[Bug 1053798] [abrt] gimp: pango_ot_info_get(): gimp-2.8 killed by SIGSEGV

bugzilla at redhat.com bugzilla at redhat.com
Mon Jan 20 16:41:41 UTC 2014 

https://bugzilla.redhat.com/show_bug.cgi?id=1053798

Nils Philippsen <nphilipp at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fonts-bugs at lists.fedoraproj
                   |                            |ect.org,
                   |                            |i18n-bugs at lists.fedoraproje
                   |                            |ct.org, tagoh at redhat.com
          Component|gimp                        |pango
           Assignee|nphilipp at redhat.com         |tagoh at redhat.com



--- Comment #12 from Nils Philippsen <nphilipp at redhat.com> ---
This bug exists in older Fedora releases as well:

Fedora 19: bug #990653
Fedora 18: bug #948292

I'm mentioning the latter because there's a comment in it mentioning that it
only happens with specific fonts:

"Emmett Culley 2013-08-19 22:10:36 EDT

I found that is crashes when a stix font is either selected or even appears in
the scroll window. 

Gimp no longer crashes after removing the stix fonts from my system ."

The issue seems to be in pango, here's part of the backtrace:

--- 8< ---
Thread 1 (Thread 0xb35bf880 (LWP 5239)):
#0  pango_ot_info_get (face=face at entry=0x0) at pango-ot-info.c:91
        _g_boolean_var_ = <optimized out>
        info = <optimized out>
#1  0xb755798f in gimp_font_get_sample_string (font_desc=0xbab60f00,
context=<optimized out>) at gimpfont.c:641
        font = 0xba301600
        tt = <optimized out>
        ot_alts = {-1233602475, -1162584064, -1238862369, -1233954773}
        os2 = <optimized out>
        n_sr_alts = 0
        face = 0x0
--- >8 ---

Notably, font is not NULL but face is. Here's the corresponding GIMP source
code (frame #1):

--- 8< --- app/text/gimpfont.c:636 -----------------------
  font = pango_context_load_font (context, font_desc);

  g_return_val_if_fail (PANGO_IS_FC_FONT (font), "Aa");

  face = pango_fc_font_lock_face (PANGO_FC_FONT (font));
  ot_info = pango_ot_info_get (face);
--- >8 ---------------------------------------------------

I.e. font is the result of pango_context_load_font(), is a valid FcFont object,
but the face returned by pango_fc_font_lock_face() is NULL which subsequently
lets pango_ot_info_get() crash. Changing component accordingly.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=vEW9CT0f48&a=cc_unsubscribe

More information about the fonts-bugs mailing list