Bug 38473 - Segmentation fault in retrieving font outline decomposition
Summary: Segmentation fault in retrieving font outline decomposition
Status: RESOLVED FIXED
Alias: None
Product: classpath
Classification: Unclassified
Component: awt (show other bugs)
Version: unspecified
: P3 major
Target Milestone: 0.98
Assignee: Not yet assigned to anyone
URL:
Keywords:
: 28804 38150 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-12-10 14:37 UTC by Andrew John Hughes
Modified: 2009-02-13 16:26 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2008-12-10 14:50:05


Attachments
Testcase (397 bytes, text/x-java)
2008-12-10 14:37 UTC, Andrew John Hughes
Details
Testcase (397 bytes, text/x-java)
2008-12-10 14:48 UTC, Andrew John Hughes
Details
Add debug info (1.58 KB, patch)
2008-12-10 21:17 UTC, Andrew John Hughes
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew John Hughes 2008-12-10 14:37:03 UTC
A segmentation fault occurs in FT_Outline_Decompose when called by gnu_java_awt_peer_gtk_FreetypeGlyphVector.c.  It appears that the pointer to the array of FT_Vectors representing the points is invalid.

This is from running valgrind on jamvm running the attached test case:

==31913== Thread 7:
==31913== Invalid read of size 8
==31913==    at 0x1312ACE6: FT_Outline_Decompose (ftoutln.c:91)
==31913==    by 0x11564A1A: Java_gnu_java_awt_peer_gtk_FreetypeGlyphVector_getGlyphOutlineNative (gnu_java_awt_peer_gtk_FreetypeGlyphVector.c:419)
==31913==    by 0x41EB4C: ??? (callNative.S:201)
==31913==    by 0x40B019: callJNIWrapper (dll.c:408)
==31913==    by 0x41E674: executeJava (interp.c:2267)
==31913==    by 0x40CA21: executeMethodVaList (execute.c:101)
==31913==    by 0x40CCC2: executeMethodArgs (execute.c:73)
==31913==    by 0x41866B: threadStart (thread.c:552)
==31913==    by 0x54CC06F: start_thread (pthread_create.c:297)
==31913==    by 0x57B294C: clone (in /lib64/libc-2.7.so)
==31913==  Address 0x500000006 is not stack'd, malloc'd or (recently) free'd

Debug output added to *FreetypeGlyphVector.c:

Get glyph for Helvetica
Calling FT_Outline_Decompose with outline 0xdaf4c20, callbacks 0x186afe20 and path 0xdaf4b50
Outline: 1 contours (0xdaf4bb0), 0 points (0x500000006), 65537 flags
Contour 0 = 136

Any idea why the FT_Outline contains invalid data?

This occurs with JamVM and CACAO on current Classpath HEAD, and in gcj 4.3.3:

#0  FT_Outline_Decompose (outline=0x6ddbd8, func_interface=0x42dcca20, user=0x6ddb70)
    at /var/tmp/portage/media-libs/freetype-2.3.7/work/freetype-2.3.7/src/base/ftoutln.c:91
#1  0x00007f670b8a89de in Java_gnu_java_awt_peer_gtk_FreetypeGlyphVector_getGlyphOutlineNative (env=0x6bb1c0, 
    obj=<value optimized out>, glyphIndex=42, fnt=6961936)
    at /var/tmp/portage/sys-devel/gcc-4.3.3/work/gcc-4.3.3/libjava/classpath/native/jni/gtk-peer/gnu_java_awt_peer_gtk_FreetypeGlyphVector.c:392
#2  0x00007f670f4048e2 in gnu::java::awt::peer::gtk::FreetypeGlyphVector::getGlyphOutlineNative ()
   from /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.3/libgcj.so.9
#3  0x00007f670f40565f in gnu::java::awt::peer::gtk::FreetypeGlyphVector::getGlyphOutline ()
   from /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.3/libgcj.so.9
#4  0x00007f670f405a67 in gnu::java::awt::peer::gtk::FreetypeGlyphVector::getOutline ()
   from /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.3/libgcj.so.9
Comment 1 Andrew John Hughes 2008-12-10 14:37:29 UTC
Created attachment 16871 [details]
Testcase
Comment 2 Andrew John Hughes 2008-12-10 14:48:02 UTC
Created attachment 16872 [details]
Testcase
Comment 3 Andrew John Hughes 2008-12-10 14:50:05 UTC
FT_Outline_Decompose can only be applied to glyphs with the outline format:

You can typecast a @FT_Glyph to @FT_OutlineGlyph if you have       */
  /*    `glyph->format == FT_GLYPH_FORMAT_OUTLINE'

Adding a bit more debug code shows:

Glyph format is bitmap.
Comment 4 Andrew John Hughes 2008-12-10 21:17:21 UTC
Created attachment 16878 [details]
Add debug info
Comment 5 Andrew John Hughes 2008-12-10 22:21:03 UTC
Applying minimal fix to avoid the seg. fault.  We really need a way of obtaining an outline for the bitmapped font however.

CVSROOT:        /sources/classpath
Module name:    classpath
Changes by:     Andrew John Hughes <gnu_andrew> 08/12/10 22:19:27

Modified files:
       .              : ChangeLog
       native/jni/gtk-peer: gnu_java_awt_peer_gtk_FreetypeGlyphVector.c

Log message:
       PR38473: Prevent segmentation fault with bitmap fonts.

       2008-12-09  Andrew John Hughes  <gnu_andrew@member.fsf.org>

               PR classpath/38473:
               * native/jni/gtk-peer/gnu_java_awt_peer_gtk_FreetypeGlyphVector.c:
               (Java_gnu_java_awt_peer_gtk_FreetypeGlyphVector_getGlyphOutlineNative):
               Check that the glyph is an outline before calling
               FT_Outline_Decompose.

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/classpath/ChangeLog?cvsroot=classpath&r1=1.9739&r2=1.9740
http://cvs.savannah.gnu.org/viewcvs/classpath/native/jni/gtk-peer/gnu_java_awt_peer_gtk_FreetypeGlyphVector.c?cvsroot=classpath&r1=1.10&r2=1.11
Comment 6 Andrew John Hughes 2008-12-10 22:58:57 UTC
*** Bug 28804 has been marked as a duplicate of this bug. ***
Comment 7 Andrew John Hughes 2008-12-10 23:01:18 UTC
*** Bug 38150 has been marked as a duplicate of this bug. ***
Comment 8 gandalf@gcc.gnu.org 2009-01-06 22:44:22 UTC
Subject: Bug 38473

Author: gandalf
Date: Tue Jan  6 22:44:05 2009
New Revision: 143139

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=143139
Log:
Merge GNU Classpath libgcj-snapshot-20090102.

2009-01-06  Andrew John Hughes  <gnu_andrew@member.fsf.org>

	Import GNU Classpath (libgcj-snapshot-20090102).

	* libjava/classpath/lib/java/text/RuleBasedCollator$CollationSorter.class,
	* libjava/classpath/lib/java/text/MessageFormat$MessageFormatElement.class,
	* libjava/classpath/lib/java/text/MessageFormat.class,
	* libjava/classpath/lib/java/text/SimpleDateFormat.class,
	* libjava/classpath/lib/java/text/NumberFormat.class,
	* libjava/classpath/lib/java/text/RuleBasedCollator$CollationElement.class,
	* libjava/classpath/lib/java/text/MessageFormat$Field.class,
	* libjava/classpath/lib/java/text/RuleBasedCollator.class,
	* libjava/classpath/lib/java/text/NumberFormat$Field.class,
	* libjava/classpath/lib/gnu/xml/transform/Bindings.class,
	* libjava/classpath/lib/gnu/java/locale/LocaleData.class,
	* libjava/classpath/lib/gnu/java/awt/peer/gtk/FreetypeGlyphVector.class,
	* libjava/classpath/lib/gnu/javax/crypto/jce/key/SecretKeyGeneratorImpl.class,
	* libjava/gnu/java/awt/peer/gtk/FreetypeGlyphVector.h,
	* libjava/java/text/MessageFormat.h,
	* libjava/java/text/RuleBasedCollator$CollationSorter.h,
	* libjava/java/text/RuleBasedCollator.h,
	* libjava/java/text/SimpleDateFormat.h:
	Regenerated.

2009-01-02  Andrew John Hughes  <gnu_andrew@member.fsf.org>

       * ChangeLog-2008: New file.

2009-01-02  Andrew John Hughes  <gnu_andrew@member.fsf.org>

       * java/text/MessageFormat.java:
       (setLocale(Locale)): Integer format should use
       NumberFormat.getIntegerInstance.

libjava/classpath/ChangeLog-2008

2008-12-31  Andrew John Hughes  <gnu_andrew@member.fsf.org>

       * java/text/MessageFormat.java:
       (parse(String,ParsePosition)): Emulate behaviour
       of Vector's setSize() which was being implicitly relied on.

2008-12-31  Andrew John Hughes  <gnu_andrew@member.fsf.org>

       * java/text/SimpleDateFormat.java:
       Remove superfluous empty line introduced
       in last commit.

2008-12-31  Andrew John Hughes  <gnu_andrew@member.fsf.org>

       * java/text/MessageFormat.java:
       Convert variables to use generic types, use
       CPStringBuilder in place of StringBuilder.
       (Field()): Suppress warning due to only being used by
       deserialization.
       (scanFormat(String,int,CPStringBuilder,List,Locale)):
       Use ArrayList instead of Vector as no synchronisation needed.
       (parse(String,ParsePosition)): Likewise.
       * java/text/NumberFormat.java:
       (Field()): Suppress warning due to only being used by
       deserialization.
       * java/text/RuleBasedCollator.java:
       Convert variables to use generic types.
       (CollationElement): Make fields final.
       (CollationSorter): Likewise.
       (CollationSorter(int,String,int,boolean)): New constructor.
       * java/text/SimpleDateFormat.java,
       Convert variables to use generic types.
       (applyPattern(String)): Clear list rather than creating a new instance.

2008-12-30  Andrew John Hughes  <gnu_andrew@member.fsf.org>

       * java/text/SimpleDateFormat.java:
       (standardChars): Use standard characters from CLDR.
       (RFC822_TIMEZONE_FIELD): Fixed to match new standard
       characters.

2008-12-22  Andrew John Hughes  <gnu_andrew@member.fsf.org>

       * java/lang/String.java:
       (byte[],int,int,String): Call new Charset method.
       (stringToCharset(String)): Private method added to
       handle exception conversion.
       (byte[],int,int,Charset): Implemented.
       (byte[], Charset): Likewise.
       (getBytes(String)): Call new Charset method.
       (getBytes(Charset)): Implemented.

2008-12-18  Andrew John Hughes  <gnu_andrew@member.fsf.org>

       * native/jni/gtk-peer/gnu_java_awt_peer_gtk_FreetypeGlyphVector.c:
       Include '\0' in the string.

2008-12-09  Andrew John Hughes  <gnu_andrew@member.fsf.org>

       PR classpath/38473:
       * native/jni/gtk-peer/gnu_java_awt_peer_gtk_FreetypeGlyphVector.c:
       (Java_gnu_java_awt_peer_gtk_FreetypeGlyphVector_getGlyphOutlineNative):
       Check that the glyph is an outline before calling
       FT_Outline_Decompose.

2008-11-16  Andrew John Hughes  <gnu_andrew@member.fsf.org>

       * gnu/xml/transform/Bindings.java:
       Add generics to collections.

2008-11-16  Andrew John Hughes  <gnu_andrew@member.fsf.org>

       * gnu/javax/crypto/jce/key/SecretKeyGeneratorImpl.java:
       (init(int,SecureRandom)): Improve exception message.

2008-11-06  Mark Wielaard  <mark@klomp.org>

       * native/jni/gtk-peer/gnu_java_awt_peer_gtk_FreetypeGlyphVector.c
       (getKerning): Removed unused cls, method, values.

2008-11-05  Andrew Haley  <aph@redhat.com>

       * gnu/java/awt/peer/gtk/FreetypeGlyphVector.java (getKerning):
       Return result in a float[], not a Point2D.
       (performDefaultLayout): Call getKerning with a float[].
       * native/jni/gtk-peer/gnu_java_awt_peer_gtk_FreetypeGlyphVector.c
       (getKerning): Return result in a float[], not a Point2D.

2008-11-05  Andrew Haley  <aph@redhat.com>

       * tools/Makefile.am (UPDATE_TOOLS_ZIP, CREATE_TOOLS_ZIP): Exclude
       .svn direcories.

2008-10-23  David Edelsohn  <edelsohn@gnu.org>

       * native/fdlibm/fdlibm.h: Undef hz.

2008-10-20  Andrew John Hughes  <gnu_andrew@member.fsf.org>

       * m4/ac_prog_antlr.m4:
       Remove redundant checks.
       * tools/Makefile.am:
       Use gjdoc_gendir when calling antlr.

2008-10-17  Robert Lougher  <rob.lougher@gmail.com>

       * native/jni/gtk-peer/gnu_java_awt_peer_gtk_CairoGraphics2D.c
       (Java_gnu_java_awt_peer_gtk_CairoGraphics2D_cairoDrawGlyphVector):
       Release 'fonts'.

2008-10-16  Tom Tromey  <tromey@redhat.com>

       * tools/gnu/classpath/tools/jar/WorkSet.java (initSet): Use
       foreach.  Change argument type.
       (WorkSet): Change argument type.
       * tools/gnu/classpath/tools/jar/Indexer.java (indexJarFile): Use
       foreach.
       * tools/gnu/classpath/tools/jar/Creator.java
       (writeCommandLineEntries): Use foreach.
       (getAllEntries): Likewise.

2008-10-15  Andrew John Hughes  <gnu_andrew@member.fsf.org>

       * configure.ac:
       Remove superfluous AC_PROG_JAVA call.


Added:
    trunk/libjava/classpath/ChangeLog-2008
Modified:
    trunk/libjava/ChangeLog
    trunk/libjava/classpath/ChangeLog
    trunk/libjava/classpath/ChangeLog.gcj
    trunk/libjava/classpath/INSTALL
    trunk/libjava/classpath/doc/texinfo.tex
    trunk/libjava/classpath/gnu/javax/crypto/jce/key/SecretKeyGeneratorImpl.java
    trunk/libjava/classpath/gnu/xml/transform/Bindings.java
    trunk/libjava/classpath/java/lang/String.java
    trunk/libjava/classpath/java/text/MessageFormat.java
    trunk/libjava/classpath/java/text/NumberFormat.java
    trunk/libjava/classpath/java/text/RuleBasedCollator.java
    trunk/libjava/classpath/java/text/SimpleDateFormat.java
    trunk/libjava/classpath/lib/gnu/java/awt/peer/gtk/FreetypeGlyphVector.class
    trunk/libjava/classpath/lib/gnu/java/locale/LocaleData.class
    trunk/libjava/classpath/lib/gnu/javax/crypto/jce/key/SecretKeyGeneratorImpl.class
    trunk/libjava/classpath/lib/gnu/xml/transform/Bindings.class
    trunk/libjava/classpath/lib/java/text/MessageFormat$Field.class
    trunk/libjava/classpath/lib/java/text/MessageFormat$MessageFormatElement.class
    trunk/libjava/classpath/lib/java/text/MessageFormat.class
    trunk/libjava/classpath/lib/java/text/NumberFormat$Field.class
    trunk/libjava/classpath/lib/java/text/NumberFormat.class
    trunk/libjava/classpath/lib/java/text/RuleBasedCollator$CollationElement.class
    trunk/libjava/classpath/lib/java/text/RuleBasedCollator$CollationSorter.class
    trunk/libjava/classpath/lib/java/text/RuleBasedCollator.class
    trunk/libjava/classpath/lib/java/text/SimpleDateFormat.class
    trunk/libjava/classpath/native/jni/gtk-peer/gnu_java_awt_peer_gtk_FreetypeGlyphVector.c
    trunk/libjava/gnu/java/awt/peer/gtk/FreetypeGlyphVector.h
    trunk/libjava/java/text/MessageFormat.h
    trunk/libjava/java/text/RuleBasedCollator$CollationSorter.h
    trunk/libjava/java/text/RuleBasedCollator.h
    trunk/libjava/java/text/SimpleDateFormat.h

Comment 9 Andrew John Hughes 2009-02-13 16:26:44 UTC
Fix in 0.98.