Ubuntu

evince crashed with SIGSEGV in FcConfigSubstituteWithPat()

Reported by Greg Grossmeier on 2008-10-20
426
This bug affects 36 people
Affects Status Importance Assigned to Milestone
cairo (Ubuntu)
High
Unassigned
Nominated for Jaunty by Phil M
Nominated for Karmic by Phil M
Intrepid
Undecided
Unassigned
fontconfig (Ubuntu)
High
Unassigned
Nominated for Jaunty by Phil M
Nominated for Karmic by Phil M
Intrepid
High
Unassigned

Bug Description

Binary package hint: evince

Opening a pdf document from the web.

Crashed before it was able to render anything.

Link: http://www.copyright.gov/history/1790act.pdf

STEPS TO REPRODUCE:
1. Make sure GNOME is running, evince gets fontconfig info from another library (it doesn't access FC directly)
2. Open evince on any file, then close it.
3. Install or remove a font (try mstcorefonts)
4. Open evince with a document (i.e., try the link provided above). It SHOULD crash.

ProblemType: Crash
Architecture: amd64
DistroRelease: Ubuntu 8.10
ExecutablePath: /usr/bin/evince
NonfreeKernelModules: nvidia
Package: evince 2.24.0-0ubuntu2
ProcAttrCurrent: unconfined
ProcCmdline: evince file:///home/username/Documents/Grad_School/SI-519/SI519%20-%20SyllabusF2008.%20Aug.%2026.pdf
ProcEnviron:
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=en_US.UTF-8
 SHELL=/bin/bash
Signal: 11
SourcePackage: evince
StacktraceTop:
 FcConfigSubstituteWithPat ()
 GlobalParams::getDisplayFont (this=0x2989190,
 CairoFont::create (gfxFont=0x7fc1eeb14f70,
 CairoFontEngine::getFont (this=0x7fc1eea017e0,
 CairoOutputDev::updateFont (this=0x7fc1eea020a0,
Title: evince crashed with SIGSEGV in FcConfigSubstituteWithPat()
Uname: Linux 2.6.27-7-generic x86_64
UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin plugdev sambashare video

StacktraceTop:IA__FcConfigSubstituteWithPat (config=0x27940b0, p=0x7fc1eea99290, p_pat=0x0,
GlobalParams::getDisplayFont (this=0x2989190, font=0x7fc1eeb14f70) at GlobalParams.cc:1097
CairoFont::create (gfxFont=0x7fc1eeb14f70, xref=0x7fc1eeaa1740, lib=0x29735f0, useCIDs=1)
CairoFontEngine::getFont (this=0x7fc1eea017e0, gfxFont=0x7fc1eeb14f70, xref=0x7fc1eeaa1740)
CairoOutputDev::updateFont (this=0x7fc1eea020a0, state=0x7fc1eea033c0)

Changed in evince:
importance: Undecided → Medium
Pedro Villavicencio (pedro) wrote :

looks like a fontconfig issue, reassigning.

Changed in fontconfig:
status: New → Confirmed
Chris Cheney (ccheney) wrote :

I think this also affects OpenOffice.org, bug 254359. It crashes any time a font is added/removed and fc-cache is rerun.

Changed in fontconfig:
importance: Medium → High
milestone: none → ubuntu-8.10
Chris Cheney (ccheney) wrote :

Greg,

When the crash happened were you also doing a system update and/or installing any fonts? I see a similar crash with OpenOffice.org due to adding/removing fonts from fontconfig.

Thanks,

Chris Cheney

Chris,

I don't believe so, but I could be wrong.

Any other people from the duplicates remember if they were updating and/or installing any fonts when this crash happened?

Best,

Greg

... As far as i remember I had just done a system update, When it crashed,
think i minimized the windows and used compiz... but I'm not sure at all...

:)

2008/10/28 Greg Grossmeier <email address hidden>

> Chris,
> this system had just done a update
> I don't believe so, but I could be wrong.
>
> Any other people from the duplicates remember if they were updating
> and/or installing any fonts when this crash happened?
>
> Best,
>
> Greg
>
> --
> evince crashed with SIGSEGV in FcConfigSubstituteWithPat()
> https://bugs.launchpad.net/bugs/286175
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>
> Status in "fontconfig" source package in Ubuntu: Confirmed
>
> Bug description:
> Binary package hint: evince
>
> Opening a pdf document from the web.
>
> Crashed before it was able to render anything.
>
> Link: http://www.copyright.gov/history/1790act.pdf
>
> I am not currently able to reproduce it, unfortunately.
>
> ProblemType: Crash
> Architecture: amd64
> DistroRelease: Ubuntu 8.10
> ExecutablePath: /usr/bin/evince
> NonfreeKernelModules: nvidia
> Package: evince 2.24.0-0ubuntu2
> ProcAttrCurrent: unconfined
> ProcCmdline: evince
> file:///home/username/Documents/Grad_School/SI-519/SI519%20-%20SyllabusF2008.%20Aug.%2026.pdf
> ProcEnviron:
>
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> Signal: 11
> SourcePackage: evince
> StacktraceTop:
> FcConfigSubstituteWithPat ()
> GlobalParams::getDisplayFont (this=0x2989190,
> CairoFont::create (gfxFont=0x7fc1eeb14f70,
> CairoFontEngine::getFont (this=0x7fc1eea017e0,
> CairoOutputDev::updateFont (this=0x7fc1eea020a0,
> Title: evince crashed with SIGSEGV in FcConfigSubstituteWithPat()
> Uname: Linux 2.6.27-7-generic x86_64
> UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin plugdev
> sambashare video
>

pcollaog (pcollaog) wrote :

This crash happens when I installed msttcorefonts.

I tryed to open pdf made with docbook

Colin Watson (cjwatson) on 2008-10-28
Changed in fontconfig:
milestone: ubuntu-8.10 → intrepid-updates
Chris Cheney (ccheney) wrote :

This *might* be an OOo and Evince issue not related to fontconfig but it needs more investigation. It didn't seem to start happening until Intrepid in any case and OOo didn't change that much between Hardy and Intrepid.

This bug might be related:

https://bugzilla.novell.com/show_bug.cgi?id=436441

Gabriel Bauman (gabrielbauman) wrote :

Patch for the OpenOffice version of the crash available here: http://qa.openoffice.org/issues/show_bug.cgi?id=94069 .

"Installing a font while OOo is running runs the risk of referencing stuff in psprint's m_pDefConfig which is now invalid... It looks like a safer bet to use FcConfigGetCurrent()..."

I can confirm this bug.

Steps to reproduce added to the summary.

As an additional note, it seems firefox is also partially affected. Once doing the steps to reproduce, if firefox is open, the render on some pages get completely screwed up.

I don't think the issue is with fontconfig itself, but some programs using fontconfig in a way that is not supported (there is an API, but at least in OpenOffice, it access a direct pointer which becomes void if a font is adding or removed).

description: updated
Changed in cairo:
assignee: nobody → sonicmctails
importance: Undecided → High
milestone: none → intrepid-updates
status: New → Confirmed

It seems my method to reproduce is not 100% foolproof, as I can not make evience crash reliably (at least when I have GDB or valgrind attached). However, I've noticed if the fc-cache is run and forces an update of system caches, it seems rendering bugs on my hardware appear (i.e., xchat and firefox seem to screw up from time to time, possibly from accessing the old cache or the old fonts).

John Dong (jdong) wrote :

I just got this crash in an up-to-date Jaunty, no updates done on this bootup; Have 5 Firefox windows and HAD 8 or 9 Evince PDF's open. Opened one more and BOOM.

I've been unable to reproduce it though, much to my annoyance.

Sebastien Bacher (seb128) wrote :

could you try if that's still an issue in jaunty?

Changed in cairo (Ubuntu):
assignee: Michael Casadevall (mcasadevall) → nobody
milestone: intrepid-updates → none
John McCabe-Dansted (gmatht) wrote :

I get this crash in Karmic-i386 as well.

Issue there in Karmic x64 as well.

Alexander Sack (asac) wrote :

any hints how to reproduce? maybe this happens for a specific .pdf/font?

Alexander Sack (asac) wrote :

oh sorry. failed to read the summary :)

Miguel Martinez (el-quark) wrote :

I'd like to add that I've seen this happening after installing the Adobe Minion Pro fonts into $HOME/.fonts/ and then opening a Nature research paper (they use the Minion Pro font family).

Miguel Martinez (el-quark) wrote :

Sorry, last post refers to a crash I've seen in evince in fully up-to-date Karmic.

tags: added: iso-testing
Morris Cavestro (fly82) wrote :

10.4 lucid beta1 bug

Sergio Zanchetta (primes2h) wrote :

Thank you for reporting this bug to Ubuntu. Intrepid Ibex 8.10 reached EOL on 30 March 2010.
Please see this document for currently supported Ubuntu releases:
https://wiki.ubuntu.com/Releases

Please feel free to report any other bugs you may find.
Thank you.

Changed in cairo (Ubuntu Intrepid):
status: New → Won't Fix
Changed in fontconfig (Ubuntu Intrepid):
status: Confirmed → Won't Fix
Sergio Zanchetta (primes2h) wrote :

I realized I had made a mistake.
Intrepid Ibex 8.10 "will reach" EOL on 30 "APRIL" 2010.

Sorry for this.

Anyway, I think that one month doesn't make any difference now.

Damjan Jovanovic (damjan-jov) wrote :

As of Natty (and not earlier versions), FcConfigSubstituteWithPat() reproducibly crashes in some Windows applications running under Wine. Example backtrace:

Unhandled exception: denormal float operand in 32-bit code (0x7e9d9310).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:7e9d9310 ESP:00d6de60 EBP:00d6dec8 EFLAGS:00010202( R- -- I - - - )
 EAX:00000003 EBX:7e9ffff4 ECX:00000012 EDX:00000003
 ESI:00000003 EDI:00000003
Stack dump:
0x00d6de60: 00d6de98 00d6df24 7e9ffff4 7e9ffff4
0x00d6de70: 7d730140 7d77a650 00d6dec8 00000012
0x00d6de80: 00000000 00000014 f75fe3c0 00000003
0x00d6de90: 7d72d9f0 00000003 00000003 7d7304f0
0x00d6dea0: 00000003 00000003 7d72d9f0 00000003
0x00d6deb0: 00000001 7d77a528 7e9d929b 7e9ffff4
Backtrace:
=>0 0x7e9d9310 in libfontconfig.so.1 (+0x7310) (0x00d6dec8)
  1 0x7e9da382 FcConfigSubstituteWithPat+0x191() in libfontconfig.so.1 (0x00d6df48)
  2 0x7e9da8e7 FcConfigSubstitute+0x26() in libfontconfig.so.1 (0x00d6df68)
  3 0x7e96ef72 X11DRV_XRender_SelectFont+0xc41(physDev=0x1535d8, hfont=0xe98) [/home/user/wine/dlls/winex11.drv/xrender.c:935] in winex11 (0x00d6e108)
  4 0x7e965e05 X11DRV_SelectFont+0xee4(physDev=0x1535d8, hfont=0xe98, gdiFont=0x189c88) [/home/user/wine/dlls/winex11.drv/xfont.c:3241] in winex11 (0x00d6e558)
  5 0x7ec0c19f FONT_SelectObject+0x9e(handle=0xe98, hdc=0x660) [/home/user/wine/dlls/gdi32/font.c:546] in gdi32 (0x00d6e5c8)
  6 0x7ec22eeb SelectObject+0xba(hdc=0x660, hObj=0xe98) [/home/user/wine/dlls/gdi32/gdiobj.c:1112] in gdi32 (0x00d6e618)
  7 0x7e6d45fa SelectObject16+0x19(hdc=0x660, handle=0xe98) [/home/user/wine/dlls/gdi.exe16/gdi.c:1101] in gdi.exe16 (0x00d6e638)
  8 0x7e6d05da __i686.get_pc_thunk.bx+0xc82() in gdi.exe16 (0x00d6e648)
  9 0x7eadac9e __wine_call_from_16+0x75() in krnl386.exe16 (0x00d6e678)
  10 0x1227:0x213e (0x124f:0x4b6e)
  11 0x1227:0x20a9 (0x124f:0x4c7a)
  12 0x1227:0x1dde (0x124f:0x4c8c)
  13 0x1237:0x2af8 (0x124f:0x4c9c)
  14 0x1237:0x29a2 (0x124f:0x4cb0)
  15 0x123f:0x3aa9 (0x124f:0x4dd4)
  16 0x123f:0x2305 (0x124f:0x4df2)
  17 0x123f:0x0b32 (0x124f:0x4f64)
  18 0x1237:0x2533 (0x124f:0x507a)
  19 0x1237:0x6e26 (0x124f:0x5096)
  20 0x11df:0x0072 (0x124f:0x50a8)
  21 0x11df:0x0000 (0x124f:0x0000)
0x7e9d9310: fstpl 0xffffffe0(%ebp)

Yes, it happens for more than one application, and no, none of them are freely available.

Sagawa (sagawa-aki+lp) wrote :

Above Wine's failure seems to be reproduced with 16-bit Windows application.

I ran Emi Clock ( http://www003.upp.so-net.ne.jp/motosoft/ ) Windows 3.1 version, a similar failure occurred, because the code also crashes with fstpl opcode.

I'll attach wine-emiclock16-dump.txt which produced with libfontconfig1-dbg(2.8.0-2.1ubuntu3) and wine1.2-dbg(1.2.2-0ubuntu6) under my x86 PC.

Sagawa (sagawa-aki+lp) wrote :

I guess unmasking FPU's denormal exception flag is a trigger of this bug.

I made a small source code, bug.c, to demonstrate it.

Please compile it with following instruction:
| % gcc -o bug bug.c -lfontconfig
Then run it.
| % ./bug
| zsh: floating point exception ./bug
The code crashed with SIGFPE.

But the following:
| % gcc -DBUG_OFF -o bug bug.c -lfontconfig
| % ./bug
It works fine.

Bryce Harrington (bryce) wrote :

Not reproducing on precise. Both the test case in the description, and the bug.c test case (thanks!) seem to be working fine.

Further, in the backtraces while there are mentions of cairo, those calls aren't from cairo's source code (the calls are C++, but cairo is all C).

Changed in cairo (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.