After running gdb again with debug information for libfreetype and
libcairo, it seems SIGSEGV is received at line 39 of
freetype-2.3.5/src/base/fttype1.c in FT_Get_PS_Font_Info:
39 FT_FACE_FIND_SERVICE( face, service, POSTSCRIPT_INFO );
At this point "face" looks like this:
(gdb) print *face
$1 = {num_faces = -11075584, face_index = 6684672, face_flags = -11599872,
style_flags = 6684672, num_glyphs = -11730944,
family_name = 0x660000 <Address 0x660000 out of bounds>, style_name =
0xff4a0000 <Address 0xff4a0000 out of bounds>,
num_fixed_sizes = 6684672, available_sizes = 0xff430000, num_charmaps =
7012352, charmaps = 0xff3f0000, generic = {data = 0x700000,
finalizer = 0xff3f0000}, bbox = {xMin = 8060928, yMin = -12648448, xMax =
12779520, yMax = -7405568}, units_per_EM = 0, ascender = 195,
descender = 0, height = 3, max_advance_width = 0, max_advance_height = 195,
underline_position = 0, underline_thickness = 32,
glyph = 0xc10000, size = 0x6a0000, charmap = 0x8b0000, driver = 0x6a0000,
memory = 0x680000, stream = 0x6a0000, sizes_list = {head = 0x560000,
tail = 0x4f0000}, autohint = {data = 0x560000, finalizer = 0x350000},
extensions = 0x560000, internal = 0x1b0000}
This is what the same command returns during previous (successful)
invocations of FT_Get_PS_Font_Info:
(gdb) print *face
$1 = {num_faces = 1, face_index = 0, face_flags = 2577, style_flags = 0,
num_glyphs = 11,
family_name = 0xb3a31d98 "NMUXUY+NewCenturySchlbk-Roman", style_name =
0xb3c252e8 "Roman", num_fixed_sizes = 0,
available_sizes = 0x0, num_charmaps = 2, charmaps = 0xb3a2b1e8, generic =
{data = 0x0, finalizer = 0}, bbox = {
xMin = -217, yMin = -302, xMax = 1188, yMax = 1165}, units_per_EM = 1000,
ascender = 1165, descender = -302,
height = 1467, max_advance_width = 0, max_advance_height = 1467,
underline_position = -100,
underline_thickness = 50, glyph = 0xb3c3e7c0, size = 0xb3c3e8a0, charmap =
0xb3c3afd8, driver = 0xb3cf9848,
memory = 0xb3c376d8, stream = 0xb3c3a050, sizes_list = {head = 0xb3a256a0,
tail = 0xb3a256a0}, autohint = {
data = 0x0, finalizer = 0}, extensions = 0x0, internal = 0xb3a34a90}
So it seems to me like the crash is due to FT_Get_PS_Font_Info being
called with illegal (garbage) arguments from libcairo. I couldn't get
debug information to show for the calling function in libcairo (I am
probably doing something wrong) but " grep FT_Get_PS_Font_Info .
-drecurse" says there is just one file that contains occurrences of
FT_Get_PS_Font_Info in libcairo: cairo-type1-subset.c
There are two calls of FT_Get_PS_Font_Info there and in both cases
"face" is constructed through an invocation of
"_cairo_ft_unscaled_font_lock_face".
--
evince crashes while trying to print
https://bugs.launchpad.net/bugs/157797
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
