gtk4.14 crash in gsk_get_unhinted_glyph_string_extents() when no font is installed
When running tests for gnome-characters I ran in to a segfault when no font is installed.
gtk4 4.14 adds gsk_get_unhinted_glyph_string_extents()
, which, when no font is installed, calls cairo_scaled_font_get_font_options()
with a null font pointer, which gets unconditionally dereferenced: https://gitlab.freedesktop.org/cairo/cairo/-/blob/master/src/cairo-scaled-font.c#L3089-3113
This code was introduced in: 0127217e
I reported this in the cario gitlab, and one of the maintainers recommended I report this to gtk: https://gitlab.freedesktop.org/cairo/cairo/-/issues/831
Here is the backtrace:
GSETTINGS_SCHEMA_DIR=/builddir/gnome-characters-46.0/build/data GJS_PATH=/builddir/gnome-characters-46.0/src:/builddir/gnome-characters-46.0/build/src GI_TYPELIB_PATH=/builddir/gnome-characters-46.0/build/lib MALLOC_PERTURB_=49 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 LD_LIBRARY_PATH=/builddir/gnome-characters-46.0/build/lib ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 GSETTINGS_BACKEND=memory /usr/bin/xvfb-run -a gdb /usr/bin/gjs-console /builddir/gnome-characters-46.0/build/../tests/testUtil.js
GNU gdb (GDB) 14.2
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/bin/gjs-console...
(No debugging symbols found in /usr/bin/gjs-console)
"/builddir/gnome-characters-46.0/build/../tests/testUtil.js" is not a core dump: file format not recognized
(gdb) run /builddir/gnome-characters-46.0/build/../tests/testUtil.js
Starting program: /usr/bin/gjs-console /builddir/gnome-characters-46.0/build/../tests/testUtil.js
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib64/libthread_db.so.1".
[New Thread 0x7ffff57ff6c0 (LWP 30378)]
[Thread 0x7ffff57ff6c0 (LWP 30378) exited]
[New Thread 0x7ffff4bff6c0 (LWP 30379)]
[New Thread 0x7ffff4a006c0 (LWP 30380)]
[New Thread 0x7ffff48016c0 (LWP 30381)]
[New Thread 0x7ffff46026c0 (LWP 30382)]
[New Thread 0x7ffff44036c0 (LWP 30383)]
[New Thread 0x7ffff42046c0 (LWP 30384)]
[New Thread 0x7fffedfff6c0 (LWP 30385)]
[New Thread 0x7fffede006c0 (LWP 30386)]
[New Thread 0x7ffff57ff6c0 (LWP 30387)]
[New Thread 0x7fffedc016c0 (LWP 30388)]
[New Thread 0x7fffed4006c0 (LWP 30389)]
[New Thread 0x7fffe6fff6c0 (LWP 30406)]
MESA: error: ZINK: vkCreateInstance failed (VK_ERROR_INCOMPATIBLE_DRIVER)
libEGL warning: egl: failed to create dri2 screen
MESA: error: ZINK: vkCreateInstance failed (VK_ERROR_INCOMPATIBLE_DRIVER)
glx: failed to create drisw screen
[New Thread 0x7fffe57aa6c0 (LWP 30407)]
[New Thread 0x7fffe4fa96c0 (LWP 30408)]
[New Thread 0x7fffd15ff6c0 (LWP 30409)]
[New Thread 0x7fffd0dfe6c0 (LWP 30410)]
[New Thread 0x7fffc3fff6c0 (LWP 30411)]
[New Thread 0x7fffc37fe6c0 (LWP 30412)]
[New Thread 0x7fffc2ffd6c0 (LWP 30413)]
[New Thread 0x7fffc27fc6c0 (LWP 30414)]
[New Thread 0x7fffc1ffb6c0 (LWP 30415)]
[New Thread 0x7fffc17fa6c0 (LWP 30416)]
[New Thread 0x7fffc0ff96c0 (LWP 30417)]
[New Thread 0x7fff9bfff6c0 (LWP 30418)]
[New Thread 0x7fff9b7fe6c0 (LWP 30419)]
[New Thread 0x7fff9affd6c0 (LWP 30420)]
[New Thread 0x7fff9a7fc6c0 (LWP 30421)]
[New Thread 0x7fff99ffb6c0 (LWP 30422)]
[New Thread 0x7fff997fa6c0 (LWP 30423)]
Thread 1 "gjs-console" received signal SIGSEGV, Segmentation fault.
cairo_scaled_font_get_font_options (scaled_font=0x0, options=0x5555573a0c90)
at ../src/cairo-scaled-font.c:3106
warning: 3106 ../src/cairo-scaled-font.c: No such file or directory
(gdb) bt
#0 cairo_scaled_font_get_font_options (scaled_font=0x0,
options=0x5555573a0c90) at ../src/cairo-scaled-font.c:3106
#1 0x00007fffe78ee5ef in gsk_reload_font.constprop.0 (font=0x0, scale=1,
hint_style=CAIRO_HINT_STYLE_NONE, antialias=CAIRO_ANTIALIAS_DEFAULT,
hint_metrics=CAIRO_HINT_METRICS_OFF) at ../gsk/gskprivate.c:85
#2 0x00007fffe787c58c in gsk_get_unhinted_glyph_string_extents (
ink_rect=0x7fffffffb750, font=0x0, glyphs=0x5555573aacb0)
at ../gsk/gskprivate.c:159
#3 gsk_text_node_new (font=0x0, glyphs=0x5555573aacb0, color=0x7fffffffb7c0,
offset=0x7fffffffb7b8) at ../gsk/gskrendernodeimpl.c:5827
#4 0x00007fffe76f5131 in gtk_snapshot_append_text (y=<optimized out>,
x=<optimized out>, color=0x7fffffffb7c0, glyphs=0x5555573aacb0, font=0x0,
snapshot=0x5555573a5520) at ../gtk/gtksnapshot.c:2399
#5 gsk_pango_renderer_draw_glyph_item (renderer=<optimized out>,
text=<optimized out>, glyph_item=<optimized out>, x=<optimized out>,
y=<optimized out>) at ../gtk/gskpango.c:102
#6 0x00007fffecb2868e in pango_renderer_draw_glyph_item (
renderer=0x5555573a6520, text=0x5555573a02d0 "🍕",
glyph_item=0x5555573aaec0, x=21845, y=14336)
at ../pango/pango-renderer.c:856
#7 0x00007fffecb32dc9 in pango_renderer_draw_layout_line (
renderer=renderer@entry=0x5555573a6520, line=line@entry=0x55555739b800,
x=0, y=1463444864) at ../pango/pango-renderer.c:691
#8 0x00007fffecb333dd in pango_renderer_draw_layout (renderer=0x5555573a6520,
layout=<optimized out>, x=0, y=0) at ../pango/pango-renderer.c:201
#9 0x00007fffe76f1691 in gtk_snapshot_append_layout (snapshot=0x5555573a5520,
layout=0x5555573a0350, color=0x5555573a08a0) at ../gtk/gskpango.c:483
#10 0x00007ffff78ede6d in ?? () from /usr/lib/libffi.so.7
#11 0x00007ffff78ed2aa in ?? () from /usr/lib/libffi.so.7
#12 0x00007ffff7ecadbe in ?? () from /usr/lib/libgjs.so.0
#13 0x00007ffff7ecb053 in ?? () from /usr/lib/libgjs.so.0
#14 0x00007ffff6961c59 in ?? () from /usr/lib/libmozjs-115.so.0
#15 0x00007ffff6956a5d in ?? () from /usr/lib/libmozjs-115.so.0
#16 0x00007ffff69618cd in ?? () from /usr/lib/libmozjs-115.so.0
#17 0x00007ffff6961d8c in ?? () from /usr/lib/libmozjs-115.so.0
#18 0x00007ffff6e798b8 in ?? () from /usr/lib/libmozjs-115.so.0
#19 0x00001f8b78ec4e5c in ?? ()
#20 0x00007fffffffc890 in ?? ()
#21 0x00007fffffffc6e8 in ?? ()
#22 0x0000000000000000 in ?? ()
(gdb)
Edited by A G