Re: pango fmr ...

[Owen Taylor <otaylor redhat com>]

Michael Meeks <michael ximian com> writes:

> After much tweaking with -lefence I got:
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 1024 (LWP 30431)]
> 0x408b29a0 in __strcasecmp (s1=0x4e432ff8 <Address 0x4e432ff8 out of
> bounds>, s2=0x4e41cff8 "Sans") at ../sysdeps/generic/strcasecmp.c:64
> 64	../sysdeps/generic/strcasecmp.c: No such file or directory.
> 	in ../sysdeps/generic/strcasecmp.c
> (gdb) bt
> #0  0x408b29a0 in __strcasecmp (s1=0x4e432ff8 <Address 0x4e432ff8 out of
> bounds>, s2=0x4e41cff8 "Sans") at ../sysdeps/generic/strcasecmp.c:64
> #1  0x407653b6 in g_strcasecmp (s1=0x4e432ff8 <Address 0x4e432ff8 out of
> bounds>, s2=0x4e41cff8 "Sans") at gstrfuncs.c:1300
> #2  0x40512ff6 in pango_font_description_equal (desc1=0xbfffbc90,
> desc2=0xbfffbbe0) at fonts.c:92
> #3  0x40517aaa in add_engines (context=0x4e410fe4, text=0x4e422ffc "Ga",
> start_index=0, length=2, attrs=0x4cf94ff4, cached_iter=0x4e424ff0, 
>     n_chars=2, analyses=0x4e42efd0) at pango-context.c:946
> #4  0x40517184 in pango_itemize (context=0x4e410fe4, text=0x4e422ffc "Ga",
> start_index=0, length=2, attrs=0x4cf94ff4, cached_iter=0x4e424ff0)
>     at pango-context.c:566
> #5  0x4051c692 in pango_layout_check_lines (layout=0x4e420fb8) at
> pango-layout.c:2847
> #6  0x4051b213 in pango_layout_get_extents_internal (layout=0x4e420fb8,
> ink_rect=0x0, logical_rect=0xbfffbea0, line_extents=0x0)
>     at pango-layout.c:1897
> #7  0x4051b466 in pango_layout_get_extents (layout=0x4e420fb8,
> ink_rect=0x0, logical_rect=0xbfffbea0) at pango-layout.c:2021
> #8  0x401d10ac in gtk_label_ensure_layout (label=0x4cf66f7c,
> widthp=0xbfffbee4, heightp=0xbfffbee8) at gtklabel.c:1269
> #9  0x401d11cd in gtk_label_size_request (widget=0x4cf66f7c,
> requisition=0x4cf66f98) at gtklabel.c:1294
> #10 0x40160108 in gtk_accel_label_size_request (widget=0x4cf66f7c,
> requisition=0x4cf66f98) at gtkaccellabel.c:272
> #11 0x40616c8d in g_cclosure_marshal_VOID__BOXED (closure=0x41f37ff0,
> return_value=0x0, n_param_values=2, param_values=0xbfffc240, 
>     invocation_hint=0xbfffc140, marshal_data=0x40160020) at gmarshal.c:521
> #12 0x406033bf in g_type_class_meta_marshal (closure=0x41f37ff0,
> return_value=0x0, n_param_values=2, param_values=0xbfffc240, 
>     invocation_hint=0xbfffc140, marshal_data=0x5c) at gclosure.c:513
> #13 0x40602fc2 in g_closure_invoke (closure=0x41f37ff0, return_value=0x0,
> n_param_values=2, param_values=0xbfffc240, invocation_hint=0xbfffc140)
>     at gclosure.c:436
> #14 0x40614fa4 in signal_emit_unlocked_R (node=0x41f41fd8, detail=0,
> instance=0x4cf66f7c, emission_return=0x0, instance_and_params=0xbfffc240)
>     at gsignal.c:2051
> 
> 
> 	It looks to me as if as we do pango-context.c (add_engines)
> 
> 	      !pango_font_description_equal (&current_desc, &next_desc))
> 	    {
> 	      current_desc = next_desc;
> 
> 	      font_set_load (&current_fonts, context, language,&current_desc);
> 	    }
> 
> 	That the current_desc->font_family is setup to point to the result
> of a call to pango_font_describe on a font that is released by
> font_set_load via: font_set_free, resulting in an invalid pointer being
> carried around in current_desc.

OK, you managed to completely confuse me with the reference to 
pango_font_describe(), which isn't involved at all here.... but I think
I see the problem you are getting at.

  orig_family = desc->family_name;
  families = g_strsplit (orig_family, ",", -1);

  font_set->n_families = 0;
  for (j=0; families[j] && font_set->n_families < MAX_FAMILIES; j++)
    {
      desc->family_name = families[j];
      font_set->fonts[font_set->n_families] = pango_context_load_font (context, desc);
      
      if (font_set->fonts[font_set->n_families])
	{
	  font_set->coverages[font_set->n_families] = pango_font_get_coverage (font_set->fonts[font_set->n_families], language);
	  (font_set->n_families)++;
	}
    }
  
  g_strfreev (families);

and desc->family_name is never restored. I've applied the appended
patch. Does it fix your problem?

Regards,
                                        Owen

Index: ChangeLog
===================================================================
RCS file: /cvs/gnome/pango/ChangeLog,v
retrieving revision 1.286
diff -u -r1.286 ChangeLog
--- ChangeLog	2001/07/13 18:27:16	1.286
+++ ChangeLog	2001/07/19 20:46:29
@@ -1,3 +1,8 @@
+Thu Jul 19 16:44:43 2001  Owen Taylor  <otaylor redhat com>
+
+	* pango/pango-context.c (font_set_load): Don't corrupt the
+	font description passed in.
+
 Fri Jul 13 14:24:59 2001  Owen Taylor  <otaylor redhat com>
 
 	* pango/Makefile.am (pango_querymodules_DEPENDENCIES): Fix dependencies
Index: pango/pango-context.c
===================================================================
RCS file: /cvs/gnome/pango/pango/pango-context.c,v
retrieving revision 1.39
diff -u -r1.39 pango-context.c
--- pango/pango-context.c	2001/06/26 19:13:28	1.39
+++ pango/pango-context.c	2001/07/19 20:46:29
@@ -760,20 +760,19 @@
 	       PangoLanguage        *language,
 	       PangoFontDescription *desc)
 {
+  PangoFontDescription tmp_desc = *desc;
   char **families;
-  char *orig_family;
   int j;
 
   font_set_free (font_set);
 
-  orig_family = desc->family_name;
-  families = g_strsplit (orig_family, ",", -1);
+  families = g_strsplit (desc->family_name, ",", -1);
 
   font_set->n_families = 0;
   for (j=0; families[j] && font_set->n_families < MAX_FAMILIES; j++)
     {
-      desc->family_name = families[j];
-      font_set->fonts[font_set->n_families] = pango_context_load_font (context, desc);
+      tmp_desc.family_name = families[j];
+      font_set->fonts[font_set->n_families] = pango_context_load_font (context, &tmp_desc);
       
       if (font_set->fonts[font_set->n_families])
 	{
@@ -783,6 +782,7 @@
     }
   
   g_strfreev (families);
+  tmp_desc.family_name = desc->family_name;
 
   /* The font description was completely unloadable, try with
    * family == "Sans"
@@ -791,19 +791,17 @@
     {
       char *ctmp1, *ctmp2;
       
-      desc->family_name = orig_family;
-      
       ctmp1 = pango_font_description_to_string (desc);
-      desc->family_name = "Sans";
-      ctmp2 = pango_font_description_to_string (desc);
+      tmp_desc.family_name = "Sans";
+      ctmp2 = pango_font_description_to_string (&tmp_desc);
       
       g_warning ("Couldn't load font \"%s\" falling back to \"%s\"", ctmp1, ctmp2);
       g_free (ctmp1);
       g_free (ctmp2);
       
-      desc->family_name = "Sans";
+      tmp_desc.family_name = "Sans";
       
-      font_set->fonts[0] = pango_context_load_font (context, desc);
+      font_set->fonts[0] = pango_context_load_font (context, &tmp_desc);
       if (font_set->fonts[0])
 	{
 	  font_set->coverages[0] = pango_font_get_coverage (font_set->fonts[0], language);
@@ -817,18 +815,18 @@
     {
       char *ctmp1, *ctmp2;
       
-      ctmp1 = pango_font_description_to_string (desc);
-      desc->style = PANGO_STYLE_NORMAL;
-      desc->weight = PANGO_WEIGHT_NORMAL;
-      desc->variant = PANGO_VARIANT_NORMAL;
-      desc->stretch = PANGO_STRETCH_NORMAL;
-      ctmp2 = pango_font_description_to_string (desc);
+      ctmp1 = pango_font_description_to_string (&tmp_desc);
+      tmp_desc.style = PANGO_STYLE_NORMAL;
+      tmp_desc.weight = PANGO_WEIGHT_NORMAL;
+      tmp_desc.variant = PANGO_VARIANT_NORMAL;
+      tmp_desc.stretch = PANGO_STRETCH_NORMAL;
+      ctmp2 = pango_font_description_to_string (&tmp_desc);
       
       g_warning ("Couldn't load font \"%s\" falling back to \"%s\"", ctmp1, ctmp2);
       g_free (ctmp1);
       g_free (ctmp2);
       
-      font_set->fonts[0] = pango_context_load_font (context, desc);
+      font_set->fonts[0] = pango_context_load_font (context, &tmp_desc);
       if (font_set->fonts[0])
 	{
 	  font_set->coverages[0] = pango_font_get_coverage (font_set->fonts[0], language);