Re: [Devel] KDE crashes, was: 2.4.3-3mdk and VIA

freetype-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Devel] KDE crashes, was: 2.4.3-3mdk and VIA

From:	Arnd Bergmann
Subject:	Re: [Devel] KDE crashes, was: 2.4.3-3mdk and VIA
Date:	Sat, 7 Apr 2001 01:17:16 +0200 (MET DST)

Hi,

I can finally see a bit clearer about the strange segfaults.
I have been able to reproduce a segfault without using libXft,
but not in the original place.

It seems that the problem I first encountered happens when some
of the library data is corrupted after a first memory allocation
problem. I have found some configurations that do not lead to
a segfault but to something like "T1_Decoder_Parse_CharStrings: 
invalid byte (29)" for the otherwise correct font file.

After I linked libefence into the ftdemos, I got a reproducible
segfault (see below) for any of those programs accessing either
n021004l.pf[ab] or b018012l.pf[ab] from the 1994 urw fonts.
With older (<= 2.0.1) versions of freetype or any other fonts,
there is still no problem, even with ElectricFence.

Hope that helps,

Arnd <><


#0  0x40101ebc in memcpy () from /lib/libc.so.6
#1  0x00004be5 in PS_Table_Add (table=0xbffff19c, index=232, object=0x4023c400,
    length=28) at /home/arnd/rpm/BUILD/freetype-2.0.2/src/psaux/psobjs.c:179
#2  0x400520a9 in parse_charstrings (face=0x40202dec, loader=0xbffff0d0)
    at /home/arnd/rpm/BUILD/freetype-2.0.2/src/type1/t1load.c:1305
#3  0x4005111d in t1_load_keyword (face=0x40202dec, loader=0xbffff0d0,
    field=0x40060100)
    at /home/arnd/rpm/BUILD/freetype-2.0.2/src/type1/t1load.c:706
#4  0x40052540 in parse_dict (face=0x40202dec, loader=0xbffff0d0,
    base=0x40212414 "0000dup /Private 15 dict dup begin\n/RD {string 
currentfile exch readstring pop} executeonly def\n/ND {noaccess def} 
executeonly def\n/NP {noaccess put} executeonly def\n/UniqueID 5020933 
def\n/BlueValues "...,
    size=33761) at /home/arnd/rpm/BUILD/freetype-2.0.2/src/type1/t1load.c:1504
#5  0x40052824 in T1_Open_Face (face=0x40202dec)
    at /home/arnd/rpm/BUILD/freetype-2.0.2/src/type1/t1load.c:1593
#6  0x40052e76 in T1_Init_Face (stream=0x40200fd8, face=0x40202dec,
    face_index=0, num_params=0, params=0x0)
    at /home/arnd/rpm/BUILD/freetype-2.0.2/src/type1/t1objs.c:186
#7  0x4001fb87 in open_face (driver=0x401f8fd8, stream=0x40200fd8,
    face_index=0, num_params=0, params=0x0, aface=0xbffff2b8)
    at /home/arnd/rpm/BUILD/freetype-2.0.2/src/base/ftobjs.c:1076
#8  0x4001fe81 in FT_Open_Face (library=0x401c3f88, args=0xbffff2e8,
    face_index=0, aface=0xbffff328)
    at /home/arnd/rpm/BUILD/freetype-2.0.2/src/base/ftobjs.c:1237
#9  0x4001fc32 in FT_New_Face (library=0x401c3f88,
    pathname=0xbffff683 "n021004l.pfa", face_index=0, aface=0xbffff328)
    at /home/arnd/rpm/BUILD/freetype-2.0.2/src/base/ftobjs.c:1121
#10 0x08048d3a in main (argc=2, argv=0xbffff4dc)
    at /home/arnd/rpm/BUILD/ft2demos-2.0.2/src/ftdump.c:242
#11 0x400980de in __libc_start_main () from /lib/libc.so.6

(gdb) print *face
$3 = {root = {num_faces = 1, face_index = 0, face_flags = 0, style_flags = 0,
    num_glyphs = 0, family_name = 0x0, style_name = 0x0, num_fixed_sizes = 0,
    available_sizes = 0x0, num_charmaps = 0, charmaps = 0x0, generic = {
      data = 0x0, finalizer = 0}, bbox = {xMin = 0, yMin = 0, xMax = 0,
      yMax = 0}, units_per_EM = 0, ascender = 0, descender = 0, height = 0,
    max_advance_width = 0, max_advance_height = 0, underline_position = 0,
    underline_thickness = 0, glyph = 0x0, size = 0x0, charmap = 0x0,
    driver = 0x401f8fd8, memory = 0x401c1ff0, stream = 0x40200fd8,
    sizes_list = {head = 0x0, tail = 0x0}, autohint = {data = 0x0,
      finalizer = 0}, extensions = 0x0, internal = 0x40204fe0}, type1 = {
    font_info = {version = 0x40206ff8 "001.005",
      notice = 0x40208fdc "URW Software, Copyright 1996 by URW",
      full_name = 0x4020afec "URW Bookman L Light",
      family_name = 0x4020cff0 "URW Bookman L", weight = 0x4020eff8 "Regular",
      italic_angle = 0, is_fixed_pitch = 0 '\000', underline_position = -125,
      underline_thickness = 60}, private_dict = {unique_id = 5019650,
      lenIV = 4, num_blue_values = 6 '\006', num_other_blues = 0 '\000',
      num_family_blues = 0 '\000', num_family_other_blues = 0 '\000',
      blue_values = {-20, 0, 485, 505, 681, 701, 0, 0, 0, 0, 0, 0, 0, 0},
      other_blues = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, family_blues = {
        0 <repeats 14 times>}, family_other_blues = {0, 0, 0, 0, 0, 0, 0, 0,
        0, 0}, blue_scale = 2596864, blue_shift = 0, blue_fuzz = 0,
      standard_width = {39}, standard_height = {96},
       num_snap_widths = 4 '\004', num_snap_heights = 3 '\003',
      force_bold = 0 '\000', round_stem_up = 0 '\000', snap_widths = {39, 44,
        50, 59, 0, 0, 0, 0, 0, 0, 0, 0, 0}, snap_heights = {96, 101, 119, 0,
        0, 0, 0, 0, 0, 0, 0, 0, 0}, language_group = 0, password = 5839,
      min_feature = {16, 16}}, font_name = 0x40210fec "URWBookmanL-Ligh",
    encoding_type = t1_encoding_standard, encoding = {num_chars = 0,
      code_first = 0, code_last = 0, char_index = 0x0, char_name = 0x0},
    subrs_block = 0x0, charstrings_block = 0x0, glyph_names_block = 0x0,
    num_subrs = 0, subrs = 0x0, subrs_len = 0x0, num_glyphs = 0,
    glyph_names = 0x0, charstrings = 0x0, charstrings_len = 0x0,
    paint_type = 0 '\000', font_type = 1 '\001', font_matrix = {xx = 65536,
      xy = 0, yx = 0, yy = 65536}, font_offset = {x = 0, y = 0}, font_bbox = {
      xMin = -12320768, yMin = -15794176, xMax = 82968576, yMax = 60424192},
    font_id = 0, stroke_width = 0}, psnames = 0x4005fa24, psaux = 0x4005e92c,
  afm_data = 0x0, charmaprecs = {{face = 0x0, encoding = ft_encoding_none,
      platform_id = 0, encoding_id = 0}, {face = 0x0,
      encoding = ft_encoding_none, platform_id = 0, encoding_id = 0}},
  charmaps = {0x0, 0x0}, unicode_map = {num_maps = 0, maps = 0x0}, blend = 0x0}


(gdb) print *table
$4 = {
  block = 0x40233000 
"\224?f\r\217\n?<?\025\220\n\221\214\216\f\020\f\021\n?%?\024\025\222\n\016\224?f\r\217\n?<?\025\220\n?\016?\212\025\223\n\016\224?f\r\217\n?<?\025\220\n??\212\025\224\n\016\224?f\r\217\n?<?\025\220\n??\212\025\225\n\01
6\224?f\r\217\n?<?\025\220\n\226\214\216\f\020\f\021\n?B?\237\025\231\n\016\224?f\r\217\n?<?\025\220\n\232\214\216\f\020\f\021\nb?\\\025\233\n\016\233?/\r\234\n???8\025\237\n\221\214\216\f\020\f\021\n?\005?%\025\222\n\016\233?/\r\234\n???8\025\237\n???\233\025\223\n\016\233?/\r\234\n???"...,
 cursor = 19429,
  capacity = 20480, init = -559038737, max_elems = 233, num_elems = 0,
  elements = 0x40228c5c, lengths = 0x4022ac5c, memory = 0x401c1ff0, funcs = {
    init = 0x4003ae90 <PS_Table_New>, done = 0x4003b1bc <PS_Table_Done>,
    add = 0x4003b098 <PS_Table_Add>, release = 0x4003b25c <PS_Table_Release>}}

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Devel] KDE crashes, was: 2.4.3-3mdk and VIA, Arnd Bergmann <=
- Re: [Devel] KDE crashes, was: 2.4.3-3mdk and VIA, Tom Kacvinsky, 2001/04/06
- Re: [Devel] KDE crashes, was: 2.4.3-3mdk and VIA, Tom Kacvinsky, 2001/04/07
- [Devel] FIXED: KDE crashes, was: 2.4.3-3mdk and VIA, Tom Kacvinsky, 2001/04/08
  - Re: [Devel] FIXED: KDE crashes, was: 2.4.3-3mdk and VIA, Werner LEMBERG, 2001/04/08
  - [Devel] efence and Solaris 7 [was: FIXED: KDE crashes], Tom Kacvinsky, 2001/04/11

Prev by Date: Re: [Devel] Cache manager FREE problem [was: Anyone there?]
Next by Date: Re: [Devel] shared library under Windows
Previous by thread: [Devel] Re: Cache manager FREE problem [was: Anyone there?]
Next by thread: Re: [Devel] KDE crashes, was: 2.4.3-3mdk and VIA
Index(es):
- Date
- Thread