cairo_scaled_font_get_type: NULL pointer dereference of scaled_font
Affected version
- OS
- openSUSE Tumbleweed
- version
- 20210704
- Affected GNOME Shell version
- 40.2
- XOrg
Bug summary
GNOME Shell crashes dereferencing a NULL
pointer for parameter scaled_font
of the library function cairo_scaled_font_get_type
.
Steps to reproduce
gnome-shell --x11
What happened
Segmentation fault (core dumped)
What did you expect to happen
I expected GNOME Shell to run.
Relevant logs, screenshots, screencasts etc.
Thread 1 "gnome-shell" received signal SIGSEGV, Segmentation fault.
cairo_scaled_font_get_type (scaled_font=scaled_font@entry=0x0)
at /usr/src/debug/cairo-1.16.0-3.11.x86_64/src/cairo-scaled-font.c:305
№ | code |
---|---|
305 | if (CAIRO_REFERENCE_COUNT_IS_INVALID (&scaled_font->ref_count)) |
-
cairo_scaled_font_get_type (scaled_font=scaled_font@entry=0x0) at /usr/src/debug/cairo-1.16.0-3.11.x86_64/src/cairo-scaled-font.c:305
-
0x00007f5b09a757f4 in font_has_color_glyphs (font=0x0) at ../cogl/cogl-pango/cogl-pango-render.c:538
-
cogl_pango_renderer_set_dirty_glyph (font=0x0, font@entry=, glyph=268435557, glyph@entry=, value=0x561941febae0, value@entry=) at ../cogl/cogl-pango/cogl-pango-render.c:623
-
0x00007f5b09a74a18 in _cogl_pango_glyph_cache_set_dirty_glyphs_cb ( key_ptr=, value_ptr=0x561941febae0, user_data=) at ../cogl/cogl-pango/cogl-pango-glyph-cache.c:386
-
0x00007f5b0a4ec750 in g_hash_table_foreach (hash_table=0x561940e48860, func=func@entry=0x7f5b09a74a00 <_cogl_pango_glyph_cache_set_dirty_glyphs_cb>, user_data=user_data@entry=0x7f5b09a75680 <cogl_pango_renderer_set_dirty_glyph>) at ../glib/ghash.c:2065
-
0x00007f5b09a7703f in _cogl_pango_glyph_cache_set_dirty_glyphs ( func=0x7f5b09a75680 <cogl_pango_renderer_set_dirty_glyph>, cache=0x561941119770) at ../cogl/cogl-pango/cogl-pango-glyph-cache.c:393
-
_cogl_pango_glyph_cache_set_dirty_glyphs ( func=0x7f5b09a75680 <cogl_pango_renderer_set_dirty_glyph>, cache=0x561941119770) at ../cogl/cogl-pango/cogl-pango-glyph-cache.c:393
-
_cogl_pango_set_dirty_glyphs (priv=) at ../cogl/cogl-pango/cogl-pango-render.c:665
-
cogl_pango_ensure_glyph_cache_for_layout (layout=layout@entry=0x7f5af80100d0) at ../cogl/cogl-pango/cogl-pango-render.c:714
-
0x00007f5b09b1fd79 in clutter_text_create_layout (text=text@entry=0x5619416788b0, allocation_width=allocation_width@entry=-1, allocation_height=allocation_height@entry=-1) at ../clutter/clutter/clutter-text.c:1094
-
0x00007f5b09b20186 in clutter_text_get_preferred_width (self=self@entry=0x5619416788b0, for_height=for_height@entry=-1, min_width_p=min_width_p@entry=0x0, natural_width_p=natural_width_p@entry=0x7ffc6ee59a24) at ../clutter/clutter/clutter-text.c:2917
-
0x00007f5b09b21ecc in clutter_text_queue_redraw_or_relayout (self=0x5619416788b0) at ../clutter/clutter/clutter-text.c:4806
-
0x00007f5b09b22007 in buffer_notify_text (buffer=, spec=, self=0x5619416788b0) at ../clutter/clutter/clutter-text.c:4824 --Type for more, q to quit, c to continue without paging--
-
0x00007f5b0a5f46af in g_closure_invoke (closure=0x561941be92b0, return_value=return_value@entry=0x0, n_param_values=2, param_values=param_values@entry=0x7ffc6ee59c00, invocation_hint=invocation_hint@entry=0x7ffc6ee59b80) at ../gobject/gclosure.c:810
-
0x00007f5b0a606f66 in signal_emit_unlocked_R (node=node@entry=0x561940ada790, detail=detail@entry=1511, instance=instance@entry=0x561941fcc6b0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffc6ee59c00) at ../gobject/gsignal.c:3741
-
0x00007f5b0a60db27 in g_signal_emit_valist (instance=, signal_id=, detail=, var_args=var_args@entry=0x7ffc6ee59da0) at ../gobject/gsignal.c:3497
-
0x00007f5b0a60dc7f in g_signal_emit (instance=instance@entry=0x561941fcc6b0, signal_id=, detail=) at ../gobject/gsignal.c:3553
-
0x00007f5b0a5f9154 in g_object_dispatch_properties_changed (object=0x561941fcc6b0, n_pspecs=, pspecs=) at ../gobject/gobject.c:1206
-
0x00007f5b0a5f896a in g_object_notify_queue_thaw (object=0x561941fcc6b0, nqueue=) at ../gobject/gobject.c:341
-
0x00007f5b0a5fb34b in g_object_thaw_notify (object=0x561941fcc6b0) at ../gobject/gobject.c:1443
-
0x00007f5b0962559c in st_label_set_text (label=0x561941bede50, text=0x561941bef260 "Change Background…") at ../src/st/st-label.c:386
-
0x00007f5b0a5f9db6 in object_set_property (object=object@entry=0x561941bede50, pspec=0x5619418952d0, value=0x7ffc6ee5a0b0, nqueue=nqueue@entry=0x561941bea710) at ../gobject/gobject.c:1565
-
0x00007f5b0a5fa2b8 in g_object_new_with_custom_constructor (n_params=1, params=0x7ffc6ee5a0d0, class=0x56194175d060) at ../gobject/gobject.c:1918
-
g_object_new_internal (class=class@entry=0x56194175d060, params=params@entry=0x7ffc6ee5a0d0, n_params=n_params@entry=1) at ../gobject/gobject.c:1937
-
0x00007f5b0a5fb637 in g_object_new_with_properties (object_type=94666472561456, n_properties=, names=, values=) at ../gobject/gobject.c:2102
-
0x00007f5b09beaa09 in ObjectInstance::init_impl (this=0x561941fd1520, context=0x561941122a10, args=..., object=...) at ../gi/wrapperutils.h:907
-
0x00007f5b09beb05a in ObjectBase::init_gobject (context=0x561941122a10, argc=, vp=) at /usr/include/mozjs-78/js/RootingAPI.h:1151
-
0x00007f5b07c93188 in CallJSNative (args=..., reason=, native=0x7f5b09beae00 <ObjectBase::init_gobject(JSContext*, unsigned int, JS::Value*)>, cx=0x561941122a10) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:493
-
js::InternalCallOrConstruct (cx=0x561941122a10, args=..., construct=(unknown: 0x6ee5a370), reason=) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:585
-
0x00007f5b07c9360e in InternalCall (reason=, args=..., cx=0x561941122a10) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:648
-
js::Call (cx=0x561941122a10, fval=..., thisv=..., args=..., rval=..., reason=) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:665
-
0x00007f5b07cfe7f7 in JS_CallFunctionValue (cx=0x561941122a10, obj=..., fval=..., args=..., rval=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/jsapi.cpp:2782
-
0x00007f5b09c02403 in GjsContextPrivate::call_function (this=this@entry=0x56194111d030, this_obj=..., this_obj@entry=..., func_val=..., func_val@entry=..., args=..., rval=...) at ../gjs/context.cpp:1351
-
0x00007f5b09be1203 in ObjectInstance::constructor_impl (this=, context=0x561941122a10, object=..., argv=...) at /usr/include/mozjs-78/js/RootingAPI.h:1152
-
0x00007f5b09bed090 in GIWrapperBase<ObjectBase, ObjectPrototype, ObjectInstance>::constructor (cx=0x561941122a10, argc=, vp=) at /usr/include/mozjs-78/js/RootingAPI.h:1152
-
0x00007f5b07c93f91 in CallJSNative (args=..., reason=js::CallReason::Call, native=0x7f5b09bece20 <GIWrapperBase<ObjectBase, ObjectPrototype, ObjectInstance>::constructor(JSContext*, unsigned int, JS::Value*)>, cx=0x561941122a10) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:493
-
CallJSNativeConstructor (args=..., native=0x7f5b09bece20 <GIWrapperBase<ObjectBase, ObjectPrototype, ObjectInstance>::constructor(JSContext*, unsigned int, JS::Value*)>, cx=0x561941122a10) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:509
-
InternalConstruct (cx=0x561941122a10, args=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:692
-
0x00007f5b07c8557e in js::ConstructFromStack (args=..., cx=) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:738
-
Interpret (cx=0x561941122a10, state=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:3302
-
0x00007f5b07c92b39 in js::RunScript (cx=0x561941122a10, state=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:465
-
0x00007f5b07c92fb3 in js::InternalCallOrConstruct (cx=0x561941122a10, args=..., --Type for more, q to quit, c to continue without paging-- construct=js::NO_CONSTRUCT, reason=) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:620
-
0x00007f5b07c9360e in InternalCall (reason=, args=..., cx=0x561941122a10) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:648
-
js::Call (cx=0x561941122a10, fval=..., thisv=..., args=..., rval=..., reason=) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:665
-
0x00007f5b07cfe7f7 in JS_CallFunctionValue (cx=0x561941122a10, obj=..., fval=..., args=..., rval=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/jsapi.cpp:2782
-
0x00007f5b09c02403 in GjsContextPrivate::call_function (this=this@entry=0x56194111d030, this_obj=..., this_obj@entry=..., func_val=..., func_val@entry=..., args=..., rval=...) at ../gjs/context.cpp:1351
-
0x00007f5b09be1203 in ObjectInstance::constructor_impl (this=, context=0x561941122a10, object=..., argv=...) at /usr/include/mozjs-78/js/RootingAPI.h:1152
-
0x00007f5b09bed090 in GIWrapperBase<ObjectBase, ObjectPrototype, ObjectInstance>::constructor (cx=0x561941122a10, argc=, vp=) at /usr/include/mozjs-78/js/RootingAPI.h:1152
-
0x00007f5b07c93f91 in CallJSNative (args=..., reason=js::CallReason::Call, native=0x7f5b09bece20 <GIWrapperBase<ObjectBase, ObjectPrototype, ObjectInstance>::constructor(JSContext*, unsigned int, JS::Value*)>, cx=0x561941122a10) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:493
-
CallJSNativeConstructor (args=..., native=0x7f5b09bece20 <GIWrapperBase<ObjectBase, ObjectPrototype, ObjectInstance>::constructor(JSContext*, unsigned int, JS::Value*)>, cx=0x561941122a10) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:509
-
InternalConstruct (cx=0x561941122a10, args=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:692
-
0x00007f5b07c8557e in js::ConstructFromStack (args=..., cx=) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:738
-
Interpret (cx=0x561941122a10, state=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:3302
-
0x00007f5b07c92b39 in js::RunScript (cx=0x561941122a10, state=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:465
-
0x00007f5b07c92fb3 in js::InternalCallOrConstruct (cx=0x561941122a10, args=..., construct=js::NO_CONSTRUCT, reason=) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:620
-
0x00007f5b07c9360e in InternalCall (reason=, args=..., cx=0x561941122a10) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:648
-
js::Call (cx=0x561941122a10, fval=..., thisv=..., args=..., rval=..., reason=) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:665
-
0x00007f5b07cfe7f7 in JS_CallFunctionValue (cx=0x561941122a10, obj=..., fval=..., args=..., rval=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/jsapi.cpp:2782
-
0x00007f5b09c02403 in GjsContextPrivate::call_function (this=this@entry=0x56194111d030, this_obj=..., this_obj@entry=..., func_val=..., func_val@entry=..., args=..., rval=...) at ../gjs/context.cpp:1351
-
0x00007f5b09be1203 in ObjectInstance::constructor_impl (this=, context=0x561941122a10, object=..., argv=...) at /usr/include/mozjs-78/js/RootingAPI.h:1152
-
0x00007f5b09bed090 in GIWrapperBase<ObjectBase, ObjectPrototype, ObjectInstance>::constructor (cx=0x561941122a10, argc=, vp=) at /usr/include/mozjs-78/js/RootingAPI.h:1152
-
0x00007f5b07c93f91 in CallJSNative (args=..., reason=js::CallReason::Call, native=0x7f5b09bece20 <GIWrapperBase<ObjectBase, ObjectPrototype, ObjectInstance>::constructor(JSContext*, unsigned int, JS::Value*)>, cx=0x561941122a10) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:493
-
CallJSNativeConstructor (args=..., native=0x7f5b09bece20 <GIWrapperBase<ObjectBase, ObjectPrototype, ObjectInstance>::constructor(JSContext*, unsigned int, JS::Value*)>, cx=0x561941122a10) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:509
-
InternalConstruct (cx=0x561941122a10, args=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:692
-
0x00007f5b07c8557e in js::ConstructFromStack (args=..., cx=) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:738
-
Interpret (cx=0x561941122a10, state=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:3302
-
0x00007f5b07c92b39 in js::RunScript (cx=0x561941122a10, state=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:465
-
0x00007f5b07c941c2 in js::ExecuteKernel (cx=, script=..., envChainArg=..., newTargetValue=..., evalInFrame=..., result=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/Interpreter.cpp:840
-
0x00007f5b07d8be87 in EvaluateSourceBuffer<char16_t> (cx=0x561941122a10, scopeKind=, env=..., optionsArg=..., srcBuf=..., rval=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/CompilationAndEvaluation.cpp:498
-
0x00007f5b07d7414a in JS::Evaluate (cx=0x561941122a10, envChain=envChain@entry=..., --Type for more, q to quit, c to continue without paging-- options=..., srcBuf=..., rval=rval@entry=...) at /usr/src/debug/mozjs78-78.11.0-1.1.x86_64/vm/CompilationAndEvaluation.cpp:529
-
0x00007f5b09c048eb in GjsContextPrivate::eval_with_scope (this=0x56194111d030, scope_object=..., script=, script_len=140722169040608, filename=, retval=...) at /usr/include/mozjs-78/js/RootingAPI.h:903
-
0x00007f5b09c04c0a in GjsContextPrivate::eval (this=0x56194111d030, script=0x7f5b0a8655f0 "imports.ui.environment.init();imports.ui.main.start();", script_len=-1, filename=0x7f5b0a864764 "", exit_status_p=0x7ffc6ee5d20c, error=0x7ffc6ee5d210) at /usr/include/mozjs-78/js/RootingAPI.h:596
-
0x00007f5b09c04db9 in gjs_context_eval (js_context=js_context@entry=0x56194111d150, script=script@entry=0x7f5b0a8655f0 "imports.ui.environment.init();imports.ui.main.start();", script_len=script_len@entry=-1, filename=filename@entry=0x7f5b0a864764 "", exit_status_p=exit_status_p@entry=0x7ffc6ee5d20c, error=error@entry=0x7ffc6ee5d210) at ../gjs/context.cpp:1051
-
0x00007f5b0a84ead1 in gnome_shell_plugin_start (plugin=) at ../src/gnome-shell-plugin.c:127
-
0x00007f5b098f363c in meta_plugin_manager_new (compositor=0x561940b9e320) at ../src/compositor/meta-plugin-manager.c:113
-
meta_compositor_do_manage (compositor=0x561940b9e320, error=0x7ffc6ee5d2a0) at ../src/compositor/compositor.c:556
-
0x00007f5b0991e322 in meta_display_open () at ../src/core/display.c:920
-
meta_start () at ../src/core/main.c:921
-
0x00007f5b0991e989 in meta_run () at ../src/core/main.c:942