Bug 12284 - cairo crashes if I open a gaim.desktop in gvim
Summary: cairo crashes if I open a gaim.desktop in gvim
Alias: None
Product: cairo
Classification: Unclassified
Component: freetype font backend (show other bugs)
Version: 1.5.1
Hardware: x86 (IA32) Linux (All)
: medium normal
Assignee: David Turner
QA Contact: cairo-bugs mailing list
Keywords: have-backtrace
Depends on:
Reported: 2007-09-04 23:58 UTC by SungHyun Nam
Modified: 2007-09-07 05:12 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Special case zero-sized bitmaps. (947 bytes, patch)
2007-09-05 00:13 UTC, Chris Wilson
Details | Splinter Review

Description SungHyun Nam 2007-09-04 23:58:34 UTC
Crash occurs if I move a cursor to the line 'Name[dz]=...'. And
it seems the font I use cannot display the 'dz' language.
I use cairo commit '1d788da5175dac34ed0298204753bf1b40dfc2b0' to get
gdb backtrace.

Here is a gdb backtrace:

/home2/namsh/c/vim/src[110]$ LD_PRELOAD=./libcairo.so.2.11.5 gdb ./vim
GNU gdb Red Hat Linux (6.5-7_nshrh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "athlon-redhat-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1".

(gdb) run -g -f gaim.desktop
Starting program: /home2/namsh/c/vim/src/vim -g -f gaim.desktop
[Thread debugging using libthread_db enabled]
[New process 15897]
[New Thread -1220254016 (LWP 15897)]

Program received signal SIGFPE, Arithmetic exception.
[Switching to Thread -1220254016 (LWP 15897)]
0xb7ef1ae6 in _get_bitmap_surface (bitmap=0x8889924, own_buffer=0, 
    font_options=0x88cfd80, surface=0xbf8257b4) at cairo-ft-font.c:745
745                 data = _cairo_malloc_ab (height, stride);
(gdb) p height
$1 = 0
(gdb) p stride
$2 = 0
(gdb) q
The program is running.  Exit anyway? (y or n) y
Comment 1 Chris Wilson 2007-09-05 00:13:39 UTC
Created attachment 11423 [details] [review]
Special case zero-sized bitmaps.

This hides the FPE in the malloc macro, but it neatly avoids the malloc(0).
Comment 2 SungHyun Nam 2007-09-05 00:29:31 UTC
I verified the patch in Comment #1.
Indeed it avoids the crash.
Comment 3 Chris Wilson 2007-09-07 05:12:27 UTC
commit d62f8861689d8b9a9a837043fb78813f0407abd4
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Wed Sep 5 08:07:41 2007 +0100

    [cairo-ft-font] Early detection of a zero sized bitmap.
    Under rare circumstances we may need to extract a surface that
    represents a bitmap with width==0 and rows==0. Detect this case at the
    start and simply return a zero-sized surface.
    Fixes https://bugs.freedesktop.org/show_bug.cgi?id=12284.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.