fontforge crashed with SIGSEGV in GImageRead_Png() due to optipng

Bug #805752 reported by Jorge Godoy on 2011-07-05
146
This bug affects 32 people
Affects Status Importance Assigned to Milestone
FontForge
Undecided
auto-fontforge-devel
fontforge (Debian)
Fix Released
Unknown
fontforge (Ubuntu)
High
Michael Terry
Oneiric
High
Michael Terry
optipng (Ubuntu)
Undecided
Unassigned
Oneiric
Undecided
Unassigned

Bug Description

I simply clicked on one of the free fonts downloaded from Google (Cabin). Fontforge consistently crashes with any TTF font.

TEST CASE:
1. Launch fontforge
2. Open a TTF file

Result:
fontforge segfaults

ProblemType: Crash
DistroRelease: Ubuntu 11.10
Package: fontforge 0.0.20110222-1
ProcVersionSignature: Ubuntu 3.0-3.4-generic 3.0.0-rc5
Uname: Linux 3.0-3-generic x86_64
NonfreeKernelModules: wl
Architecture: amd64
CrashCounter: 1
Date: Mon Jul 4 22:13:11 2011
ExecutablePath: /usr/bin/fontforge
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcCmdline: fontforge /home/username/Download/tempo/Cabin/Cabin-Bold.ttf
ProcEnviron:
 LANGUAGE=pt_BR:en
 PATH=(custom, user)
 LANG=pt_BR.UTF-8
 SHELL=/bin/bash
SegvAnalysis:
 Segfault happened at: 0x7f9fc30d0d0f <GImageRead_Png+1407>: movzbl (%rax),%eax
 PC (0x7f9fc30d0d0f) ok
 source "(%rax)" (0x00000000) not located in a known VMA region (needed readable region)!
 destination "%eax" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: fontforge
StacktraceTop:
 GImageRead_Png () from /usr/lib/libgutils.so.1
 GImageReadPng () from /usr/lib/libgutils.so.1
 ?? () from /usr/lib/libgdraw.so.4
 ?? () from /usr/lib/libgdraw.so.4
 GMenuItem2ArrayCopy () from /usr/lib/libgdraw.so.4
Title: fontforge crashed with SIGSEGV in GImageRead_Png()
UpgradeStatus: Upgraded to oneiric on 2011-07-02 (2 days ago)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare

Jorge Godoy (jgodoy) wrote :

StacktraceTop:
 GImageRead_Png (fp=0x18d3620) at gimagereadpng.c:287
 GImageReadPng (filename=<value optimized out>) at gimagereadpng.c:341
 _GGadgetImageCache (filename=0x57d0d3 "fileclose.png", foundname=0x0) at gtextinfo.c:468
 GTextInfoImageLookup (ti=<value optimized out>) at gtextinfo.c:560
 GTextInfoImageLookup (ti=<value optimized out>) at gtextinfo.c:539

Changed in fontforge (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace

Thanks for your report. This is reproducible in Oneiric by opening any ttf file.

Changed in fontforge (Ubuntu):
importance: Medium → High
status: New → Triaged
visibility: private → public
description: updated
Michal Suchanek (hramrach) wrote :

Rebuilding the package fixes the issue.

tags: added: testcase
dmiranda (dmiranda) wrote :

the bug still persists on oneiric

Ricardo Bánffy (rbanffy) wrote :

I tried to open an OTF font and it crashed the same way it does with TTF

alienfoundery (alienfoundery) wrote :

Freezing then crashing when creating a new font under oneiric.

Fumihito YOSHIDA (hito) wrote :

I have tested with no-change rebuild (apt-get build-dep; apt-get source fontforge; cd fontforge*; debuild) at latest oneiric, the bug goes away.

So, we need no-change rebuild at this time.

Paul Sladen (sladen) wrote :

It appears to be either buggy PNG images, or a buggy PNG reader. I worked around it a few days ago by deleting the problematic files:

  $ dpkg -L fontforge | grep png | xargs ls -1 > /dev/null
  ls: cannot access /usr/share/fontforge/pixmaps/viewfit.png: No such file or directory
  ls: cannot access /usr/share/fontforge/pixmaps/viewzoomin.png: No such file or directory
  ls: cannot access /usr/share/fontforge/pixmaps/viewzoomout.png: No such file or directory

Paul Sladen (sladen) wrote :

Confirms; rebuild fixes it.

Changed in fontforge (Ubuntu):
status: Triaged → In Progress
milestone: none → ubuntu-11.10
summary: - fontforge crashed with SIGSEGV in GImageRead_Png()
+ fontforge crashed with SIGSEGV in GImageRead_Png(): no change rebuild
+ required
Changed in fontforge (Ubuntu):
status: In Progress → Fix Committed

This bug was fixed in the package fontforge - 0.0.20110222-1build1

---------------
fontforge (0.0.20110222-1build1) oneiric; urgency=low

  * No change rebuild to prevent crash-on-startup (LP: #805752)
 -- Paul Sladen <email address hidden> Fri, 30 Sep 2011 15:42:14 +0100

Changed in fontforge (Ubuntu):
status: Fix Committed → Fix Released
Fumihito YOSHIDA (hito) wrote :

0.0.20110222-1build1 and related(libfontforge,libgdraw) are distributed, but, the bugs still exists in my test environments (...why?).

Anyone can repro this behavior?

I can confirm this. Upgraded Maverick to latest Oneiric Daily build today.

My Fontforge version fontforge is 0.0.20110222-1build1

I open an SFD file and it segfaults.

[sorry, upgraded Natty to Oneiric, pardon me!]

Fumihito YOSHIDA (hito) wrote :

Okay, I tested with clean installed oneiric Beta2, problem still exists. The suspect is pkgbinarymangler::pkgstripfiles(::optipng). pkgbinarymangler kicked at build-process in only archive-build[1]. We built at PPA/private pbuilder, pkgstripfiles does not kicked[2] and that works fine.

Collateral evidence:
When you install good fontforge packegs from my PPA[3], exec below command...problem reproduced! Breaker is optipng (of cource, fontforges PNG reader is still suspicous, and we need workaround).
  <<<WARNING: Before exec, please backup *png files>>>
 $ cd /usr/share/fontforge/pixmaps/
 $ sudo optipng -o4 -preserve *png

So, we have to one-more-rebuild with NO_PNG_PKG_MANGLE for good fontforge packages.

# But, we are in FinalFreeze :(

[1] https://launchpadlibrarian.net/81558874/buildlog_ubuntu-oneiric-i386.fontforge_0.0.20110222-1build1_BUILDING.txt.gz
[2] https://launchpadlibrarian.net/81653514/buildlog_ubuntu-oneiric-i386.fontforge_0.0.20110222-1build2%7Eppa1_BUILDING.txt.gz
[3] https://launchpad.net/~hito/+archive/ppa/+packages

Pietro (pietro) wrote :

hramrach or sladen, can you please post the command-line sequence for rebuilding the package?
As a non-tech user, I fear it could take me hours to figure out how to get ForntForge to work.
This page comes up right near the top with the Google string "Ubuntu 11.10 FontForge," so this is where us noobs will find the fix.
Thanks.

Fumihito YOSHIDA (hito) wrote :

Dear bug triagers,

This bug still exist in Oneiric. Could you please revert "Fix Released" to "Confirmed"?
(Or, we have to re-file as new bug?)

I confirm it is still an issue and it crashes in Precise as well.

Changed in fontforge (Ubuntu):
milestone: ubuntu-11.10 → none
status: Fix Released → Triaged
Shane M. Brandes (smbrandes) wrote :

On Oneiric it still crashes. I also tried uninstalling and reinstalling Fontforge. Not sure if that is the same a rebuilding. It never gets beyond asking what file to open. So I guess I am on vacation till that is fixed.

Michael Terry (mterry) on 2011-10-25
Changed in fontforge (Ubuntu):
assignee: nobody → Michael Terry (mterry)
summary: - fontforge crashed with SIGSEGV in GImageRead_Png(): no change rebuild
- required
+ fontforge crashed with SIGSEGV in GImageRead_Png() due to optipng
Paul Sladen (sladen) wrote :

Pitti: looks like Optipng is producing duff PNGs that are causing the crashes.

Michael Terry (mterry) wrote :

I can confirm that using the NO_PNG_PKG_MANGLE will workaround this bug. But I suspect that the bug is actually in fontforge's built-in image reader code.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package fontforge - 0.0.20110222-3ubuntu1

---------------
fontforge (0.0.20110222-3ubuntu1) precise; urgency=low

  * debian/patches/902_fix_optipng_reads.diff:
    - Don't crash when reading optimized png files (LP: #805752)
 -- Michael Terry <email address hidden> Tue, 25 Oct 2011 14:26:03 -0400

Changed in fontforge (Ubuntu):
status: Triaged → Fix Released
Michael Terry (mterry) wrote :

I've uploaded a fixed version in oneiric-proposed. This is a good SRU candidate because the bug causes a crash regression that makes fontforge unusable.

To reproduce, run "fontforge /usr/share/fonts/truetype/ubuntu-font-family/Ubuntu-R.ttf"

Subscribing ubuntu-sru.

Michael Terry (mterry) on 2011-10-25
Changed in optipng (Ubuntu):
status: New → Invalid
Changed in optipng (Ubuntu Oneiric):
status: New → Invalid
Changed in fontforge (Ubuntu Oneiric):
assignee: nobody → Michael Terry (mterry)
importance: Undecided → High
status: New → In Progress
Changed in fontforge (Debian):
status: Unknown → New
Changed in fontforge (Debian):
status: New → Fix Released
Chris Halse Rogers (raof) wrote :

You've also merged a couple of Debian revisions into the package you've uploaded to oneiric-proposed. While they look like harmless changes, you haven't mentioned this in the changelog, nor are there any LP bug references.

Those other changes look reasonable - assuming that it's possible to hit those bugs in Oneiric - but I'd just like to check they're intentional before accepting into -proposed.

Michael Terry (mterry) wrote :

Chris, good catch. Totally my fault, in using the precise package as a base for the oneiric. I had forgotten that they diverged.

If you'd like to reject, I can upload one based just on oneiric's packaging.

Martin Pitt (pitti) wrote :

@Michael: rejected, please reupload. Thanks!

Michael Terry (mterry) wrote :

Re-uploaded.

Hello Jorge, or anyone else affected,

Accepted fontforge into oneiric-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in fontforge (Ubuntu Oneiric):
status: In Progress → Fix Committed
tags: added: verification-needed
Adolfo Jayme (fitojb) wrote :

The proposed package no longer segfaults.

tags: added: verification-done
removed: verification-needed

I can confirm it now works with the new proposed update.

Paul Sladen (sladen) wrote :

The proposed fontforge=0.0.20110222-1ubuntu1 works for me, using the testcase:

  fontforge /usr/share/fonts/truetype/ubuntu-font-family/Ubuntu-R.ttf

K. Sethu (skhome) wrote :

Confirming that the proposed update is working for me - Ubuntu 11.04 / Unity Desktop

annnie (seventyeightist) wrote :

Hi, now working for me also (I was one of those affected by this bug) for creating a new font project and opening an existing .TTF file.
Xubuntu 11.10 64-bit

K. Sethu (skhome) wrote :

I might as well add to my comment on #34 that the distro I tested on is 32 bit the Fontforge is i386 archi.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package fontforge - 0.0.20110222-1ubuntu1

---------------
fontforge (0.0.20110222-1ubuntu1) oneiric-proposed; urgency=low

  * debian/patches/902_fix_optipng_reads.diff:
    - Don't crash when reading optimized png files (LP: #805752)
 -- Michael Terry <email address hidden> Thu, 27 Oct 2011 09:05:00 -0400

Changed in fontforge (Ubuntu Oneiric):
status: Fix Committed → Fix Released
BlogCrawler (blogcrawler) wrote :

I am still suffering this bug on Ubuntu 11.10 amd64. Fontforge gives segmentation fault whenever I try to edit (e.g. transform) a glyph.

Paul Sladen (sladen) wrote :

Blogcrawler: is your font transformation bug definitely showing GImageRead_Png() as the course?

  (a) If it is, can you attach a stacktrace/screenshot of the error message

  (b) If it's something else causing the crash; can you open a new bug against Fontforge and we'll try to debug it there so that we don't confuse two bugs (one of which is hopefully fixed).

BlogCrawler (blogcrawler) wrote :

Paul: I noticed that the bug has already been reported in #817290

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.