c23c830,
tail = 0x3c23c830}, autohint = {
data = 0x0, finalizer = 0}, extensions = 0x0, internal = 0x3c214710}
From here debugging becomes quite inconvenient, due to macro hell.
It appears that FT_FACE_LOOKUP_SERVICE hasn't returned a valid "service".
The FT_FACE_LOOKUP_SERVICE macro is also where the crash had happened.
The funny (and ugly) thing is, that when I add a single line to the
macro, the crash doesn't occur any more:
Index: include/freetype/internal/ftserv.h
===================================================================
RCS file: /cvs/freetype/freetype2/include/freetype/internal/ftserv.h,v
retrieving revision 1.13
diff -u -p -r1.13 ftserv.h
--- ftserv.h 2003/12/17 14:28:22 1.13
+++ ftserv.h 2004/04/08 11:06:01
@@ -218,6 +218,7 @@ FT_BEGIN_HEADER
: FT_SERVICE_UNAVAILABLE ); \
} \
*pptr = svc; \
+ printf("");\
FT_END_STMNT
I can't make any sense out of this bug, but I'm happy to answer all
questions and try out things, if you give advice.
m.
System: Linux 2.6.5 on x86
gcc 3.3.1 (SuSE Linux)
XFree86 4.4rc2
freetype2 and fontconfig from their respective CVS (HEAD)
- [Devel] [BUG] freetype2 CVS/HEAD: crash in FT_Get_Name_Index (ftobjs.c:2407),
Melchior FRANZ <=