Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: Invalid memory access in Fontconfig
https://bugzilla.redhat.com/show_bug.cgi?id=754688
Summary: Invalid memory access in Fontconfig
Product: Fedora
Version: 16
Platform: x86_64
OS/Version: Linux
Status: NEW
Severity: unspecified
Priority: unspecified
Component: fontconfig
AssignedTo: behdad(a)fedoraproject.org
ReportedBy: andris.pavenis(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: tagoh(a)redhat.com, behdad(a)fedoraproject.org,
pnemade(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org
Classification: Fedora
Story Points: ---
Type: ---
Description of problem:
Noticed invalid memory access in libfontconfig.so.1.4.4 when using Cairo for
generating PDF document. Also reproduced the same program running gnome-about
under valgrind (part of messages included many regarding using uninitialized
memory are skipped below):
==16607== Invalid read of size 4
==16607== at 0x3A2D608083: ??? (in /usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D60A447: FcConfigFilename (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D61D965: FcConfigParseAndLoad (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D6130C6: FcInitLoadConfig (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D6131B5: FcInitLoadConfigAndFonts (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D6133D4: FcInit (in /usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D60882C: FcConfigGetCurrent (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D60A20F: FcConfigSubstituteWithPat (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x37032093BF: ??? (in /usr/lib64/libpangocairo-1.0.so.0.2904.0)
==16607== by 0x3A30C0AC48: ??? (in /usr/lib64/libpangoft2-1.0.so.0.2904.0)
==16607== by 0x3A33619DE4: ??? (in /usr/lib64/libpango-1.0.so.0.2904.0)
==16607== by 0x3A3361ACF7: pango_itemize_with_base_dir (in
/usr/lib64/libpango-1.0.so.0.2904.0)
==16607== Address 0x11738934 is 20 bytes inside a block of size 22 alloc'd
==16607== at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==16607== by 0x3A2D607FDC: ??? (in /usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D60A447: FcConfigFilename (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D61D965: FcConfigParseAndLoad (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D6130C6: FcInitLoadConfig (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D6131B5: FcInitLoadConfigAndFonts (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D6133D4: FcInit (in /usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D60882C: FcConfigGetCurrent (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D60A20F: FcConfigSubstituteWithPat (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x37032093BF: ??? (in /usr/lib64/libpangocairo-1.0.so.0.2904.0)
==16607== by 0x3A30C0AC48: ??? (in /usr/lib64/libpangoft2-1.0.so.0.2904.0)
==16607== by 0x3A33619DE4: ??? (in /usr/lib64/libpango-1.0.so.0.2904.0)
==16607==
==16607== Invalid read of size 4
==16607== at 0x3A2D608098: ??? (in /usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D60A447: FcConfigFilename (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D61D965: FcConfigParseAndLoad (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D61E04D: ??? (in /usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2CA0A68A: doContent (xmlparse.c:2449)
==16607== by 0x3A2CA0B8CD: contentProcessor (xmlparse.c:2022)
==16607== by 0x3A2CA0878E: doProlog (xmlparse.c:3908)
==16607== by 0x3A2CA0A11A: prologProcessor (xmlparse.c:3635)
==16607== by 0x3A2CA0D6E1: XML_ParseBuffer (xmlparse.c:1573)
==16607== by 0x3A2D61DAC0: FcConfigParseAndLoad (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D6130C6: FcInitLoadConfig (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D6131B5: FcInitLoadConfigAndFonts (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== Address 0x1173ffb0 is 16 bytes inside a block of size 18 alloc'd
==16607== at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==16607== by 0x3A2D607FDC: ??? (in /usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D60A447: FcConfigFilename (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D61D965: FcConfigParseAndLoad (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D61E04D: ??? (in /usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2CA0A68A: doContent (xmlparse.c:2449)
==16607== by 0x3A2CA0B8CD: contentProcessor (xmlparse.c:2022)
==16607== by 0x3A2CA0878E: doProlog (xmlparse.c:3908)
==16607== by 0x3A2CA0A11A: prologProcessor (xmlparse.c:3635)
==16607== by 0x3A2CA0D6E1: XML_ParseBuffer (xmlparse.c:1573)
==16607== by 0x3A2D61DAC0: FcConfigParseAndLoad (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607== by 0x3A2D6130C6: FcInitLoadConfig (in
/usr/lib64/libfontconfig.so.1.4.4)
==16607==
=
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. valgrind --undef-value-errors=no gnome-about
2.
3.
Actual results:
Error messages like above.
Additional error messages from /usr/lib64/gtk-2.0/2.10.0/engines/libqtcurve.so
about accessing memory after free(), but it is not related to fontconfig
Expected results:
Valgrind does not report error messages
--
Configure bugmail:
https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.