[cairo] Text rendering crash

Ian Britten britten at caris.com
Fri Oct 17 08:33:55 PDT 2008

Hi all,
I'm pursuing a crash in Cairo when rendering text, and was hoping
to get some insight/guidance from the experts about how to proceed.
[ Valgrind snippet at the end ]

- One simple possibility is that it's something that's already fixed
   in a newer version of Cairo.  I look through the various Bugzilla
   bugs, but didn't see anything that looked recent+relevant.
   I'm using cairo 1.6.4 since it's the pre-installed version on
   Linux right now.  I could look at upgrading if anyone was
   optimistic that it might fix my problem, but I'm suspecting the
   problem is more likely my second thought...

- I'm suspecting the problem is a 'dangling pointer' problem with
   the FT_Face I'm passing to set_font_face(), and most of the rest
   of this message will expand on that.
   [ Note I'm also using FT 2.3.7 ]

We have an extensive framework that already makes use of FT.
I'm trying to add support to this to output PDF/etc via Cairo.
As such, in our text rendering pipeline, we take care of
retrieving the relevant FT_Face (via FTC_Manager_Lookup_Size())
and normally use that in conjunction with FT_Outline_Render()/etc
to rasterize the text to an appropriate bitmap.

In this case, I'm passing the (cached) FT_Face into
cairo_ft_font_face_create_for_ft_face(), and subsequently setting
that onto my context, via cairo_set_font_face().

This seems to work, until the PDF is actually written out, when
my (cairomm) Surface is cleaned up (deleted).  At this point, I
get Valgrind errors, and intermittent crashes.

What I suspect is happening is that the FT_Face that FT gave me
from it's cache was deleted from the cache in between the time I
set it onto the Cairo context, and the time it was actually used
to write out the PDF.  I didn't realize that Cairo didn't use the
FT_Face immediately, and didn't for-see this problem.

As such, I'm a bit unsure how to proceed, and whether the problem
is with FT, Cairo, or me (trying to combine all three together).

Obviously, I've glossed over a lot of details, but this message is
getting too long for just an intro.  I'll happily provide more
specifics if anyone has any ideas, and/or is willing to help me
pursue this!

Many thanks in advance!

Valgrind errors

Invalid read of size 4
    at 0x568E6EB: FT_Load_Glyph (in /usr/lib/libfreetype.so.6.3.18)
    by 0x56506F6: _cairo_ft_scaled_glyph_init (cairo-ft-font.c:1927)
    by 0x560D297: _cairo_scaled_glyph_lookup (cairo-scaled-font.c:1809)
    by 0x560C017: _cairo_scaled_font_glyph_device_extents (cairo-scaled-font.c:1208)
    by 0x56209B1: _cairo_analysis_surface_show_glyphs (cairo-analysis-surface.c:606)
    by 0x5611AC2: _cairo_surface_show_glyphs (cairo-surface.c:2148)
    by 0x561E40E: _cairo_meta_surface_replay_internal (cairo-meta-surface.c:827)
    by 0x561E5C2: _cairo_meta_surface_replay_and_create_regions 
    by 0x561ED55: _paint_page (cairo-paginated-surface.c:303)
    by 0x561F189: _cairo_paginated_surface_show_page (cairo-paginated-surface.c:464)
  Address 0x895e420 is 88 bytes inside a block of size 1,536 free'd
    at 0x40218FE: realloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
    by 0x56097B3: _cairo_polygon_grow (cairo-polygon.c:100)
    by 0x5609840: _cairo_polygon_add_edge (cairo-polygon.c:126)
    by 0x5609975: _cairo_polygon_line_to (cairo-polygon.c:168)
    by 0x56044F6: _cairo_filler_line_to (cairo-path-fill.c:108)
    by 0x56053D7: _cairo_path_fixed_interpret (cairo-path-fixed.c:521)
    by 0x56046E6: _cairo_path_fixed_fill_to_traps (cairo-path-fill.c:179)
    by 0x5620783: _cairo_analysis_surface_fill (cairo-analysis-surface.c:536)
    by 0x5610DB3: _cairo_surface_fill (cairo-surface.c:1616)
    by 0x561E276: _cairo_meta_surface_replay_internal (cairo-meta-surface.c:791)

Process terminating with default action of signal 11 (SIGSEGV)
  Access not within mapped region at address 0x12DB
    at 0x568BF70: ft_glyphslot_free_bitmap (in /usr/lib/libfreetype.so.6.3.18)
    by 0x568E70A: FT_Load_Glyph (in /usr/lib/libfreetype.so.6.3.18)
    by 0x56506F6: _cairo_ft_scaled_glyph_init (cairo-ft-font.c:1927)
    by 0x560D297: _cairo_scaled_glyph_lookup (cairo-scaled-font.c:1809)
    [ ditto ]

More information about the cairo mailing list