Bug#656359: fontforge: Segfault when pressing modifier/arrow keys if more than 4 points are selected

[Theppitak Karoonboonyanan]

Package: fontforge
Version: 0.0.20110222-6
Severity: grave

Fontforge consistently crashes (segmentation fault) when pressing any
modifier key (Ctrl, Alt or Shift) or arrow key if more than 4 points are
currently selected. This is annoying for font editing, as all keyboard
shortcuts become virtually crippled. And the crash can cause the loss of
unsaved data.

Steps to reproduce:
- Start fontforge and create a new font.
- Randomly choose a first glyph to edit.
- Draw splines with at least 5 points.
- Select up to 4 points and press a modifier or arrow key. It won't crash.
- Select at least 5 points and press a modifier or arrow key. It will
  always crash.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=th_TH.utf8, LC_CTYPE=th_TH.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages fontforge depends on:
ii  libc6 2.13-24
ii  libcairo2 1.10.2-6.2
ii  libfontconfig12.8.0-3
ii  libfontforge1 0.0.20110222-6
ii  libfreetype6  2.4.8-1
ii  libgdraw4 0.0.20110222-6
ii  libgif4   4.1.6-9
ii  libglib2.0-0  2.30.2-5
ii  libice6   2:1.0.7-2
ii  libjpeg8  8c-2
ii  libpango1.0-0 1.29.4-2thep1
ii  libpng12-01.2.46-4
ii  libpython2.7  2.7.2-12
ii  libsm62:1.2.0-2
ii  libspiro0 20071029-2
ii  libtiff4  3.9.5-2
ii  libuninameslist0  0.0.20091231-1.1
ii  libx11-6  2:1.4.4-4
ii  libxft2   2.2.0-3
ii  libxml2   2.7.8.dfsg-6
ii  zlib1g1:1.2.3.4.dfsg-3

fontforge recommends no packages.

Versions of packages fontforge suggests:
pn  autotrace none
pn  fontforge-doc none
pn  fontforge-extras  none
pn  potrace   none
pn  python-fontforge  none

-- no debconf information




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#656359: [Pkg-fonts-devel] Bug#656359: fontforge: Segfault when pressing modifier/arrow keys if more than 4 points are selected

[Daniel Kahn Gillmor]

On 01/18/2012 01:33 PM, Theppitak Karoonboonyanan wrote:
 Package: fontforge
 Version: 0.0.20110222-6
 Severity: grave
 
 Fontforge consistently crashes (segmentation fault) when pressing any
 modifier key (Ctrl, Alt or Shift) or arrow key if more than 4 points are
 currently selected. This is annoying for font editing, as all keyboard
 shortcuts become virtually crippled. And the crash can cause the loss of
 unsaved data.
 
 Steps to reproduce:
 - Start fontforge and create a new font.
 - Randomly choose a first glyph to edit.
 - Draw splines with at least 5 points.
 - Select up to 4 points and press a modifier or arrow key. It won't crash.
 - Select at least 5 points and press a modifier or arrow key. It will
   always crash.

I can reproduce this on an i386 system with the same version of
fontforge. :(

When trying to get a backtrace with fontforge-dbg 0.0.20110222-6
installed, i get the following error message (twice) from gdb:

warning: the debug information found in
/usr/lib/debug//usr/bin/fontforge does not match /usr/bin/fontforge
(CRC mismatch).

Pressing ahead anyway, i can trigger the segfault, and i get this
(partially-mangled) backtrace:

xb7c7ec4c in CVLayer (cv=0x86a3858) at cvundoes.c:552
552 cvundoes.c: No such file or directory.
in cvundoes.c
(gdb) bt
#0  0xb7c7ec4c in CVLayer (cv=0x86a3858) at cvundoes.c:552
#1  0x0808faf0 in ?? ()
#2  0xb7b97518 in GMenuSearchShortcut (gw=0x85f70f0, mi=optimized out,
event=
0xbfffe8c8, call_moveto=1) at gmenu.c:951
#3  0xb7b9bc5c in GMenuBarCheckKey (g=0x85f7200, event=0xbfffe8c8)
at gmenu.c:1500
#4  0xb7b6ce4d in _GWidget_TopLevel_Key (top=optimized out, ew=0x85fd7f0,
event=0xbfffe8c8) at gcontainer.c:498
#5  0xb7b6e1a7 in _GWidget_Container_eh (gw=0x85fd7f0, event=0xbfffe8c8)
at gcontainer.c:337
#6  0xb7bcbe74 in dispatchEvent (gdisp=optimized out, event=0xbfffea7c)
at gxdraw.c:3869
#7  0xb7bcd21c in GXDrawEventLoop (gd=0x8439f48) at gxdraw.c:3968
#8  0xb7b7097b in GDrawEventLoop (gdisp=optimized out) at gdraw.c:748
#9  0x08061f5a in ?? ()
#10 0xb6bcbe46 in __libc_start_main (main=0x80611b0, argc=1, ubp_av=
0xb864, init=0x81c8660, fini=0x81c8650, rtld_fini=0xb7ff1310,
stack_end=0xb85c) at libc-start.c:228
#11 0x08062cd1 in ?? ()
Backtrace stopped: Not enough registers or memory available to unwind
further
(gdb)

hope this is helpful in debugging,

--dkg



signature.asc
Description: OpenPGP digital signature

Bug#656359: [Pkg-fonts-devel] Bug#656359: Bug#656359: fontforge: Segfault when pressing modifier/arrow keys if more than 4 points are selected

[john knightley]

  To the best of my knowledge this error occurs because of a change in
something that fontforge is dependent upon not because of a change in
fontforge itself the same error occurs if one  puts an older version of
fontforge on a newer Linux. I got the same error when I upgrade
unbuntu-9.10 to ubuntu-10.04, and also when I tried running fontforge on
PuppyLinux, both using a 2009 build.  I thought briefly by using a newer
build had solved this, but on checking the further it is still there - just
that it a few case one can use these keys. The widgets for fontforge where
written by George Williams himself which may make check dependencies a
little harder. Of course saying this does not mean that changing the
depends list will solve the problem but it is a good place to start.

John Knightley


On Thu, Jan 19, 2012 at 6:36 AM, Daniel Kahn Gillmor
d...@fifthhorseman.netwrote:

 On 01/18/2012 01:33 PM, Theppitak Karoonboonyanan wrote:
  Package: fontforge
  Version: 0.0.20110222-6
  Severity: grave
 
  Fontforge consistently crashes (segmentation fault) when pressing any
  modifier key (Ctrl, Alt or Shift) or arrow key if more than 4 points are
  currently selected. This is annoying for font editing, as all keyboard
  shortcuts become virtually crippled. And the crash can cause the loss of
  unsaved data.
 
  Steps to reproduce:
  - Start fontforge and create a new font.
  - Randomly choose a first glyph to edit.
  - Draw splines with at least 5 points.
  - Select up to 4 points and press a modifier or arrow key. It won't
 crash.
  - Select at least 5 points and press a modifier or arrow key. It will
always crash.

 I can reproduce this on an i386 system with the same version of
 fontforge. :(

 When trying to get a backtrace with fontforge-dbg 0.0.20110222-6
 installed, i get the following error message (twice) from gdb:

 warning: the debug information found in
 /usr/lib/debug//usr/bin/fontforge does not match /usr/bin/fontforge
 (CRC mismatch).

 Pressing ahead anyway, i can trigger the segfault, and i get this
 (partially-mangled) backtrace:

 xb7c7ec4c in CVLayer (cv=0x86a3858) at cvundoes.c:552
 552 cvundoes.c: No such file or directory.
in cvundoes.c
 (gdb) bt
 #0  0xb7c7ec4c in CVLayer (cv=0x86a3858) at cvundoes.c:552
 #1  0x0808faf0 in ?? ()
 #2  0xb7b97518 in GMenuSearchShortcut (gw=0x85f70f0, mi=optimized out,
 event=
0xbfffe8c8, call_moveto=1) at gmenu.c:951
 #3  0xb7b9bc5c in GMenuBarCheckKey (g=0x85f7200, event=0xbfffe8c8)
at gmenu.c:1500
 #4  0xb7b6ce4d in _GWidget_TopLevel_Key (top=optimized out, ew=0x85fd7f0,
event=0xbfffe8c8) at gcontainer.c:498
 #5  0xb7b6e1a7 in _GWidget_Container_eh (gw=0x85fd7f0, event=0xbfffe8c8)
at gcontainer.c:337
 #6  0xb7bcbe74 in dispatchEvent (gdisp=optimized out, event=0xbfffea7c)
at gxdraw.c:3869
 #7  0xb7bcd21c in GXDrawEventLoop (gd=0x8439f48) at gxdraw.c:3968
 #8  0xb7b7097b in GDrawEventLoop (gdisp=optimized out) at gdraw.c:748
 #9  0x08061f5a in ?? ()
 #10 0xb6bcbe46 in __libc_start_main (main=0x80611b0, argc=1, ubp_av=
0xb864, init=0x81c8660, fini=0x81c8650, rtld_fini=0xb7ff1310,
stack_end=0xb85c) at libc-start.c:228
 #11 0x08062cd1 in ?? ()
 Backtrace stopped: Not enough registers or memory available to unwind
 further
 (gdb)

 hope this is helpful in debugging,

--dkg


 ___
 Pkg-fonts-devel mailing list
 pkg-fonts-de...@lists.alioth.debian.org
 http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-fonts-devel

Bug#656359: [Pkg-fonts-devel] Bug#656359: Bug#656359: fontforge: Segfault when pressing modifier/arrow keys if more than 4 points are selected

[Christian PERRIER]

Quoting Daniel Kahn Gillmor (d...@fifthhorseman.net):

 I can reproduce this on an i386 system with the same version of
 fontforge. :(
 
 When trying to get a backtrace with fontforge-dbg 0.0.20110222-6
 installed, i get the following error message (twice) from gdb:


Anyone in the pkg-fonts team wanting to take responsibility on getting
in touch with fontforge upstream about this issue?

Kestutis is unfortunately unresponsive these days and I tried to do
my best to at least keep some maintenance on fontforge, but my
expertise is not enough, here (and so is my free time). 

So, really, help woul dbe appreciated.





signature.asc
Description: Digital signature

Bug#656359: [Pkg-fonts-devel] Bug#656359: Bug#656359: Bug#656359: fontforge: Segfault when pressing modifier/arrow keys if more than 4 points are selected

[Daniel Kahn Gillmor]

On 01/19/2012 01:08 AM, Christian PERRIER wrote:
 Anyone in the pkg-fonts team wanting to take responsibility on getting
 in touch with fontforge upstream about this issue?

i've just written to the fontforge-devel list, cc'ing this bug report,
and marked this bug as forwarded to

  http://sourceforge.net/mailarchive/message.php?msg_id=28696933

 So, really, help woul dbe appreciated.

i'm also not very clear how i should go about this.  I'm particularly
concerned, though, because of the weird gdb error messages, which i have
no idea how to interpret or workaround.

I've tried a rebuild of fontforge from source on a sid i386 system, and
my self-generated packages give the same gdb error (and show the same
crashing behavior, of course).

here's a bit more detail i managed to coax out of the debugger, though:


Program received signal SIGSEGV, Segmentation fault.
0xb7c85c4c in CVLayer (cv=0x8667c60) at cvundoes.c:552
552 return( cv-layerheads[cv-drawmode]-cv-sc-layers );
(gdb) bt
#0  0xb7c85c4c in CVLayer (cv=0x8667c60) at cvundoes.c:552
#1  0x0808fb00 in ?? ()
#2  0xb7b9c618 in GMenuSearchShortcut (gw=0x8614408, mi=optimized out,
event=0xbfffe038, call_moveto=1) at gmenu.c:951
#3  0xb7ba0d5c in GMenuBarCheckKey (g=0x8614498, event=0xbfffe038) at
gmenu.c:1500
#4  0xb7b71f4d in _GWidget_TopLevel_Key (top=optimized out,
ew=0x8619b98, event=0xbfffe038) at gcontainer.c:498
#5  0xb7b732a7 in _GWidget_Container_eh (gw=0x8619b98, event=0xbfffe038)
at gcontainer.c:337
#6  0xb7bd16cc in dispatchEvent (gdisp=optimized out,
event=0xbfffe1ec) at gxdraw.c:3869
#7  0xb7bd2b6c in GXDrawEventLoop (gd=0x847ad30) at gxdraw.c:3968
#8  0xb7b75a7b in GDrawEventLoop (gdisp=optimized out) at gdraw.c:748
#9  0x08061f6a in ?? ()
#10 0xb6bbde46 in __libc_start_main () from
/lib/i386-linux-gnu/i686/cmov/libc.so.6
#11 0x08062ce1 in ?? ()
Backtrace stopped: Not enough registers or memory available to unwind
further
(gdb) print *(cv-sc)
Cannot access memory at address 0x4324
(gdb) print *cv
$1 = {next = 0x4324, fv = 0x44148000, sc = 0x4324, layerheads =
{0x44148000, 0x4324, 0x44148000},
  drawmode = 51 '3', ft_gridfitwidth = 82, gridfit = 0xfffefffe,
container = 0x0}
(gdb)

not sure what to make of it, though.  my fontforge programming chops are
weak.

all the best,

--dkg



signature.asc
Description: OpenPGP digital signature