[gsl-issues] [Issue 99081] During glyph fallback we s eem to release a font from the fontcache, but then use it again

cmc Tue, 10 Feb 2009 09:01:03 -0800

To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=99081
                 Issue #|99081
                 Summary|During glyph fallback we seem to release a font from t
                        |he fontcache, but then use it again
               Component|gsl
                 Version|OOo 3.0.1
                Platform|All
                     URL|
              OS/Version|Linux
                  Status|NEW
       Status whiteboard|
                Keywords|
              Resolution|
              Issue type|PATCH
                Priority|P3
            Subcomponent|code
             Assigned to|hdu
             Reported by|cmc






------- Additional comments from c...@openoffice.org Tue Feb 10 17:01:00 +0000 
2009 -------
i.e. in this attached .ppt.

valgrind has...

==23673== Invalid read of size 4
==23673==    at 0x4B38197: ImplFontEntry::GetFallbackForUnicode(unsigned long,
String*) const (outdev3.cxx:1542)
==23673==    by 0x4B2D0E3:
ImplDevFontList::GetGlyphFallbackFont(ImplFontSelectData&, rtl::OUString&, int)
const (outdev3.cxx:1975)
==23673==    by 0x4B2D589: ImplFontCache::GetGlyphFallbackFont(ImplDevFontList*,
ImplFontSelectData&, int, rtl::OUString&) (outdev3.cxx:3214)
==23673==    by 0x4B2D781: OutputDevice::ImplGlyphFallbackLayout(SalLayout*,
ImplLayoutArgs&) const (outdev3.cxx:6280)
==23673==    by 0x4B2F6F9: OutputDevice::ImplLayout(String const&, unsigned
short, unsigned short, Point const&, long, long const*, bool) const
(outdev3.cxx:6216)
==23673==    by 0x4B2FC18: OutputDevice::GetTextArray(String const&, long*,
unsigned short, unsigned short) const (outdev3.cxx:5882)
==23673==    by 0x4B2FD0A: OutputDevice::GetTextWidth(String const&, unsigned
short, unsigned short) const (outdev3.cxx:5816)
==23673==    by 0x4853213: WinMtfOutput::DrawText(Point&, String&, long*,
unsigned char, long) (winmtf.cxx:1567)
==23673==    by 0x4859B89: WMFReader::ReadRecordParams(unsigned short)
(winwmf.cxx:486)
==23673==    by 0x485B1F3: WMFReader::ReadWMF() (winwmf.cxx:1065)
==23673==    by 0x485090A: ConvertWMFToGDIMetaFile(SvStream&, GDIMetaFile&,
FilterConfigItem*) (wmf.cxx:57)
==23673==    by 0x480DA05: GraphicFilter::ImportGraphic(Graphic&, String const&,
SvStream&, unsigned short, unsigned short*, unsigned long,
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue>*)
(filter.cxx:1486)
==23673==  Address 0x99488f4 is 260 bytes inside a block of size 268 free'd
==23673==    at 0x400590A: free (vg_replace_malloc.c:323)
==23673==    by 0x4030374: rtl_freeMemory (alloc_global.c:317)
==23673==    by 0x8048D27: operator delete(void*) (in
/usr/lib/openoffice.org3/program/soffice.bin)
==23673==    by 0x4C846EE: ImplServerFontEntry::~ImplServerFontEntry()
(glyphcache.cxx:503)
==23673==    by 0x4B25976: ImplFontCache::Release(ImplFontEntry*) 
(outdev3.cxx:3252)
==23673==    by 0x4B2D8CB: OutputDevice::ImplGlyphFallbackLayout(SalLayout*,
ImplLayoutArgs&) const (outdev3.cxx:6327)
==23673==    by 0x4B2F6F9: OutputDevice::ImplLayout(String const&, unsigned
short, unsigned short, Point const&, long, long const*, bool) const
(outdev3.cxx:6216)
==23673==    by 0x4B2FC18: OutputDevice::GetTextArray(String const&, long*,
unsigned short, unsigned short) const (outdev3.cxx:5882)
==23673==    by 0x4B2FD0A: OutputDevice::GetTextWidth(String const&, unsigned
short, unsigned short) const (outdev3.cxx:5816)
==23673==    by 0x4853213: WinMtfOutput::DrawText(Point&, String&, long*,
unsigned char, long) (winmtf.cxx:1567)
==23673==    by 0x4859B89: WMFReader::ReadRecordParams(unsigned short)
(winwmf.cxx:486)
==23673==    by 0x485B1F3: WMFReader::ReadWMF() (winwmf.cxx:1065)

It looks simply that we have...


for ...
{
   ImplFontEntry* pFallbackFont = mpFontCache->GetGlyphFallbackFont( mpFontList,
     aFontSelData, nFallbackLevel-nDevSpecificFallback, aMissingCodes );
   //pFallbackFont has now e.g. refcount of 1
...
   aFontSelData.mpFontEntry = pFallbackFont;  
...
   mpFontCache->Release( pFallbackFont );
   //pFallbackFont has been deleted, i.e. aFontSelData.mpFontEntry is invalid, 
   //but on the next cycle GetGlyphFallbackFont accesses that 
   //aFontSelData.mpFontEntry
}

---------------------------------------------------------------------
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@gsl.openoffice.org
For additional commands, e-mail: issues-h...@gsl.openoffice.org


---------------------------------------------------------------------
To unsubscribe, e-mail: allbugs-unsubscr...@openoffice.org
For additional commands, e-mail: allbugs-h...@openoffice.org

[gsl-issues] [Issue 99081] During glyph fallback we s eem to release a font from the fontcache, but then use it again

Reply via email to