evince crashed with SIGSEGV in FcConfigSubstituteWithPat()

StacktraceTop:IA__FcConfigSubstituteWithPat (config=0x27940b0, p=0x7fc1eea99290, p_pat=0x0,
GlobalParams::getDisplayFont (this=0x2989190, font=0x7fc1eeb14f70) at GlobalParams.cc:1097
CairoFont::create (gfxFont=0x7fc1eeb14f70, xref=0x7fc1eeaa1740, lib=0x29735f0, useCIDs=1)
CairoFontEngine::getFont (this=0x7fc1eea017e0, gfxFont=0x7fc1eeb14f70, xref=0x7fc1eeaa1740)
CairoOutputDev::updateFont (this=0x7fc1eea020a0, state=0x7fc1eea033c0)

looks like a fontconfig issue, reassigning.

I think this also affects OpenOffice.org, bug 254359. It crashes any time a font is added/removed and fc-cache is rerun.

Greg,

When the crash happened were you also doing a system update and/or installing any fonts? I see a similar crash with OpenOffice.org due to adding/removing fonts from fontconfig.

Thanks,

Chris Cheney

Chris,

I don't believe so, but I could be wrong.

Any other people from the duplicates remember if they were updating and/or installing any fonts when this crash happened?

Best,

Greg

... As far as i remember I had just done a system update, When it crashed,
think i minimized the windows and used compiz... but I'm not sure at all...

:)

2008/10/28 Greg Grossmeier <email address hidden>

> Chris,
> this system had just done a update
> I don't believe so, but I could be wrong.
>
> Any other people from the duplicates remember if they were updating
> and/or installing any fonts when this crash happened?
>
> Best,
>
> Greg
>
> --
> evince crashed with SIGSEGV in FcConfigSubstituteWithPat()
> https://bugs.launchpad.net/bugs/286175
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>
> Status in "fontconfig" source package in Ubuntu: Confirmed
>
> Bug description:
> Binary package hint: evince
>
> Opening a pdf document from the web.
>
> Crashed before it was able to render anything.
>
> Link: http://www.copyright.gov/history/1790act.pdf
>
> I am not currently able to reproduce it, unfortunately.
>
> ProblemType: Crash
> Architecture: amd64
> DistroRelease: Ubuntu 8.10
> ExecutablePath: /usr/bin/evince
> NonfreeKernelModules: nvidia
> Package: evince 2.24.0-0ubuntu2
> ProcAttrCurrent: unconfined
> ProcCmdline: evince
> file:///home/username/Documents/Grad_School/SI-519/SI519%20-%20SyllabusF2008.%20Aug.%2026.pdf
> ProcEnviron:
>
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
> LANG=en_US.UTF-8
> SHELL=/bin/bash
> Signal: 11
> SourcePackage: evince
> StacktraceTop:
> FcConfigSubstituteWithPat ()
> GlobalParams::getDisplayFont (this=0x2989190,
> CairoFont::create (gfxFont=0x7fc1eeb14f70,
> CairoFontEngine::getFont (this=0x7fc1eea017e0,
> CairoOutputDev::updateFont (this=0x7fc1eea020a0,
> Title: evince crashed with SIGSEGV in FcConfigSubstituteWithPat()
> Uname: Linux 2.6.27-7-generic x86_64
> UserGroups: adm admin audio cdrom dialout dip floppy fuse lpadmin plugdev
> sambashare video
>

This crash happens when I installed msttcorefonts.

I tryed to open pdf made with docbook

This *might* be an OOo and Evince issue not related to fontconfig but it needs more investigation. It didn't seem to start happening until Intrepid in any case and OOo didn't change that much between Hardy and Intrepid.

This bug might be related:

https://bugzilla.novell.com/show_bug.cgi?id=436441

Patch for the OpenOffice version of the crash available here: http://qa.openoffice.org/issues/show_bug.cgi?id=94069 .

"Installing a font while OOo is running runs the risk of referencing stuff in psprint's m_pDefConfig which is now invalid... It looks like a safer bet to use FcConfigGetCurrent()..."

I can confirm this bug.

Steps to reproduce added to the summary.

As an additional note, it seems firefox is also partially affected. Once doing the steps to reproduce, if firefox is open, the render on some pages get completely screwed up.

I don't think the issue is with fontconfig itself, but some programs using fontconfig in a way that is not supported (there is an API, but at least in OpenOffice, it access a direct pointer which becomes void if a font is adding or removed).

It seems my method to reproduce is not 100% foolproof, as I can not make evience crash reliably (at least when I have GDB or valgrind attached). However, I've noticed if the fc-cache is run and forces an update of system caches, it seems rendering bugs on my hardware appear (i.e., xchat and firefox seem to screw up from time to time, possibly from accessing the old cache or the old fonts).

I just got this crash in an up-to-date Jaunty, no updates done on this bootup; Have 5 Firefox windows and HAD 8 or 9 Evince PDF's open. Opened one more and BOOM.

I've been unable to reproduce it though, much to my annoyance.

could you try if that's still an issue in jaunty?

I get this crash in Karmic-i386 as well.

Issue there in Karmic x64 as well.

any hints how to reproduce? maybe this happens for a specific .pdf/font?

oh sorry. failed to read the summary :)

I'd like to add that I've seen this happening after installing the Adobe Minion Pro fonts into $HOME/.fonts/ and then opening a Nature research paper (they use the Minion Pro font family).

Sorry, last post refers to a crash I've seen in evince in fully up-to-date Karmic.

10.4 lucid beta1 bug

Thank you for reporting this bug to Ubuntu. Intrepid Ibex 8.10 reached EOL on 30 March 2010.
Please see this document for currently supported Ubuntu releases:
https://wiki.ubuntu.com/Releases

Please feel free to report any other bugs you may find.
Thank you.

I realized I had made a mistake.
Intrepid Ibex 8.10 "will reach" EOL on 30 "APRIL" 2010.

Sorry for this.

Anyway, I think that one month doesn't make any difference now.

As of Natty (and not earlier versions), FcConfigSubstituteWithPat() reproducibly crashes in some Windows applications running under Wine. Example backtrace:

Unhandled exception: denormal float operand in 32-bit code (0x7e9d9310).
Register dump:
 CS:0023 SS:002b DS:002b ES:002b FS:0063 GS:006b
 EIP:7e9d9310 ESP:00d6de60 EBP:00d6dec8 EFLAGS:00010202( R- -- I - - - )
 EAX:00000003 EBX:7e9ffff4 ECX:00000012 EDX:00000003
 ESI:00000003 EDI:00000003
Stack dump:
0x00d6de60: 00d6de98 00d6df24 7e9ffff4 7e9ffff4
0x00d6de70: 7d730140 7d77a650 00d6dec8 00000012
0x00d6de80: 00000000 00000014 f75fe3c0 00000003
0x00d6de90: 7d72d9f0 00000003 00000003 7d7304f0
0x00d6dea0: 00000003 00000003 7d72d9f0 00000003
0x00d6deb0: 00000001 7d77a528 7e9d929b 7e9ffff4
Backtrace:
=>0 0x7e9d9310 in libfontconfig.so.1 (+0x7310) (0x00d6dec8)
  1 0x7e9da382 FcConfigSubstituteWithPat+0x191() in libfontconfig.so.1 (0x00d6df48)
  2 0x7e9da8e7 FcConfigSubstitute+0x26() in libfontconfig.so.1 (0x00d6df68)
  3 0x7e96ef72 X11DRV_XRender_SelectFont+0xc41(physDev=0x1535d8, hfont=0xe98) [/home/user/wine/dlls/winex11.drv/xrender.c:935] in winex11 (0x00d6e108)
  4 0x7e965e05 X11DRV_SelectFont+0xee4(physDev=0x1535d8, hfont=0xe98, gdiFont=0x189c88) [/home/user/wine/dlls/winex11.drv/xfont.c:3241] in winex11 (0x00d6e558)
  5 0x7ec0c19f FONT_SelectObject+0x9e(handle=0xe98, hdc=0x660) [/home/user/wine/dlls/gdi32/font.c:546] in gdi32 (0x00d6e5c8)
  6 0x7ec22eeb SelectObject+0xba(hdc=0x660, hObj=0xe98) [/home/user/wine/dlls/gdi32/gdiobj.c:1112] in gdi32 (0x00d6e618)
  7 0x7e6d45fa SelectObject16+0x19(hdc=0x660, handle=0xe98) [/home/user/wine/dlls/gdi.exe16/gdi.c:1101] in gdi.exe16 (0x00d6e638)
  8 0x7e6d05da __i686.get_pc_thunk.bx+0xc82() in gdi.exe16 (0x00d6e648)
  9 0x7eadac9e __wine_call_from_16+0x75() in krnl386.exe16 (0x00d6e678)
  10 0x1227:0x213e (0x124f:0x4b6e)
  11 0x1227:0x20a9 (0x124f:0x4c7a)
  12 0x1227:0x1dde (0x124f:0x4c8c)
  13 0x1237:0x2af8 (0x124f:0x4c9c)
  14 0x1237:0x29a2 (0x124f:0x4cb0)
  15 0x123f:0x3aa9 (0x124f:0x4dd4)
  16 0x123f:0x2305 (0x124f:0x4df2)
  17 0x123f:0x0b32 (0x124f:0x4f64)
  18 0x1237:0x2533 (0x124f:0x507a)
  19 0x1237:0x6e26 (0x124f:0x5096)
  20 0x11df:0x0072 (0x124f:0x50a8)
  21 0x11df:0x0000 (0x124f:0x0000)
0x7e9d9310: fstpl 0xffffffe0(%ebp)

Yes, it happens for more than one application, and no, none of them are freely available.

Above Wine's failure seems to be reproduced with 16-bit Windows application.

I ran Emi Clock ( http://www003.upp.so-net.ne.jp/motosoft/ ) Windows 3.1 version, a similar failure occurred, because the code also crashes with fstpl opcode.

I'll attach wine-emiclock16-dump.txt which produced with libfontconfig1-dbg(2.8.0-2.1ubuntu3) and wine1.2-dbg(1.2.2-0ubuntu6) under my x86 PC.

I guess unmasking FPU's denormal exception flag is a trigger of this bug.

I made a small source code, bug.c, to demonstrate it.

Please compile it with following instruction:
| % gcc -o bug bug.c -lfontconfig
Then run it.
| % ./bug
| zsh: floating point exception ./bug
The code crashed with SIGFPE.

But the following:
| % gcc -DBUG_OFF -o bug bug.c -lfontconfig
| % ./bug
It works fine.

Not reproducing on precise. Both the test case in the description, and the bug.c test case (thanks!) seem to be working fine.

Further, in the backtraces while there are mentions of cairo, those calls aren't from cairo's source code (the calls are C++, but cairo is all C).

Official support for Ubuntu 11.04 "Natty Narwhal" and earlier releases has ended. Is this still occurring on Ubuntu 17.10 "Artful Aardvark"?