search

bohoomil / fontconfig-ultimate

freetype2-infinality run-time settings => infinality compatible fontconfig => infinality-bundle
454 stars 38 forks source link

Crash in freetype with certain poppler-qt usage #133

Closed hpdeifel closed 8 years ago

hpdeifel commented 8 years ago

Rendering a specific PDF using poppler-qt4 with certain hinting settings, freetype crashes in af_latin_compute_stem_width, in src/autofit/aflatin.c:2256 because it tries to call strstr on metrics->root.scaler.face->style_name, which is NULL in this case.

This only happens with the infinality patches, not with vanilla freetype. We were able to extract a minimal example to reproduce this bug. It can be found in my github repo.

A simple

./build.sh

should build and run the example code causing the segfault.

The resulting stacktrace is the following:

#0  0x00007ffff606fa0e in __strstr_sse2 () from /usr/lib/libc.so.6
#1  0x00007ffff49f9859 in af_latin_compute_stem_width (dim=dim@entry=AF_DIMENSION_VERT, width=width@entry=94, base_flags=base_flags@entry=0, stem_flags=<optimized out>, hints=0x7fffffff9b60, hints=0x7fffffff9b60)
    at /home/hpd/Entwicklung/src/freetype-2.6.2/src/autofit/aflatin.c:2256
#2  0x00007ffff4a46e71 in af_latin_hint_edges (dim=<optimized out>, hints=0x7fffffff9b60) at /home/hpd/Entwicklung/src/freetype-2.6.2/src/autofit/aflatin.c:2755
#3  af_latin_hints_apply (glyph_index=<optimized out>, hints=0x7fffffff9b60, outline=<optimized out>, metrics=<optimized out>) at /home/hpd/Entwicklung/src/freetype-2.6.2/src/autofit/aflatin.c:3120
#4  0x00007ffff4a48761 in af_loader_load_g (scaler=0x7fffffff9ab0, load_flags=<optimized out>, glyph_index=<optimized out>, loader=0x7fffffff9ae0) at /home/hpd/Entwicklung/src/freetype-2.6.2/src/autofit/afloader.c:291
#5  af_loader_load_glyph (load_flags=<optimized out>, gindex=<optimized out>, face=<optimized out>, module=<optimized out>, loader=0x7fffffff9ae0) at /home/hpd/Entwicklung/src/freetype-2.6.2/src/autofit/afloader.c:538
#6  af_autofitter_load_glyph (module=<optimized out>, slot=<optimized out>, size=<optimized out>, glyph_index=<optimized out>, load_flags=<optimized out>) at /home/hpd/Entwicklung/src/freetype-2.6.2/src/autofit/afmodule.c:449
#7  0x00007ffff4a00f95 in FT_Load_Glyph (face=0x6e8300, glyph_index=1, load_flags=65536) at /home/hpd/Entwicklung/src/freetype-2.6.2/src/base/ftobjs.c:782
#8  0x00007ffff5d263aa in SplashFTFont::makeGlyph(int, int, int, SplashGlyphBitmap*, int, int, SplashClip*, SplashClipResult*) () from /usr/lib/libpoppler.so.58
#9  0x00007ffff5d2780a in SplashFont::getGlyph(int, int, int, SplashGlyphBitmap*, int, int, SplashClip*, SplashClipResult*) () from /usr/lib/libpoppler.so.58
#10 0x00007ffff5d15eba in Splash::fillChar(double, double, int, SplashFont*) () from /usr/lib/libpoppler.so.58
#11 0x00007ffff5c29d05 in SplashOutputDev::drawChar(GfxState*, double, double, double, double, double, double, unsigned int, int, unsigned int*, int) () from /usr/lib/libpoppler.so.58
#12 0x00007ffff5c78a23 in Gfx::doShowText(GooString*) () from /usr/lib/libpoppler.so.58
#13 0x00007ffff5c79305 in Gfx::opShowText(Object*, int) () from /usr/lib/libpoppler.so.58
#14 0x00007ffff5c7172e in Gfx::go(bool) () from /usr/lib/libpoppler.so.58
#15 0x00007ffff5c71bd0 in Gfx::display(Object*, bool) () from /usr/lib/libpoppler.so.58
#16 0x00007ffff5c71f8a in Gfx::drawForm(Object*, Dict*, double*, double*, bool, bool, GfxColorSpace*, bool, bool, bool, Function*, GfxColor*) () from /usr/lib/libpoppler.so.58
#17 0x00007ffff5c76f3e in Gfx::doForm(Object*) () from /usr/lib/libpoppler.so.58
#18 0x00007ffff5c774ab in Gfx::opXObject(Object*, int) () from /usr/lib/libpoppler.so.58
#19 0x00007ffff5c7172e in Gfx::go(bool) () from /usr/lib/libpoppler.so.58
#20 0x00007ffff5c71bd0 in Gfx::display(Object*, bool) () from /usr/lib/libpoppler.so.58
#21 0x00007ffff5cb7d15 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) () from /usr/lib/libpoppler.so.58
#22 0x00007ffff7b9efb1 in Poppler::Page::renderToImage(double, double, int, int, int, int, Poppler::Page::Rotation) const () from /usr/lib/libpoppler-qt4.so.4
#23 0x0000000000400f4b in main (argc=2, argv=0x7fffffffe1f8) at test.cpp:22

I'm using the fontconfig-infinality-ultimate package version 2.11.1-30 from Archlinux's infinality-bundle repository, poppler-qt4-0.39.0 and qt-4.8.7.

mviikki16 commented 8 years ago

I saw this after opening issue #138... please apply the patch from there, it should take care of this problem.