bug#42943: 28.0.50; Emacsclient crashes in ftcrfont_glyph

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#42943: 28.0.50; Emacsclient crashes in ftcrfont_glyph_extents

From:	Basil L. Contovounesios
Subject:	bug#42943: 28.0.50; Emacsclient crashes in ftcrfont_glyph_extents
Date:	Thu, 20 Aug 2020 01:47:32 +0100

>From the project-root:

0. cd src
1. gdb ./emacs
2. set logging on
3. r -Q --fg-daemon

>From the project-root in another shell:

4. ./lib-src/emacsclient -c
5. C-\ arabic RET
6. s ~ A
7. C-x 5 0
8. ./lib-src/emacsclient -c

Back to GDB:

9. bt full

I attach the resulting backtrace.

I then recompiled ftcrfont.c with the following printf sprinkles:

diff --git a/src/ftcrfont.c b/src/ftcrfont.c
index 29813c8d7d..7832d4f5ce 100644
--- b/src/ftcrfont.c
+++ a/src/ftcrfont.c
@@ -52,11 +52,19 @@
 
   row = glyph / METRICS_NCOLS_PER_ROW;
   col = glyph % METRICS_NCOLS_PER_ROW;
+  fprintf (stderr, "\nglyph %u row %d col %d nrows %d",
+           glyph, row, col, ftcrfont_info->metrics_nrows);
   if (row >= ftcrfont_info->metrics_nrows)
     {
+      fprintf (stderr, " realloc %p %zu", ftcrfont_info->metrics,
+               sizeof (struct font_metrics *) * (row + 1));
       ftcrfont_info->metrics =
        xrealloc (ftcrfont_info->metrics,
                  sizeof (struct font_metrics *) * (row + 1));
+      fprintf (stderr, " memset %p %zu",
+               ftcrfont_info->metrics + ftcrfont_info->metrics_nrows,
+               (sizeof (struct font_metrics *)
+               * (row + 1 - ftcrfont_info->metrics_nrows)));
       memset (ftcrfont_info->metrics + ftcrfont_info->metrics_nrows, 0,
              (sizeof (struct font_metrics *)
               * (row + 1 - ftcrfont_info->metrics_nrows)));
@@ -68,10 +76,15 @@
       int i;
 
       new = xmalloc (sizeof (struct font_metrics) * METRICS_NCOLS_PER_ROW);
+      fprintf (stderr, " malloc %p %zu", new,
+               sizeof (struct font_metrics) * METRICS_NCOLS_PER_ROW);
       for (i = 0; i < METRICS_NCOLS_PER_ROW; i++)
        METRICS_SET_STATUS (new + i, METRICS_INVALID);
       ftcrfont_info->metrics[row] = new;
     }
+  fprintf (stderr, " m %p r %p c %p\n", ftcrfont_info->metrics,
+           ftcrfont_info->metrics[row],
+           ftcrfont_info->metrics[row] + col);
   cache = ftcrfont_info->metrics[row] + col;
 
   if (METRICS_STATUS (cache) == METRICS_INVALID)
@@ -503,8 +516,10 @@
     }
 
   glyphs = alloca (sizeof (cairo_glyph_t) * len);
+  fprintf (stderr, "sz %zu len %d", sizeof (cairo_glyph_t), len);
   for (i = 0; i < len; i++)
     {
+      fprintf (stderr, " from %d i %d", from, i);
       glyphs[i].index = s->char2b[from + i];
       glyphs[i].x = x;
       glyphs[i].y = y;

and repeated the recipe.  IIRC the segfault didn't happen in step 8 the
first time; I had to repeat steps 7-8 a few times before it did, and
this generated a lot of output.  Here are the last few lines:

--8<---------------cut here---------------start------------->8---
glyph 7 row 0 col 7 nrows 1 m 0x5555561a7660 r 0x555556495210 c 0x555556495256

glyph 7 row 0 col 7 nrows 1 m 0x5555561a7660 r 0x555556495210 c 0x555556495256

glyph 63 row 0 col 63 nrows 1 m 0x5555561a7660 r 0x555556495210 c 0x555556495486
sz 24 len 1 from 0 i 0
glyph 3 row 0 col 3 nrows 1 m 0x5555561a7660 r 0x555556495210 c 0x55555649522e
sz 24 len 1 from 0 i 0
glyph 1135 row 8 col 111 nrows 10 m 0x5555562304d0 r 0x2073756c50656d55 c 
0x2073756c506571ab
--8<---------------cut here---------------end--------------->8---

IIRC step 8 segfaulted every time after I removed some of the printfs.
Either way, the pattern is always the same: 'glyph' goes from being a
small number to 1135 or 1153, and the address of ftcrfont_info->metrics
changes.

Any ideas?

Thanks,

-- 
Basil

In GNU Emacs 28.0.50 (build 9, x86_64-pc-linux-gnu, X toolkit, cairo version 
1.16.0, Xaw3d scroll bars)
 of 2020-08-20 built on tabos
Repository revision: f8d3d18168a742691d095a3f0c83512f19621725
Repository branch: master
Windowing system distributor 'The X.Org Foundation', version 11.0.12008000
System Description: Debian GNU/Linux bullseye/sid

Configured using:
 'configure 'CC=ccache gcc' 'CFLAGS=-O0 -g3 -ggdb -gdwarf-4'
 --config-cache --prefix=/home/blc/.local --program-suffix=-dbg
 --enable-checking=yes,glyphs --enable-check-lisp-object-type
 --with-x-toolkit=lucid --with-file-notification=yes --with-x'

Configured features:
XAW3D XPM JPEG TIFF GIF PNG RSVG CAIRO SOUND GPM DBUS GSETTINGS GLIB
NOTIFY INOTIFY ACL LIBSELINUX GNUTLS LIBXML2 FREETYPE HARFBUZZ M17N_FLT
LIBOTF ZLIB TOOLKIT_SCROLL_BARS LUCID X11 XDBE XIM MODULES THREADS
LIBSYSTEMD JSON PDUMPER LCMS2

Important settings:
  value of $LANG: en_IE.UTF-8
  locale-coding-system: utf-8-unix

gdb.txt
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

bug#42943: 28.0.50; Emacsclient crashes in ftcrfont_glyph_extents, Basil L. Contovounesios <=
- bug#42943: 28.0.50; Emacsclient crashes in ftcrfont_glyph_extents, Eli Zaretskii, 2020/08/20
- bug#42943: 28.0.50; Emacsclient crashes in ftcrfont_glyph_extents, Lars Ingebrigtsen, 2020/08/21

Prev by Date: bug#42131: Cannot split to IMAP folders
Next by Date: bug#42944: [feature/native-comp] Build fails with Guix/Nix: Symbol's value as variable is void: auto-save-list-file-prefix
Previous by thread: bug#42131: Cannot split to IMAP folders
Next by thread: bug#42943: 28.0.50; Emacsclient crashes in ftcrfont_glyph_extents
Index(es):
- Date
- Thread