[cairo] Text rendering crash

Behdad Esfahbod behdad at behdad.org
Fri Oct 17 10:38:04 PDT 2008 

Hi Ian,

Your guess is exactly what's happening.  The docs have been enhanced to point
this out with an example.  See:


http://cairographics.org/manual/cairo-ft-font.html#cairo-ft-font-face-create-for-ft-face

Now I don't know how the FreeType cache manager supports that.  Perhaps David
can answer.

behdad

Ian Britten wrote:
> Hi all,
> I'm pursuing a crash in Cairo when rendering text, and was hoping
> to get some insight/guidance from the experts about how to proceed.
> [ Valgrind snippet at the end ]
> 
> - One simple possibility is that it's something that's already fixed
>    in a newer version of Cairo.  I look through the various Bugzilla
>    bugs, but didn't see anything that looked recent+relevant.
>    I'm using cairo 1.6.4 since it's the pre-installed version on
>    Linux right now.  I could look at upgrading if anyone was
>    optimistic that it might fix my problem, but I'm suspecting the
>    problem is more likely my second thought...
> 
> - I'm suspecting the problem is a 'dangling pointer' problem with
>    the FT_Face I'm passing to set_font_face(), and most of the rest
>    of this message will expand on that.
>    [ Note I'm also using FT 2.3.7 ]
> 
> We have an extensive framework that already makes use of FT.
> I'm trying to add support to this to output PDF/etc via Cairo.
> As such, in our text rendering pipeline, we take care of
> retrieving the relevant FT_Face (via FTC_Manager_Lookup_Size())
> and normally use that in conjunction with FT_Outline_Render()/etc
> to rasterize the text to an appropriate bitmap.
> 
> In this case, I'm passing the (cached) FT_Face into
> cairo_ft_font_face_create_for_ft_face(), and subsequently setting
> that onto my context, via cairo_set_font_face().
> 
> This seems to work, until the PDF is actually written out, when
> my (cairomm) Surface is cleaned up (deleted).  At this point, I
> get Valgrind errors, and intermittent crashes.
> 
> What I suspect is happening is that the FT_Face that FT gave me
> from it's cache was deleted from the cache in between the time I
> set it onto the Cairo context, and the time it was actually used
> to write out the PDF.  I didn't realize that Cairo didn't use the
> FT_Face immediately, and didn't for-see this problem.
> 
> As such, I'm a bit unsure how to proceed, and whether the problem
> is with FT, Cairo, or me (trying to combine all three together).
> 
> Obviously, I've glossed over a lot of details, but this message is
> getting too long for just an intro.  I'll happily provide more
> specifics if anyone has any ideas, and/or is willing to help me
> pursue this!
> 
> Many thanks in advance!
> Ian
> --
> 
> Valgrind errors
> 
> Invalid read of size 4
>     at 0x568E6EB: FT_Load_Glyph (in /usr/lib/libfreetype.so.6.3.18)
>     by 0x56506F6: _cairo_ft_scaled_glyph_init (cairo-ft-font.c:1927)
>     by 0x560D297: _cairo_scaled_glyph_lookup (cairo-scaled-font.c:1809)
>     by 0x560C017: _cairo_scaled_font_glyph_device_extents (cairo-scaled-font.c:1208)
>     by 0x56209B1: _cairo_analysis_surface_show_glyphs (cairo-analysis-surface.c:606)
>     by 0x5611AC2: _cairo_surface_show_glyphs (cairo-surface.c:2148)
>     by 0x561E40E: _cairo_meta_surface_replay_internal (cairo-meta-surface.c:827)
>     by 0x561E5C2: _cairo_meta_surface_replay_and_create_regions 
> (cairo-meta-surface.c:894)
>     by 0x561ED55: _paint_page (cairo-paginated-surface.c:303)
>     by 0x561F189: _cairo_paginated_surface_show_page (cairo-paginated-surface.c:464)
>   Address 0x895e420 is 88 bytes inside a block of size 1,536 free'd
>     at 0x40218FE: realloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
>     by 0x56097B3: _cairo_polygon_grow (cairo-polygon.c:100)
>     by 0x5609840: _cairo_polygon_add_edge (cairo-polygon.c:126)
>     by 0x5609975: _cairo_polygon_line_to (cairo-polygon.c:168)
>     by 0x56044F6: _cairo_filler_line_to (cairo-path-fill.c:108)
>     by 0x56053D7: _cairo_path_fixed_interpret (cairo-path-fixed.c:521)
>     by 0x56046E6: _cairo_path_fixed_fill_to_traps (cairo-path-fill.c:179)
>     by 0x5620783: _cairo_analysis_surface_fill (cairo-analysis-surface.c:536)
>     by 0x5610DB3: _cairo_surface_fill (cairo-surface.c:1616)
>     by 0x561E276: _cairo_meta_surface_replay_internal (cairo-meta-surface.c:791)
> 
> Process terminating with default action of signal 11 (SIGSEGV)
>   Access not within mapped region at address 0x12DB
>     at 0x568BF70: ft_glyphslot_free_bitmap (in /usr/lib/libfreetype.so.6.3.18)
>     by 0x568E70A: FT_Load_Glyph (in /usr/lib/libfreetype.so.6.3.18)
>     by 0x56506F6: _cairo_ft_scaled_glyph_init (cairo-ft-font.c:1927)
>     by 0x560D297: _cairo_scaled_glyph_lookup (cairo-scaled-font.c:1809)
>     [ ditto ]
> _______________________________________________
> cairo mailing list
> cairo at cairographics.org
> http://lists.cairographics.org/mailman/listinfo/cairo
>

More information about the cairo mailing list