[cairo-bugs] [Bug 105746] SIGABRT in _cairo_ft_unscaled_font_create_internal

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Thu Mar 29 17:35:52 UTC 2018


--- Comment #2 from Uli Schlachter <psychon at znc.in> ---
Thanks for the patch. However, it looks like it tries to fix a null pointer
dereference (SIGSEGV). However, this bug report is about an assertion failure
The failing assertion is

  assert (unscaled->base.hash_entry.hash == key.base.hash_entry.hash);

What the code does is: It first checks the cache (a hash table) for an entry.
If no entry is found, it creates a new unscaled font. The assertion here is
that the hash code of this new unscaled font is the same as what was used for
the negative lookup before.

The hash code is calculated based on the "id" argument to
_cairo_ft_unscaled_font_init(). However, your patch uses face->face_index
instead for calculating the hash code. Thus, if face->face_index != id, there
is a non-zero chance of a different hash code, which is not allowed.

Since your original patch replaced "0" with "face->face_index", why not replace
the "0" with "id" instead?

(Note that I still have no clue about this stuff, but I just looked at the code
that surrounded the assertion and then noticed that I ended up looking at
exactly the code that was changed in 42f07ef90).

By the way: Thank you Algunenano for the good bug report. The bisection was
very helpful.

Oh and: The commit message for 42f07ef90 says that ft_face->face_index changes
"underneath us" as font variations are applied. That sounds really, really
troublesome, since this means that the key of the hash table is changed without
updating the hash table?!?

You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20180329/780db189/attachment.html>

More information about the cairo-bugs mailing list