[Fontconfig] Re: fontconfig often crashes when there is something wrong with the cache files

Patrick Lam plam at MIT.EDU
Wed Oct 26 00:47:48 EST 2005 

Mike FABIAN wrote:
> For details see:
> 
> http://bugzilla.novell.com/show_bug.cgi?id=128080
> 
> This bugreport also has a backtrace attached (comment #10).
> 
> Until now I don't know a easy way to reproduce the problem, it occurs
> "sometimes" and goes away by calling "fc-cache -f" as root.
> I.e. I guess there is something wrong with the cache files.
> 
> I have started debugging this but until now I only found that
> it crashes in fccharset.c in
> 
>     FcCharSet *
>     FcCharSetCopy (FcCharSet *src)
>     {
>         if (src->ref != FC_REF_CONSTANT)
>             src->ref++;
>         return src;
>     }
> 
> 
> when src->ref happens to be 0 (which is != FC_REF_CONSTANT)
> and then tries to execute
> 
>     src->ref++;
> 
> which won't work because "src" is v.u.c where v is of type FcValue and
> FcCharSet is "const" in that union (fontconfig.h), therefore it cannot
> be incremented:

The constness is not a problem, since that's cast away.  However, the
problem might be that the charset is in mmapped space and therefore ref
can't be incremented.  But that's strange, because mmapped charsets
should always have ref set to -1.  Also, the backtrace seems to point to
 line 359, which is the statement just after the increment.  However,
v.u.c just seems to be not an address ('address 0x2aaaad90c4ef out of
bounds')

I notice that this is occuring on x86_64, which may be somewhat relevant.

If you can reproduce this problem, there are two pieces of information
which would be useful.  1) step up to fclist.c:431 and print v there,
before canonicalization.  2) also print charsets[0].

Hmm, let's put an assert there too.  Try this patch (to see if the cache
files themselves are corrupted in a simple way) and tell me if you can
make it abort.  I don't think that'll happen; I think the corruption is
elsewhere.

diff -u -r1.25.4.4 fccharset.c
--- src/fccharset.c     22 Sep 2005 23:45:53 -0000      1.25.4.4
+++ src/fccharset.c     25 Oct 2005 14:46:42 -0000
@@ -1406,6 +1406,7 @@
 FcCharSetUnserialize (FcCache metadata, void *block_ptr)
 {
     int bi = FcCacheBankToIndex(metadata.bank);
+    int i;
     if (!FcCharSetEnsureBank(bi))
        return 0;

@@ -1422,6 +1423,10 @@
     block_ptr = (void *)((char *)block_ptr +
                     (sizeof(int) * metadata.charset_leaf_idx_count));

+    for (i = 0; i < metadata.charset_count; i++)
+        if (charsets[bi][i].ref != FC_REF_CONSTANT)
+            abort();
+
     return block_ptr;
 }

pat

More information about the Fontconfig mailing list