Re: [Devel] Memory corruption [Symbian]?

freetype-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Devel] Memory corruption [Symbian]?

From:	Fernando Papa
Subject:	Re: [Devel] Memory corruption [Symbian]?
Date:	Sun, 12 Sep 2004 05:21:02 -0300

*****
You may want to skip to the last few lines.
*****


>Have you read the file docs/DEBUG?  Maybe you can use
>some of the tracing utilities.

Here is the log.  Can't find anything wrong, but don't
understand a thing, either.

Sorry about the format, no printf here, I had to plug
my logging code.  Hope I got the maximum trace level
right, as I had to make some changes in order to get
rid of the non-const un/initialized-data used by the
debugging code.

ft-current-20040910.

ftmodule.h:
FT_USE_MODULE(tt_driver_class)
FT_USE_MODULE(ft_raster1_renderer_class)
FT_USE_MODULE(sfnt_module_class)
FT_USE_MODULE(ft_smooth_renderer_class)

trebuc.ttf 65100 bytes long, from w2k pro "Trebuchet MSVersion 1.15"

(here is Nokia 3650's output; scroll 100 lines to
see the simulator's output)

*****NEXT LINE: FT_Init_FreeType(&library).
FT_Alloc:
 size = 196, block = 0x0x40bc2c, ref = 0x0x403f20.
FT_Alloc:
 size = 16384, block = 0x0x40bcf4, ref = 0x0x40bcd8.
FT_Alloc:
 size = 76, block = 0x0x40fcf8, ref = 0x0x403f10.
FT_Alloc:
 size = 88, block = 0x0x40fd48, ref = 0x0x403efc.
FT_Alloc:
 size = 0, block = 0x0x000000, ref = 0x0x40fd70.
FT_Alloc:
 size = 72, block = 0x0x40fda4, ref = 0x0x403f10.
FT_Alloc:
 size = 12, block = 0x0x405a34, ref = 0x0x403ef0.
FT_Alloc:
 size = 2060, block = 0x0x40fdf0, ref = 0x0x403ed8.
FT_Alloc:
 size = 20, block = 0x0x40711c, ref = 0x0x403f10.
FT_Alloc:
 size = 72, block = 0x0x410600, ref = 0x0x403f10.
FT_Alloc:
 size = 12, block = 0x0x41064c, ref = 0x0x403ef0.
FT_Alloc:
 size = 1388, block = 0x0x41065c, ref = 0x0x403edc.
*****NEXT LINE: FT_New_Memory_Face(library, trebuc, 65100, 0, &face).
FT_Alloc:
 size = 40, block = 0x0x410bcc, ref = 0x0x403ec4.
FT_Alloc:
 size = 708, block = 0x0x410bf8, ref = 0x0x403eb8.
FT_Alloc:
 size = 52, block = 0x0x410ec0, ref = 0x0x403eb4.
tt_face_load_sfnt_header: 0x410bf8, 0.
tt_face_load_directory: 0x410bf8.
-- Tables count:             19.
-- Format version: 00010000.
FT_QAlloc:
 size = 304, block = 0x0x410ef8, ref = 0x0x410c94.
  DSIG  -  0000ea2c  -  00001420.
  LTSH  -  0000132c  -  00000139.
  OS/2  -  000001b8  -  00000056.
  VDMX  -  00001468  -  000005e0.
  cmap  -  00000ca8  -  00000416.
  cvt   -  0000211c  -  0000013c.
  fpgm  -  00001bdc  -  00000540.
  gasp  -  00000210  -  00000010.
  glyf  -  00004cfc  -  00009654.
  hdmx  -  0000272c  -  000025d0.
  head  -  0000013c  -  00000036.
  hhea  -  00000174  -  00000024.
  hmtx  -  00002258  -  000004d4.
  kern  -  0000e754  -  000002d6.
  loca  -  000010c0  -  0000026c.
  maxp  -  00000198  -  00000020.
  name  -  00000220  -  00000a85.
  post  -  0000e350  -  00000401.
  prep  -  00001a48  -  00000192.
Directory loaded..
tt_face_lookup_table: 0x410bf8, `glyf' -- 
found table..
tt_face_load_generic_header: 0x410bf8, looking up font table `head'..
tt_face_lookup_table: 0x410bf8, `head' -- 
found table..
    Units per EM:     2048.
    IndexToLoc:          0.
tt_face_load_generic_header: Font table loaded..
Load_TT_MaxProfile: 0x410bf8.
tt_face_lookup_table: 0x410bf8, `maxp' -- 
found table..
MAXP loaded..
tt_face_lookup_table: 0x410bf8, `cmap' -- 
found table..
`cmap' table loaded.
Names 
tt_face_lookup_table: 0x410bf8, `name' -- 
found table..
FT_Alloc:
 size = 860, block = 0x0x41102c, ref = 0x0x410d60.
loaded.
PostScript 
tt_face_lookup_table: 0x410bf8, `post' -- 
found table..
loaded.
Horizontal header 
tt_face_lookup_table: 0x410bf8, `hhea' -- 
found table..
loaded.
TT_Load_Horizontal_Metrics: 0x410bf8.
tt_face_lookup_table: 0x410bf8, `hmtx' -- 
found table..
FT_QAlloc:
 size = 1236, block = 0x0x41138c, ref = 0x0x410cf4.
FT_QAlloc:
 size = 0, block = 0x0x000000, ref = 0x0x410cf8.
loaded.
Vertical header 
tt_face_lookup_table: 0x410bf8, `vhea' -- 
could not find table!.
OS/2 Table 
tt_face_lookup_table: 0x410bf8, `OS/2' -- 
found table..
loaded.
tt_face_lookup_table: 0x410bf8, `hdmx' -- 
found table..
FT_QAlloc:
 size = 248, block = 0x0x411864, ref = 0x0x410e18.
FT_QAlloc:
 size = 309, block = 0x0x411960, ref = 0x0x411868.
FT_QAlloc:
 size = 309, block = 0x0x411a9c, ref = 0x0x411870.
FT_QAlloc:
 size = 309, block = 0x0x411bd8, ref = 0x0x411878.
FT_QAlloc:
 size = 309, block = 0x0x411d14, ref = 0x0x411880.
FT_QAlloc:
 size = 309, block = 0x0x411e50, ref = 0x0x411888.
FT_QAlloc:
 size = 309, block = 0x0x411f8c, ref = 0x0x411890.
FT_QAlloc:
 size = 309, block = 0x0x4120c8, ref = 0x0x411898.
FT_QAlloc:
 size = 309, block = 0x0x412204, ref = 0x0x4118a0.
FT_QAlloc:
 size = 309, block = 0x0x412340, ref = 0x0x4118a8.
FT_QAlloc:
 size = 309, block = 0x0x41247c, ref = 0x0x4118b0.
FT_QAlloc:
 size = 309, block = 0x0x4125b8, ref = 0x0x4118b8.
FT_QAlloc:
 size = 309, block = 0x0x4126f4, ref = 0x0x4118c0.
FT_QAlloc:
 size = 309, block = 0x0x412830, ref = 0x0x4118c8.
FT_QAlloc:
 size = 309, block = 0x0x41296c, ref = 0x0x4118d0.
FT_QAlloc:
 size = 309, block = 0x0x412aa8, ref = 0x0x4118d8.
FT_QAlloc:
 size = 309, block = 0x0x412be4, ref = 0x0x4118e0.
FT_QAlloc:
 size = 309, block = 0x0x412d20, ref = 0x0x4118e8.
FT_QAlloc:
 size = 309, block = 0x0x412e5c, ref = 0x0x4118f0.
FT_QAlloc:
 size = 309, block = 0x0x412f98, ref = 0x0x4118f8.
FT_QAlloc:
 size = 309, block = 0x0x4130d4, ref = 0x0x411900.
FT_QAlloc:
 size = 309, block = 0x0x413210, ref = 0x0x411908.
FT_QAlloc:
 size = 309, block = 0x0x41334c, ref = 0x0x411910.
FT_QAlloc:
 size = 309, block = 0x0x413488, ref = 0x0x411918.
FT_QAlloc:
 size = 309, block = 0x0x4135c4, ref = 0x0x411920.
FT_QAlloc:
 size = 309, block = 0x0x413700, ref = 0x0x411928.
FT_QAlloc:
 size = 309, block = 0x0x41383c, ref = 0x0x411930.
FT_QAlloc:
 size = 309, block = 0x0x413978, ref = 0x0x411938.
FT_QAlloc:
 size = 309, block = 0x0x413ab4, ref = 0x0x411940.
FT_QAlloc:
 size = 309, block = 0x0x413bf0, ref = 0x0x411948.
FT_QAlloc:
 size = 309, block = 0x0x413d2c, ref = 0x0x411950.
FT_QAlloc:
 size = 309, block = 0x0x413e68, ref = 0x0x411958.
tt_face_load_gasp: 0x410bf8.
tt_face_lookup_table: 0x410bf8, `gasp' -- 
found table..
number of ranges = 3.
FT_QAlloc:
 size = 12, block = 0x0x413fa4, ref = 0x0x403e4c.
 [max:8 flag:2]
 [max:16 flag:1]
 [max:65535 flag:3]
.
GASP loaded.
tt_face_lookup_table: 0x410bf8, `kern' -- 
found table..
FT_QAlloc:
 size = 944, block = 0x0x413fb4, ref = 0x0x410ea4.
PCLT 
tt_face_lookup_table: 0x410bf8, `PCLT' -- 
could not find table!.
missing (optional).
FT_QAlloc:
 size = 24, block = 0x0x414368, ref = 0x0x411140.
FT_Alloc:
 size = 13, block = 0x0x414384, ref = 0x0x403e3c.
FT_QAlloc:
 size = 14, block = 0x0x414398, ref = 0x0x411154.
FT_Alloc:
 size = 8, block = 0x0x4143ac, ref = 0x0x403e3c.
FT_Alloc:
 size = 20, block = 0x0x4143b8, ref = 0x0x403dc0.
FT_Alloc:
 size = 4, block = 0x0x407150, ref = 0x0x410c20.
FT_Alloc:
 size = 20, block = 0x0x4143d0, ref = 0x0x403dc0.

[crash -- access violation -- the logging code does
not do any buffering and is writing directly to
phone RAM, so no log lines were lost]

Also tried with Tahoma, and it crashes exactly at
the same point: 7 FT_Alloc/FT_QAlloc after not
finding PCLT table.  The size allocated is also
the same for the last 5 q/allocs.

Here's the output for the simulator (trebuc.ttf) :

( FT_Init_FreeType & FT_New_Memory_Face only, lowered
logging level to 6 to avoid the alloc clutter)

NEXT LINE: FT_Init_FreeType(&library)
NEXT LINE: FT_New_Memory_Face(library, trebuc, 65100, 0, &face)
tt_face_load_sfnt_header: 0x1004ea90, 0
tt_face_load_directory: 0x1004ea90
-- Tables count:             19
-- Format version: 00010000
  DSIG  -  0000ea2c  -  00001420
  LTSH  -  0000132c  -  00000139
  OS/2  -  000001b8  -  00000056
  VDMX  -  00001468  -  000005e0
  cmap  -  00000ca8  -  00000416
  cvt   -  0000211c  -  0000013c
  fpgm  -  00001bdc  -  00000540
  gasp  -  00000210  -  00000010
  glyf  -  00004cfc  -  00009654
  hdmx  -  0000272c  -  000025d0
  head  -  0000013c  -  00000036
  hhea  -  00000174  -  00000024
  hmtx  -  00002258  -  000004d4
  kern  -  0000e754  -  000002d6
  loca  -  000010c0  -  0000026c
  maxp  -  00000198  -  00000020
  name  -  00000220  -  00000a85
  post  -  0000e350  -  00000401
  prep  -  00001a48  -  00000192
Directory loaded
tt_face_lookup_table: 0x1004ea90, `glyf' -- 
found table.
tt_face_load_generic_header: 0x1004ea90, looking up font table `head'.
tt_face_lookup_table: 0x1004ea90, `head' -- 
found table.
    Units per EM:     2048
    IndexToLoc:          0
tt_face_load_generic_header: Font table loaded.
Load_TT_MaxProfile: 0x1004ea90
tt_face_lookup_table: 0x1004ea90, `maxp' -- 
found table.
MAXP loaded.
tt_face_lookup_table: 0x1004ea90, `cmap' -- 
found table.
`cmap' table loaded
Names 
tt_face_lookup_table: 0x1004ea90, `name' -- 
found table.
loaded
PostScript 
tt_face_lookup_table: 0x1004ea90, `post' -- 
found table.
loaded
Horizontal header 
tt_face_lookup_table: 0x1004ea90, `hhea' -- 
found table.
loaded
TT_Load_Horizontal_Metrics: 0x1004ea90
tt_face_lookup_table: 0x1004ea90, `hmtx' -- 
found table.
loaded
Vertical header 
tt_face_lookup_table: 0x1004ea90, `vhea' -- 
could not find table!
OS/2 Table 
tt_face_lookup_table: 0x1004ea90, `OS/2' -- 
found table.
loaded
tt_face_lookup_table: 0x1004ea90, `hdmx' -- 
found table.
tt_face_load_gasp: 0x1004ea90
tt_face_lookup_table: 0x1004ea90, `gasp' -- 
found table.
number of ranges = 3
 [max:8 flag:2]
 [max:16 flag:1]
 [max:65535 flag:3]
GASP loaded
tt_face_lookup_table: 0x1004ea90, `kern' -- 
found table.
PCLT 
tt_face_lookup_table: 0x1004ea90, `PCLT' -- 
could not find table!
missing (optional)
Locations 
tt_face_lookup_table: 0x1004ea90, `loca' -- 
found table.
(16bit offsets):          310 
loaded
CVT 
tt_face_lookup_table: 0x1004ea90, `cvt ' -- 
found table.
loaded
Font program 
tt_face_lookup_table: 0x1004ea90, `fpgm' -- 
found table.
loaded,         1344 bytes
Prep program 
tt_face_lookup_table: 0x1004ea90, `prep' -- 
found table.
loaded,          402 bytes
FT_Open_Face: New face object, adding to list
FT_Open_Face: Creating glyph slot
FT_New_GlyphSlot: Creating new slot object
FT_New_GlyphSlot: Return 0
FT_Open_Face: Creating size object
Init_Context: new object at 0x0x10053658, parent = 0x0x1004ea90
FT_Open_Face: Return 0

*****

I added a few traces and found the following:

sfobjs.c : sfnt_load_face()
.....
FT_Face    root = &face->root;
..... added trace("root=%d\n", root) everywhere

the following line corrupts root :

    tt_face_build_cmaps( face );

A trace(root) after that line reports a different
value (often 0) than the first one.  trace(face)
reports that it has also changed... so we have stack
corruption. (sort of, seems just the sp is affected)

Just tried on VC++ and root isn't corrupted.

The setjmp stuff on tt_face_build_cmaps is causing
the trouble.  I can't suggest a fix as I don't have
the slightest idea on what the code is supposed to do.

Regards,
Fernando.

[Prev in Thread]

Current Thread

[Next in Thread]

[Devel] Memory corruption [Symbian]?, Fernando Papa, 2004/09/11
- Re: [Devel] Memory corruption [Symbian]?, Werner LEMBERG, 2004/09/11
  - Re: [Devel] Memory corruption [Symbian]?, Fernando Papa <=
    - Re: [Devel] Memory corruption [Symbian]?, Alexander Weber, 2004/09/13
    - Re: [Devel] Memory corruption [Symbian]?, Juergen Willrodt, 2004/09/13
    - Re: [Devel] Memory corruption [Symbian]?, Peter G. Sakhno, 2004/09/14
    - Re: [Devel] Memory corruption [Symbian]?, Soeren Sandmann, 2004/09/13
    - Re: [Devel] Memory corruption [Symbian]?, Juergen Willrodt, 2004/09/13
    - [Devel] Memory corruption problem, Werner LEMBERG, 2004/09/14
    - RE: [Devel] Memory corruption problem, Graham Asher, 2004/09/15
- [Devel] FT_PtrDist is badly defined and should be abolished, Graham Asher, 2004/09/13

Prev by Date: Re: [Devel] Memory corruption [Symbian]?
Next by Date: [Devel] HEY, I SENT IT ONLY ONCE!
Previous by thread: Re: [Devel] Memory corruption [Symbian]?
Next by thread: Re: [Devel] Memory corruption [Symbian]?
Index(es):
- Date
- Thread