[Bug 749218] New: Memory error detected by glibc

bugzilla at redhat.com bugzilla at redhat.com
Wed Oct 26 14:09:02 UTC 2011 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: Memory error detected by glibc

https://bugzilla.redhat.com/show_bug.cgi?id=749218

           Summary: Memory error detected by glibc
           Product: Fedora
           Version: 16
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: unspecified
          Priority: unspecified
         Component: freetype
        AssignedTo: mkasik at redhat.com
        ReportedBy: m.amazirh at gmail.com
         QAContact: extras-qa at fedoraproject.org
                CC: behdad at fedoraproject.org, kevin at tigcc.ticalc.org,
                    fonts-bugs at lists.fedoraproject.org, mkasik at redhat.com
    Classification: Fedora
      Story Points: ---
              Type: ---


Description of problem:
A memory problem shows up when using freetype with libass, which causes (for
example) mplayer to quit when trying to play video files with SSA subtitles
using -ass parameter. 
On opensuse 11.4 the C program I provided as an attachement works without
problems. But on Fedora 16, it crashes.
I built the C program with the default libass library and with version 0.9.11
(which is the same used in opensuse 11.4 ). In both cases the program crashes.
So I guess it's a freetype bug.

to build the C program : 
gcc -o test_ssa -lass test_ssa.c
To test the C program :
./test_ssa neoin.ssa


Version-Release number of selected component (if applicable):


How reproducible:
build the example program (see the attachments).
launch it with the subtitle file as an argument

Steps to Reproduce:
1../test_ssa noein.ssa
2.
3.

Actual results:

*** glibc detected *** ./ssa_test: free(): invalid next size (fast): 0x097b6cf8
***
======= Backtrace: =========
/lib/libc.so.6[0x46b04f92]
/usr/lib/libfreetype.so.6[0x4ceacc2c]
/usr/lib/libfreetype.so.6(ft_mem_free+0x1a)[0x4ceb1f2a]
/usr/lib/libfreetype.so.6(FT_Outline_Done_Internal+0xb3)[0x4ceb2e83]
/usr/lib/libfreetype.so.6(FT_Outline_Done+0x2f)[0x4ceb2ebf]
/usr/lib/libfreetype.so.6[0x4ceb8f75]
/usr/lib/libfreetype.so.6(FT_Done_Glyph+0x36)[0x4ceb9326]
/usr/lib/libass.so.4(+0x5ee9)[0xbb4ee9]
/usr/lib/libass.so.4(+0x68b2)[0xbb58b2]
/usr/lib/libass.so.4(+0x6dfc)[0xbb5dfc]
/usr/lib/libass.so.4(+0x6e36)[0xbb5e36]
/usr/lib/libass.so.4(ass_render_frame+0x20c)[0xbbafac]
./ssa_test[0x8048ad1]
/lib/libc.so.6(__libc_start_main+0xf3)[0x46aa86b3]
./ssa_test[0x8048731]
======= Memory map: ========
00b0c000-00b0d000 r-xp 00000000 00:00 0          [vdso]
00baf000-00bc9000 r-xp 00000000 fd:01 1978410    /usr/lib/libass.so.4.1.0
00bc9000-00bca000 rw-p 0001a000 fd:01 1978410    /usr/lib/libass.so.4.1.0
08048000-08049000 r-xp 00000000 fd:01 1319061    /home/mohamed/ssa_test
08049000-0804a000 rw-p 00000000 fd:01 1319061    /home/mohamed/ssa_test
09300000-09c8c000 rw-p 00000000 00:00 0          [heap]
46a6a000-46a8b000 r-xp 00000000 fd:01 527033     /lib/ld-2.14.90.so
46a8b000-46a8c000 r--p 00020000 fd:01 527033     /lib/ld-2.14.90.so
46a8c000-46a8d000 rw-p 00021000 fd:01 527033     /lib/ld-2.14.90.so
46a8f000-46c34000 r-xp 00000000 fd:01 527034     /lib/libc-2.14.90.so
46c34000-46c36000 r--p 001a5000 fd:01 527034     /lib/libc-2.14.90.so
46c36000-46c37000 rw-p 001a7000 fd:01 527034     /lib/libc-2.14.90.so
46c37000-46c3a000 rw-p 00000000 00:00 0 
46c60000-46c89000 r-xp 00000000 fd:01 528541     /lib/libm-2.14.90.so
46c89000-46c8a000 r--p 00028000 fd:01 528541     /lib/libm-2.14.90.so
46c8a000-46c8b000 rw-p 00029000 fd:01 528541     /lib/libm-2.14.90.so
46c8d000-46ca9000 r-xp 00000000 fd:01 527036    
/lib/libgcc_s-4.6.1-20111002.so.1
46ca9000-46caa000 rw-p 0001b000 fd:01 527036    
/lib/libgcc_s-4.6.1-20111002.so.1
471a3000-471c9000 r-xp 00000000 fd:01 530133     /lib/libexpat.so.1.5.2
471c9000-471cb000 rw-p 00026000 fd:01 530133     /lib/libexpat.so.1.5.2
47501000-47526000 r-xp 00000000 fd:01 1990246    /usr/lib/libenca.so.0.5.1
47526000-47529000 rw-p 00025000 fd:01 1990246    /usr/lib/libenca.so.0.5.1
4cea3000-4cf3b000 r-xp 00000000 fd:01 1981890    /usr/lib/libfreetype.so.6.7.1
4cf3b000-4cf3f000 r--p 00097000 fd:01 1981890    /usr/lib/libfreetype.so.6.7.1
4cf3f000-4cf40000 rw-p 0009b000 fd:01 1981890    /usr/lib/libfreetype.so.6.7.1
4cf42000-4cf75000 r-xp 00000000 fd:01 1982077   
/usr/lib/libfontconfig.so.1.4.4
4cf75000-4cf76000 rw-p 00033000 fd:01 1982077   
/usr/lib/libfontconfig.so.1.4.4
b76d5000-b771c000 rw-p 00000000 00:00 0 
b7788000-b7789000 rw-p 00000000 00:00 0 
b7789000-b7792000 r--p 00000000 fd:01 1318659   
/home/mohamed/.fonts/harabara.ttf
b7792000-b77aa000 r--p 00000000 fd:01 1318683   
/home/mohamed/.fonts/leelawad.ttf
b77aa000-b77c2000 r--p 00000000 fd:01 1319012   
/home/mohamed/.fonts/leelawdb.ttf
b77c2000-b77c3000 r--s 00000000 fd:01 267393    
/var/cache/fontconfig/87f5e051180a7a75f16eb6fe7dbd3749-le32d4.cache-3
b77c3000-b77c9000 r--s 00000000 fd:01 266622    
/var/cache/fontconfig/b79f3aaa7d385a141ab53ec885cc22a8-le32d4.cache-3
b77c9000-b77cb000 r--s 00000000 fd:01 268997    
/var/cache/fontconfig/0b1bcc92b4d25cc154d77dafe3bceaa0-le32d4.cache-3
b77cb000-b77cd000 r--s 00000000 fd:01 268950    
/var/cache/fontconfig/2e1514a9fdd499050989183bb65136db-le32d4.cache-3
b77cd000-b77cf000 r--s 00000000 fd:01 269007    
/var/cache/fontconfig/5c755b2f27115486aa6359c84dd3cbda-le32d4.cache-3
b77cf000-b77d0000 r--s 00000000 fd:01 270600    
/var/cache/fontconfig/3f821257dd33660ba7bbb45c32deb84c-le32d4.cache-3
b77d0000-b77d2000 r--s 00000000 fd:01 268963    
/var/cache/fontconfig/830f035fa84a65ce80e050178dbb630d-le32d4.cache-3
b77d2000-b77d3000 r--s 00000000 fd:01 268975    
/var/cache/fontconfig/81a173283b451552b599cfaafd6236bd-le32d4.cache-3
b77d3000-b77d4000 r--s 00000000 fd:01 269032    
/var/cache/fontconfig/ac68f755438cc3dc5a526084839fc7ca-le32d4.cache-3
b77d4000-b77d5000 r--s 00000000 fd:01 269028    
/var/cache/fontconfig/12513961c6e7090f8648812f9eaf65d6-le32d4.cache-3
b77d5000-b77d7000 r--s 00000000 fd:01 268994    
/var/cache/fontconfig/e26bf336397aae6fcef4d3803472adec-le32d4.cache-3
b77d7000-b77d8000 r--s 00000000 fd:01 269019    
/var/cache/fontconfig/a5c2dc934fad9bbf30c854216245519d-le32d4.cache-3
b77d8000-b77d9000 r--s 00000000 fd:01 269016    
/var/cache/fontconfig/17e60ccdf2eb53b214a9a5d6663eb217-le32d4.cache-3
b77d9000-b77da000 r--s 00000000 fd:01 270598    
/var/cache/fontconfig/6fcb01a03a016cc71057b587cdea6709-le32d4.cache-3
b77da000-b77db000 r--s 00000000 fd:01 268978    
/var/cache/fontconfig/b887eea8f1b96e1d899b44ed6681fc27-le32d4.cache-3
b77db000-b77dc000 r--s 00000000 fd:01 268957    
/var/cache/fontconfig/860639f272b8b4b3094f9e399e41bccd-le32d4.cache-3
b77dc000-b77dd000 r--s 00000000 fd:01 268954    
/var/cache/fontconfig/211368abcb0ff835c229ff05c9ec01dc-le32d4.cache-3
b77dd000-b77de000 r--s 00000000 fd:01 268952    
/var/cache/fontconfig/c46020d7221988a13df853d2b46304fc-le32d4.cache-3
b77de000-b77df000 r--s 00000000 fd:01 268972    
/var/cache/fontconfig/df893b4576ad6107f9397134092c4059-le32d4.cache-3
b77df000-b7814000 rw-p 00000000 00:00 0 
b7814000-b7815000 r--s 00000000 fd:01 268969    
/var/cache/fontconfig/900402270e15d763a6e008bb2d4c7686-le32d4.cache-3
b7815000-b7816000 r--s 00000000 fd:01 269025    
/var/cache/fontconfig/47f48679023f44a4d1e44699a69464f6-le32d4.cache-3
b7816000-b7817000 r--s 00000000 fd:01 269000    
/var/cache/fontconfig/2881ed3fd21ca306ddad6f9b0dd3189f-le32d4.cache-3
b7817000-b7818000 r--s 00000000 fd:01 269003    
/var/cache/fontconfig/3c3fb04d32a5211b073874b125d29701-le32d4.cache-3
b7818000-b7819000 r--s 00000000 fd:01 268986    
/var/cache/fontconfig/e61abf8156cc476151baa07d67337cae-le32d4.cache-3
b7819000-b781c000 r--s 00000000 fd:01 266540    
/var/cache/fontconfig/b67b32625a2bb51b023d3814a918f351-le32d4.cache-3
b781c000-b781d000 r--s 00000000 fd:01 268983    
/var/cache/fontconfig/d3379abda271c4acd2ad0c01f565d0b0-le32d4.cache-3
b781d000-b781e000 r--s 00000000 fd:01 268966    
/var/cache/fontconfig/b4d0b56f766d89640448751fcd18ec1e-le32d4.cache-3
b781e000-b7825000 r--s 00000000 fd:01 266539    
/var/cache/fontconfig/12b26b760a24f8b4feb03ad48a333a72-le32d4.cache-3
b7825000-b782b000 r--s 00000000 fd:01 269022    
/var/cache/fontconfig/928306c3ad40271d946e41014a49fc28-le32d4.cache-3
b782b000-b782c000 r--s 00000000 fd:01 266206    
/var/cache/fontconfig/3640555adad8a8f6978400293cfce7ab-le32d4.cache-3
b782c000-b7831000 r--s 00000000 fd:01 1319179   
/home/mohamed/.fontconfig/d457b820a07d0a8f98c85d1f8afad8f0-le32d4.cache-3
b7831000-b7833000 rw-p 00000000 00:00 0 
bf916000-bf937000 rw-p 00000000 00:00 0          [stack]
Aborted (core dumped)

Expected results:

Clean exit

Additional info:

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the fonts-bugs mailing list