Bug#958017: libpango-1.0-0: Crash in pango_font_get_hb_font
Sam Morris
sam at robots.org.uk
Fri Apr 17 13:30:03 BST 2020
Package: libpango-1.0-0
Version: 1.44.7-3
Severity: grave
Justification: renders package unusable
After upgrading libpango-1.0-0 from version 1.42.4-7~deb10u1 to version
1.44.7, gnome-terminal-server will no longer start. It crashes with:
#0 0x0000000000000000 in ?? ()
#1 0x00007fa7b8049383 in pango_font_get_hb_font (font=font at entry=0x558d8a9a9860) at ../pango/fonts.c:1908
#2 0x00007fa7b8063173 in pango_font_get_hb_font_for_context (context=0x7ffcb2ff2fd0, font=0x558d8a9a9860) at ../pango/pangofc-shape.c:345
#3 pango_hb_shape (font=0x558d8a9a9860, item_text=item_text at entry=0x558d8a6826f0 "!", item_length=item_length at entry=1, analysis=analysis at entry=0x558d8a914110, glyphs=glyphs at entry=0x558d8a75b180, paragraph_text=paragraph_text at entry=0x558d8a6826f0 "!", paragraph_length=1) at ../pango/pangofc-shape.c:345
#4 0x00007fa7b80629ea in pango_shape_with_flags (item_text=0x558d8a6826f0 "!", item_length=1, paragraph_text=<optimized out>, paragraph_length=1, analysis=analysis at entry=0x558d8a914110, glyphs=glyphs at entry=0x558d8a75b180, flags=PANGO_SHAPE_ROUND_POSITIONS) at ../pango/shape.c:205
#5 0x00007fa7b8053a33 in shape_run (line=line at entry=0x558d8a92a5e0, state=state at entry=0x7ffcb2ff3580, item=item at entry=0x558d8a914100) at ../pango/pango-layout.c:3354
#6 0x00007fa7b8055e78 in process_item (layout=layout at entry=0x558d8a65a400, line=line at entry=0x558d8a92a5e0, state=state at entry=0x7ffcb2ff3580, force_fit=force_fit at entry=1, no_break_at_end=no_break_at_end at entry=0) at ../pango/pango-layout.c:3633
#7 0x00007fa7b8057f6d in process_line (state=0x7ffcb2ff3580, layout=0x558d8a65a400) at ../pango/pango-layout.c:3951
#8 pango_layout_check_lines (layout=<optimized out>) at ../pango/pango-layout.c:4315
#9 pango_layout_check_lines (layout=<optimized out>) at ../pango/pango-layout.c:4175
#10 0x00007fa7b8059a59 in pango_layout_get_extents_internal (layout=0x558d8a65a400, ink_rect=ink_rect at entry=0x0, logical_rect=logical_rect at entry=0x7ffcb2ff3720, line_extents=line_extents at entry=0x0) at ../pango/pango-layout.c:2623
#11 0x00007fa7b8059e7c in pango_layout_get_extents (layout=<optimized out>, ink_rect=ink_rect at entry=0x0, logical_rect=logical_rect at entry=0x7ffcb2ff3720) at ../pango/pango-layout.c:2817
#12 0x00007fa7b88a1e00 in font_info_measure_font (info=0x558d8a8e9c00) at ../src/vtedraw.cc:398
#13 font_info_allocate (context=0x558d8a8e9700) at ../src/vtedraw.cc:448
#14 font_info_find_for_context (context=0x558d8a8e9700) at ../src/vtedraw.cc:612
#15 font_info_create_for_context (fontconfig_timestamp=<optimized out>, language=<optimized out>, desc=0x1, context=0x558d8a8e9700) at ../src/vtedraw.cc:657
#16 font_info_create_for_screen (language=<optimized out>, desc=0x1, screen=<optimized out>) at ../src/vtedraw.cc:668
#17 font_info_create_for_widget (widget=widget at entry=0x558d8a92c320, desc=desc at entry=0x558d8a993560) at ../src/vtedraw.cc:679
#18 0x00007fa7b88a2403 in _vte_draw_set_text_font (draw=0x558d8a9211c0, widget=0x558d8a92c320, fontdesc=0x558d8a993560, cell_width_scale=1, cell_height_scale=1) at ../src/vtedraw.cc:910
#19 0x00007fa7b888ffd6 in vte::terminal::Terminal::ensure_font (this=0x558d8a92e000) at /usr/include/c++/9/bits/unique_ptr.h:360
#20 vte::terminal::Terminal::ensure_font (this=this at entry=0x558d8a92e000) at ../src/vte.cc:7318
#21 0x00007fa7b88a985e in vte::terminal::Terminal::get_cell_width (this=0x558d8a92e000) at ../src/vteinternal.hh:1248
#22 vte_terminal_get_char_width (terminal=<optimized out>) at ../src/vtegtk.cc:3447
#23 0x0000558d8a1925d8 in ?? ()
#24 0x0000558d8a198dfc in ?? ()
#25 0x0000558d8a19bfb5 in ?? ()
#26 0x0000558d8a19d713 in ?? ()
#27 0x00007fa7b5ecaccd in ?? () from /usr/lib/x86_64-linux-gnu/libffi.so.7
#28 0x00007fa7b5eca25a in ?? () from /usr/lib/x86_64-linux-gnu/libffi.so.7
#29 0x00007fa7b7dd17fc in g_cclosure_marshal_generic (closure=closure at entry=0x558d8a85d470, return_gvalue=return_gvalue at entry=0x0, n_param_values=n_param_values at entry=3, param_values=param_values at entry=0x7ffcb2ff3db0, invocation_hint=invocation_hint at entry=0x7ffcb2ff3d30, marshal_data=marshal_data at entry=0x0) at ../../../gobject/gclosure.c:1500
#30 0x00007fa7b7dd0fd2 in g_closure_invoke (closure=0x558d8a85d470, return_value=0x0, n_param_values=3, param_values=0x7ffcb2ff3db0, invocation_hint=0x7ffcb2ff3d30) at ../../../gobject/gclosure.c:810
#31 0x00007fa7b7de41b3 in signal_emit_unlocked_R (node=node at entry=0x558d8a5ffe70, detail=detail at entry=0, instance=instance at entry=0x558d8a8d82a0, emission_return=emission_return at entry=0x0, instance_and_params=instance_and_params at entry=0x7ffcb2ff3db0) at ../../../gobject/gsignal.c:3812
#32 0x00007fa7b7def54f in g_signal_emit_valist (instance=instance at entry=0x558d8a8d82a0, signal_id=signal_id at entry=252, detail=detail at entry=0, var_args=var_args at entry=0x7ffcb2ff3ff8) at ../../../gobject/gsignal.c:3498
#33 0x00007fa7b7df098c in g_signal_emit_by_name (instance=0x558d8a8d82a0, detailed_signal=0x558d8a1a7bac "screen-switched") at ../../../gobject/gsignal.c:3594
#34 0x0000558d8a189de6 in ?? ()
#35 0x00007fa7b7dd0fd2 in g_closure_invoke (closure=0x558d8a61c760, return_value=0x0, n_param_values=3, param_values=0x7ffcb2ff4320, invocation_hint=0x7ffcb2ff42a0) at ../../../gobject/gclosure.c:810
#36 0x00007fa7b7de3f06 in signal_emit_unlocked_R (node=node at entry=0x558d8a628420, detail=detail at entry=0, instance=instance at entry=0x558d8a8d82a0, emission_return=emission_return at entry=0x0, instance_and_params=instance_and_params at entry=0x7ffcb2ff4320) at ../../../gobject/gsignal.c:3780
#37 0x00007fa7b7def54f in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args at entry=0x7ffcb2ff4500) at ../../../gobject/gsignal.c:3498
#38 0x00007fa7b7defedf in g_signal_emit (instance=instance at entry=0x558d8a8d82a0, signal_id=<optimized out>, detail=detail at entry=0) at ../../../gobject/gsignal.c:3554
#39 0x00007fa7b83d92d0 in gtk_notebook_switch_page (notebook=notebook at entry=0x558d8a8d82a0, page=page at entry=0x558d8a92a540) at ../../../../gtk/gtknotebook.c:6237
#40 0x00007fa7b83e02db in gtk_notebook_real_insert_page (notebook=0x558d8a8d82a0, child=0x558d8a8b47b0, tab_label=0x558d8a8b4940, menu_label=<optimized out>, position=<optimized out>) at ../../../../gtk/gtknotebook.c:4856
#41 0x0000558d8a189ae0 in ?? ()
#42 0x0000558d8a1870b9 in ?? ()
#43 0x00007fa7b5ecaccd in ?? () from /usr/lib/x86_64-linux-gnu/libffi.so.7
#44 0x00007fa7b5eca25a in ?? () from /usr/lib/x86_64-linux-gnu/libffi.so.7
#45 0x00007fa7b7dd17fc in g_cclosure_marshal_generic (closure=0x558d8a688440, return_gvalue=0x7ffcb2ff4ad0, n_param_values=<optimized out>, param_values=<optimized out>, invocation_hint=<optimized out>, marshal_data=<optimized out>) at ../../../gobject/gclosure.c:1500
#46 0x00007fa7b7dd0fd2 in g_closure_invoke (closure=0x558d8a688440, return_value=0x7ffcb2ff4ad0, n_param_values=3, param_values=0x558d8a6cd5a0, invocation_hint=0x7ffcb2ff4ab0) at ../../../gobject/gclosure.c:810
#47 0x00007fa7b7de3f06 in signal_emit_unlocked_R (node=node at entry=0x558d8a701550, detail=detail at entry=0, instance=instance at entry=0x558d8a6fe540, emission_return=emission_return at entry=0x7ffcb2ff4c00, instance_and_params=instance_and_params at entry=0x558d8a6cd5a0) at ../../../gobject/gsignal.c:3780
#48 0x00007fa7b7dee8af in g_signal_emitv (instance_and_params=0x558d8a6cd5a0, signal_id=<optimized out>, detail=0, return_value=0x7ffcb2ff4c00) at ../../../gobject/gsignal.c:3230
#49 0x0000558d8a1a023c in ?? ()
#50 0x00007fa7b7f3bb7a in g_dbus_interface_method_dispatch_helper (interface=<optimized out>, method_call_func=0x558d8a1a0080, invocation=0x7fa7a8014000) at ../../../gio/gdbusinterfaceskeleton.c:613
#51 0x00007fa7b7f22d10 in call_in_idle_cb (user_data=<optimized out>) at ../../../gio/gdbusconnection.c:4888
#52 0x00007fa7b7ce64de in g_main_dispatch (context=0x558d8a5ba3a0) at ../../../glib/gmain.c:3309
#53 g_main_context_dispatch (context=context at entry=0x558d8a5ba3a0) at ../../../glib/gmain.c:3974
#54 0x00007fa7b7ce6890 in g_main_context_iterate (context=context at entry=0x558d8a5ba3a0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../../../glib/gmain.c:4047
#55 0x00007fa7b7ce691f in g_main_context_iteration (context=context at entry=0x558d8a5ba3a0, may_block=may_block at entry=1) at ../../../glib/gmain.c:4108
#56 0x00007fa7b7ef7f9d in g_application_run (application=0x558d8a65e1e0, argc=<optimized out>, argv=<optimized out>) at ../../../gio/gapplication.c:2559
#57 0x0000558d8a1815fe in ?? ()
#58 0x00007fa7b7acfe0b in __libc_start_main (main=0x558d8a181470, argc=1, argv=0x7ffcb2ff5078, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcb2ff5068) at ../csu/libc-start.c:308
#59 0x0000558d8a18175a in ?? ()
vim.gtk3 crashes with:
#0 0x0000000000000000 in ?? ()
#1 0x00007ffff777c383 in pango_font_get_hb_font (font=font at entry=0x555555f07860) at ../pango/fonts.c:1908
#2 0x00007ffff7796173 in pango_font_get_hb_font_for_context (context=0x7fffffffc930, font=0x555555f07860) at ../pango/pangofc-shape.c:345
#3 pango_hb_shape (font=0x555555f07860, item_text=item_text at entry=0x555555e325a0 "MW", item_length=item_length at entry=2, analysis=analysis at entry=0x555555db7010, glyphs=glyphs at entry=0x555555e30ee0, paragraph_text=paragraph_text at entry=0x555555e325a0 "MW", paragraph_length=2) at ../pango/pangofc-shape.c:345
#4 0x00007ffff77959ea in pango_shape_with_flags (item_text=0x555555e325a0 "MW", item_length=2, paragraph_text=<optimized out>, paragraph_length=2, analysis=analysis at entry=0x555555db7010, glyphs=glyphs at entry=0x555555e30ee0, flags=PANGO_SHAPE_ROUND_POSITIONS) at ../pango/shape.c:205
#5 0x00007ffff7786a33 in shape_run (line=line at entry=0x555555e269e0, state=state at entry=0x7fffffffcee0, item=item at entry=0x555555db7000) at ../pango/pango-layout.c:3354
#6 0x00007ffff7788e78 in process_item (layout=layout at entry=0x555555d36580, line=line at entry=0x555555e269e0, state=state at entry=0x7fffffffcee0, force_fit=force_fit at entry=1, no_break_at_end=no_break_at_end at entry=0) at ../pango/pango-layout.c:3633
#7 0x00007ffff778af6d in process_line (state=0x7fffffffcee0, layout=0x555555d36580) at ../pango/pango-layout.c:3951
#8 pango_layout_check_lines (layout=<optimized out>) at ../pango/pango-layout.c:4315
#9 pango_layout_check_lines (layout=<optimized out>) at ../pango/pango-layout.c:4175
#10 0x00007ffff778ca59 in pango_layout_get_extents_internal (layout=0x555555d36580, ink_rect=0x0, logical_rect=0x7fffffffd050, line_extents=0x0) at ../pango/pango-layout.c:2623
#11 0x00007ffff778cfa6 in pango_layout_get_size (layout=<optimized out>, width=0x7fffffffd0a0, height=0x0) at ../pango/pango-layout.c:2865
#12 0x00005555557c0a6a in gui_mch_init_font ()
#13 0x00005555557b5a2d in gui_init_font ()
#14 0x00005555557b714a in gui_init ()
#15 0x000055555576ce23 in set_termname ()
#16 0x00005555557b7c5b in ?? ()
#17 0x00005555557b7d5e in gui_start ()
#18 0x0000555555805ae6 in vim_main2 ()
#19 0x00005555555ceb1f in main ()
pango-view also crashes with a similar backtrace.
Here's the code that crashes:
(gdb) list
1903 g_return_val_if_fail (PANGO_IS_FONT (font), NULL);
1904
1905 if (priv->hb_font)
1906 return priv->hb_font;
1907
1908 priv->hb_font = PANGO_FONT_GET_CLASS (font)->create_hb_font (font);
1909
1910 hb_font_make_immutable (priv->hb_font);
1911
1912 return priv->hb_font;
(gdb) p *priv
$4 = {
hb_font = 0x0
}
(gdb) p *font
$6 = {
parent_instance = {
g_type_instance = {
g_class = 0x555555e31a50
},
ref_count = 4,
qdata = 0x0
}
}
-- System Information:
Debian Release: 10.3
APT prefers stable-debug
APT policy: (570, 'stable-debug'), (570, 'stable'), (550, 'testing-debug'), (550, 'testing'), (530, 'unstable-debug'), (530, 'unstable'), (500, 'stable-updates'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_USER
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: default
Versions of packages libpango-1.0-0 depends on:
ii fontconfig 2.13.1-2
ii libc6 2.30-4
ii libfribidi0 1.0.5-3.1+deb10u1
ii libglib2.0-0 2.64.1-1
ii libharfbuzz0b 2.3.1-1
ii libthai0 0.1.28-2
libpango-1.0-0 recommends no packages.
libpango-1.0-0 suggests no packages.
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list