Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. Summary: Invalid memory access in Fontconfig https://bugzilla.redhat.com/show_bug.cgi?id=754688 Summary: Invalid memory access in Fontconfig Product: Fedora Version: 16 Platform: x86_64 OS/Version: Linux Status: NEW Severity: unspecified Priority: unspecified Component: fontconfig AssignedTo: behdad(a)fedoraproject.org ReportedBy: andris.pavenis(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: tagoh(a)redhat.com, behdad(a)fedoraproject.org, pnemade(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org Classification: Fedora Story Points: --- Type: --- Description of problem: Noticed invalid memory access in libfontconfig.so.1.4.4 when using Cairo for generating PDF document. Also reproduced the same program running gnome-about under valgrind (part of messages included many regarding using uninitialized memory are skipped below): ==16607== Invalid read of size 4 ==16607== at 0x3A2D608083: ??? (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D60A447: FcConfigFilename (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D61D965: FcConfigParseAndLoad (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D6130C6: FcInitLoadConfig (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D6131B5: FcInitLoadConfigAndFonts (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D6133D4: FcInit (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D60882C: FcConfigGetCurrent (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D60A20F: FcConfigSubstituteWithPat (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x37032093BF: ??? (in /usr/lib64/libpangocairo-1.0.so.0.2904.0) ==16607== by 0x3A30C0AC48: ??? (in /usr/lib64/libpangoft2-1.0.so.0.2904.0) ==16607== by 0x3A33619DE4: ??? (in /usr/lib64/libpango-1.0.so.0.2904.0) ==16607== by 0x3A3361ACF7: pango_itemize_with_base_dir (in /usr/lib64/libpango-1.0.so.0.2904.0) ==16607== Address 0x11738934 is 20 bytes inside a block of size 22 alloc'd ==16607== at 0x4A074CD: malloc (vg_replace_malloc.c:236) ==16607== by 0x3A2D607FDC: ??? (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D60A447: FcConfigFilename (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D61D965: FcConfigParseAndLoad (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D6130C6: FcInitLoadConfig (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D6131B5: FcInitLoadConfigAndFonts (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D6133D4: FcInit (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D60882C: FcConfigGetCurrent (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D60A20F: FcConfigSubstituteWithPat (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x37032093BF: ??? (in /usr/lib64/libpangocairo-1.0.so.0.2904.0) ==16607== by 0x3A30C0AC48: ??? (in /usr/lib64/libpangoft2-1.0.so.0.2904.0) ==16607== by 0x3A33619DE4: ??? (in /usr/lib64/libpango-1.0.so.0.2904.0) ==16607== ==16607== Invalid read of size 4 ==16607== at 0x3A2D608098: ??? (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D60A447: FcConfigFilename (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D61D965: FcConfigParseAndLoad (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D61E04D: ??? (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2CA0A68A: doContent (xmlparse.c:2449) ==16607== by 0x3A2CA0B8CD: contentProcessor (xmlparse.c:2022) ==16607== by 0x3A2CA0878E: doProlog (xmlparse.c:3908) ==16607== by 0x3A2CA0A11A: prologProcessor (xmlparse.c:3635) ==16607== by 0x3A2CA0D6E1: XML_ParseBuffer (xmlparse.c:1573) ==16607== by 0x3A2D61DAC0: FcConfigParseAndLoad (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D6130C6: FcInitLoadConfig (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D6131B5: FcInitLoadConfigAndFonts (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== Address 0x1173ffb0 is 16 bytes inside a block of size 18 alloc'd ==16607== at 0x4A074CD: malloc (vg_replace_malloc.c:236) ==16607== by 0x3A2D607FDC: ??? (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D60A447: FcConfigFilename (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D61D965: FcConfigParseAndLoad (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D61E04D: ??? (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2CA0A68A: doContent (xmlparse.c:2449) ==16607== by 0x3A2CA0B8CD: contentProcessor (xmlparse.c:2022) ==16607== by 0x3A2CA0878E: doProlog (xmlparse.c:3908) ==16607== by 0x3A2CA0A11A: prologProcessor (xmlparse.c:3635) ==16607== by 0x3A2CA0D6E1: XML_ParseBuffer (xmlparse.c:1573) ==16607== by 0x3A2D61DAC0: FcConfigParseAndLoad (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== by 0x3A2D6130C6: FcInitLoadConfig (in /usr/lib64/libfontconfig.so.1.4.4) ==16607== = Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. valgrind --undef-value-errors=no gnome-about 2. 3. Actual results: Error messages like above. Additional error messages from /usr/lib64/gtk-2.0/2.10.0/engines/libqtcurve.so about accessing memory after free(), but it is not related to fontconfig Expected results: Valgrind does not report error messages -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.