libcairo

Bug #207341
Comment #6

Comment 6 for bug 207341

Revision history for this message

In freedesktop.org Bugzilla #15216, Chris Wilson (ickle) wrote on 2008-03-27:

valgrind reports:
==13745== Invalid read of size 4
==13745== at 0x51BE572: FT_Load_Glyph (ftobjs.c:549)
==13745== by 0x4A24921: _cairo_ft_scaled_glyph_init (cairo-ft-font.c:1922)
==13745== by 0x4A117AB: _cairo_scaled_glyph_lookup (cairo-scaled-font.c:1674)
==13745== by 0x4A12A5A: _cairo_scaled_font_glyph_device_extents (cairo-scaled-font.c:1124)
==13745== by 0x4A21ECD: _cairo_analysis_surface_show_glyphs (cairo-analysis-surface.c:516)
==13745== by 0x4A144DC: _cairo_surface_show_glyphs (cairo-surface.c:2086)
==13745== by 0x4A1FCC8: _cairo_meta_surface_replay_internal (cairo-meta-surface.c:816)
==13745== by 0x4A214B1: _paint_page (cairo-paginated-surface.c:299)
==13745== by 0x4A2171E: _cairo_paginated_surface_show_page (cairo-paginated-surface.c:445)
==13745== by 0x4A14BDF: cairo_surface_show_page (cairo-surface.c:1702)
==13745== by 0x49FF661: cairo_show_page (cairo.c:2155)
==13745== by 0xA267D97: pdf_document_file_exporter_end_page(_EvFileExporter*) (ev-poppler.cc:1753)
==13745== Address 0x55c5630 is 88 bytes inside a block of size 552 free'd
==13745== at 0x402269C: free (vg_replace_malloc.c:326)
==13745== by 0x51B7ABC: ft_free (ftsystem.c:158)
==13745== by 0x51BB319: ft_mem_free (ftutil.c:171)
==13745== by 0x51BC318: destroy_face (ftobjs.c:856)
==13745== by 0x51BC3B2: FT_Done_Face (ftobjs.c:1972)
==13745== by 0x4363704: CairoFont::~CairoFont() (CairoFontEngine.cc:251)
==13745== by 0x436401D: CairoFontEngine::getFont(GfxFont*, XRef*) (CairoFontEngine.cc:335)
==13745== by 0x4366915: CairoOutputDev::updateFont(GfxState*) (CairoOutputDev.cc:318)
==13745== by 0x5093BF1: Gfx::opShowText(Object*, int) (Gfx.cc:3073)
==13745== by 0x508F901: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==13745== by 0x50906FF: Gfx::go(int) (Gfx.cc:594)
==13745== by 0x5090C96: Gfx::display(Object*, int) (Gfx.cc:557)
==13745==

which looks like poppler has called FT_Done_Face on a live cairo_font_face_t.

valgrind reports:
==13745== Invalid read of size 4
==13745==    at 0x51BE572: FT_Load_Glyph (ftobjs.c:549)
==13745==    by 0x4A24921: _cairo_ft_scaled_glyph_init (cairo-ft-font.c:1922)
==13745==    by 0x4A117AB: _cairo_scaled_glyph_lookup (cairo-scaled-font.c:1674)
==13745==    by 0x4A12A5A: _cairo_scaled_font_glyph_device_extents (cairo-scaled-font.c:1124)
==13745==    by 0x4A21ECD: _cairo_analysis_surface_show_glyphs (cairo-analysis-surface.c:516)
==13745==    by 0x4A144DC: _cairo_surface_show_glyphs (cairo-surface.c:2086)
==13745==    by 0x4A1FCC8: _cairo_meta_surface_replay_internal (cairo-meta-surface.c:816)
==13745==    by 0x4A214B1: _paint_page (cairo-paginated-surface.c:299)
==13745==    by 0x4A2171E: _cairo_paginated_surface_show_page (cairo-paginated-surface.c:445)
==13745==    by 0x4A14BDF: cairo_surface_show_page (cairo-surface.c:1702)
==13745==    by 0x49FF661: cairo_show_page (cairo.c:2155)
==13745==    by 0xA267D97: pdf_document_file_exporter_end_page(_EvFileExporter*) (ev-poppler.cc:1753)
==13745==  Address 0x55c5630 is 88 bytes inside a block of size 552 free'd
==13745==    at 0x402269C: free (vg_replace_malloc.c:326)
==13745==    by 0x51B7ABC: ft_free (ftsystem.c:158)
==13745==    by 0x51BB319: ft_mem_free (ftutil.c:171)
==13745==    by 0x51BC318: destroy_face (ftobjs.c:856)
==13745==    by 0x51BC3B2: FT_Done_Face (ftobjs.c:1972)
==13745==    by 0x4363704: CairoFont::~CairoFont() (CairoFontEngine.cc:251)
==13745==    by 0x436401D: CairoFontEngine::getFont(GfxFont*, XRef*) (CairoFontEngine.cc:335)
==13745==    by 0x4366915: CairoOutputDev::updateFont(GfxState*) (CairoOutputDev.cc:318)
==13745==    by 0x5093BF1: Gfx::opShowText(Object*, int) (Gfx.cc:3073)
==13745==    by 0x508F901: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==13745==    by 0x50906FF: Gfx::go(int) (Gfx.cc:594)
==13745==    by 0x5090C96: Gfx::display(Object*, int) (Gfx.cc:557)
==13745==

which looks like poppler has called FT_Done_Face on a live cairo_font_face_t.