Use-after-free in PangoWin32FontMap
Platform: Windows 11 22H2
Compiler: GCC 13.1.0 / Vala 0.56.9
GLib 2.76.4
Thread 51 "Intellisense" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 13108.0x444c]
g_list_find (list=0xbaadf00d00000000, data=data@entry=0x29b5d1e0)
at ../glib-2.76.4/glib/glist.c:896
896 if (list->data == data)
(gdb) bt
#0 g_list_find (list=0xbaadf00d00000000, data=data@entry=0x29b5d1e0)
at ../glib-2.76.4/glib/glist.c:896
#1 0x00007fff8940860f in g_queue_find (queue=0x381d4a0,
data=data@entry=0x29b5d1e0) at ../glib-2.76.4/glib/gqueue.c:306
#2 0x00007fff58f86e36 in _pango_win32_fontmap_cache_remove (
fontmap=fontmap@entry=0x381cb90, win32font=win32font@entry=0x29b5d1e0)
at ../pango/pangowin32-fontmap.c:1940
#3 0x00007fff6091762b in _pango_cairo_win32_font_new (cwfontmap=0x381cb90,
context=0x2809c880, face=0x3a52c60, desc=0x2b1cc950)
at ../pango/pangocairo-win32font.c:266
#4 0x00007fff58f85b11 in pango_win32_font_map_fontset_add_fonts (
fontmap=fontmap@entry=0x381cb90, context=context@entry=0x2809c880,
fonts=fonts@entry=0x2b1a7b20, desc=desc@entry=0x2b1cc950,
family=0x1fd14860 "Monospace") at ../pango/pangowin32-fontmap.c:772
#5 0x00007fff58f85c1a in pango_win32_font_map_load_fontset (
fontmap=0x381cb90, context=0x2809c880, desc=0x297d8e00,
language=<optimized out>) at ../pango/pangowin32-fontmap.c:1982
#6 0x00007fff58f84b0a in pango_win32_font_map_real_load_font (
fontmap=0x381cb90, context=0x2809c880, description=0x297d8e00)
at ../pango/pangowin32-fontmap.c:1045
#7 0x00007fff7705c1a5 in pango_layout_get_empty_extents_and_height_at_index (
layout=0x2b14ce30, index=index@entry=0,
logical_rect=logical_rect@entry=0x2acaed40,
apply_line_height=apply_line_height@entry=0, height=height@entry=0x0)
at ../pango/pango-layout.c:5546
#8 0x00007fff7705d4c3 in pango_layout_get_empty_extents_and_height_at_index (
--Type <RET> for more, q to quit, c to continue without paging--
height=0x0, apply_line_height=0, logical_rect=0x2acaed40, index=0,
layout=<optimized out>) at ../pango/pango-layout.c:5487
#9 pango_layout_iter_get_run_extents (iter=iter@entry=0x2acaede0,
ink_rect=ink_rect@entry=0x0, logical_rect=logical_rect@entry=0x2acaedd0)
at ../pango/pango-layout.c:7864
#10 0x00007fff7706491f in pango_layout_iter_get_run_extents (
logical_rect=0x2acaedd0, ink_rect=0x0, iter=0x2acaede0)
at ../pango/pango-layout.c:165
#11 pango_layout_index_to_pos (layout=<optimized out>, index=0,
pos=0x2acaeec0) at ../pango/pango-layout.c:2439
#12 0x00007fff5a8a5912 in gtk_text_layout_get_iter_location ()
from C:\msys\ucrt64\bin\libgtk-4-1.dll
#13 0x00007fff5a8b2090 in _gtk_text_view_scroll_to_iter ()
from C:\msys\ucrt64\bin\libgtk-4-1.dll
#14 0x00007fff5a8b4679 in gtk_text_view_scroll_to_iter ()
from C:\msys\ucrt64\bin\libgtk-4-1.dll
#15 0x00007fff5b1c9b52 in kangaroo_objects_history_view_push_log_to_gui (
object=0x280be780,
level=KANGAROO_ILLUMINATE_CONTRACTS_LOG_LOG_LEVEL_PLAIN,
text=0x29a0a270 "SQL: SELECT column_name, column_type, column_comment, ordinal_position FROM information_schema.columns WHERE table_schema = 'information_schema' AND table_name = 'INNODB_BUFFER_PAGE' ORDER BY ordinal_"...)
at ../Kangaroo/Objects/view_history.vala:74
#16 0x00007fff5b1ca4c2 in _kangaroo_objects_history_view_push_log_to_gui_kangaroo_illuminate_supports_log_logging (object=0x280be780,
level=KANGAROO_ILLUMINATE_CONTRACTS_LOG_LOG_LEVEL_PLAIN,
--Type <RET> for more, q to quit, c to continue without paging--
text=0x29a0a270 "SQL: SELECT column_name, column_type, column_comment, ordinal_position FROM information_schema.columns WHERE table_schema = 'information_schema' AND table_name = 'INNODB_BUFFER_PAGE' ORDER BY ordinal_"..., self=0x0)
at ../Kangaroo/Objects/view_history.vala:51
#17 0x00007fff59f27f03 in kangaroo_illuminate_supports_log_delegate_handler_real_publish (base=0x2806cfa0,
level=KANGAROO_ILLUMINATE_CONTRACTS_LOG_LOG_LEVEL_PLAIN,
server=0x298c7500 "MySQL", name=0x20445800 "Kangaroo@MySQL",
format=0x7fff5a0a685b <kangaroo_illuminate_contracts_database_icachable_info+491> "SQL: %s", args=0x2acaf700 "@獌)")
at ../Illuminate/Supports/Log/handler_delegate.vala:40
#18 0x00007fff59e5ea09 in kangaroo_illuminate_contracts_log_ilog_handler_publish (self=0x2806cfa0, level=KANGAROO_ILLUMINATE_CONTRACTS_LOG_LOG_LEVEL_PLAIN,
server=0x298c7500 "MySQL", name=0x20445800 "Kangaroo@MySQL",
format=0x7fff5a0a685b <kangaroo_illuminate_contracts_database_icachable_info+491> "SQL: %s", args=0x2acaf700 "@獌)")
at ../Illuminate/Contracts/Log/logging.vala:66
#19 0x00007fff59f2e470 in kangaroo_illuminate_supports_log_logger_log_full (
self=0x1fb2f5b0, level=KANGAROO_ILLUMINATE_CONTRACTS_LOG_LOG_LEVEL_PLAIN,
t_server=0x298c7500 "MySQL", t_name=0x20445800 "Kangaroo@MySQL",
format=0x7fff5a0a685b <kangaroo_illuminate_contracts_database_icachable_info+491> "SQL: %s", args=0x2acaf700 "@獌)")
at ../Illuminate/Supports/Log/logger.vala:125
#20 0x00007fff59f2e1d9 in kangaroo_illuminate_supports_log_logger_real_info (
base=0x1fb2f5b0, t_server=0x298c7500 "MySQL",
t_name=0x20445800 "Kangaroo@MySQL",
--Type <RET> for more, q to quit, c to continue without paging--
format=0x7fff5a0a685b <kangaroo_illuminate_contracts_database_icachable_info+491> "SQL: %s", args=0x2acaf700 "@獌)")
at ../Illuminate/Supports/Log/logger.vala:112
#21 0x00007fff59e5f51d in kangaroo_illuminate_contracts_log_ilogger_info (
self=0x1fb2f5b0, t_server=0x298c7500 "MySQL",
t_name=0x20445800 "Kangaroo@MySQL",
format=0x7fff5a0a685b <kangaroo_illuminate_contracts_database_icachable_info+491> "SQL: %s", args=0x2acaf700 "@獌)")
at ../Illuminate/Contracts/Log/logging.vala:95
#22 0x00007fff59e76186 in kangaroo_illuminate_foundation_logging_service_info
(uuid=0x1ff26900 "1FB26456-EA41-49DC-8095-172E1A6DE471",
format=0x7fff5a0a685b <kangaroo_illuminate_contracts_database_icachable_info+491> "SQL: %s") at ../Illuminate/Foundation/logging.vala:112
#23 0x00007fff59f04fdf in kangaroo_illuminate_supports_database_connection_impl_real_execute_as_model (self=0x1f80dfd0,
sql=0x2983aa40 "SELECT column_name, column_type, column_comment, ordinal_position FROM information_schema.columns WHERE table_schema = 'information_schema' AND table_name = 'INNODB_BUFFER_PAGE' ORDER BY ordinal_posit"...,
in_thread=1, error=0x2acaf888)
at ../Illuminate/Supports/Database/connection.vala:314
#24 0x00007fff59f05228 in kangaroo_illuminate_supports_database_connection_impl_execute_as_model (self=0x1f80dfd0,
sql=0x2983aa40 "SELECT column_name, column_type, column_comment, ordinal_position FROM information_schema.columns WHERE table_schema = 'information_schema' AND table_name = 'INNODB_BUFFER_PAGE' ORDER BY ordinal_posit"...,
in_thread=1, error=0x2acaf888)
--Type <RET> for more, q to quit, c to continue without paging--
at ../Illuminate/Supports/Database/connection.vala:309
#25 0x00007fff59e5931b in kangaroo_illuminate_contracts_database_iconnection_execute_as_model (self=0x1f80dfd0,
sql=0x2983aa40 "SELECT column_name, column_type, column_comment, ordinal_position FROM information_schema.columns WHERE table_schema = 'information_schema' AND table_name = 'INNODB_BUFFER_PAGE' ORDER BY ordinal_posit"...,
in_thread=1, error=0x2acaf888)
at ../Illuminate/Contracts/Database/connection.vala:76
#26 0x00007fff5b27eaf3 in kangaroo_intelli_sense_my_sql_collector_collect_table_columns (self=0x29a01330, data_host=0x1ffcbfc0, connection=0x1f80dfd0,
database=0x14e65450 "kangaroo", schema=0x39b9110 "information_schema",
table=0x29745cb0 "INNODB_BUFFER_PAGE")
at ../Kangaroo/IntelliSense/Collectors/collector_mysql.vala:78
#27 0x00007fff5b27dcf7 in kangaroo_intelli_sense_my_sql_collector_real_collect_tables (base=0x29a01330, data_host=0x1ffcbfc0, connection=0x1f80dfd0,
database=0x14e65450 "kangaroo")
at ../Kangaroo/IntelliSense/Collectors/collector_mysql.vala:34
#28 0x00007fff5b0ea000 in kangaroo_intelli_sense_collector_base_collect_tables
(self=0x29a01330, data_host=0x1ffcbfc0, connection=0x1f80dfd0,
database=0x14e65450 "kangaroo")
at ../Kangaroo/IntelliSense/Collectors/collector_base.vala:78
#29 0x00007fff5b0e930a in kangaroo_intelli_sense_collector_base_real_collect (
self=0x29a01330, data_host=0x1ffcbfc0, connection=0x1f80dfd0,
database=0x14e65450 "kangaroo")
at ../Kangaroo/IntelliSense/Collectors/collector_base.vala:31
#30 0x00007fff5b0e9393 in kangaroo_intelli_sense_collector_base_collect (
--Type <RET> for more, q to quit, c to continue without paging--
self=0x29a01330, data_host=0x1ffcbfc0, connection=0x1f80dfd0,
database=0x14e65450 "kangaroo")
at ../Kangaroo/IntelliSense/Collectors/collector_base.vala:23
#31 0x00007fff5b0ea7dc in kangaroo_intelli_sense_icollector_collect (
self=0x29a01330, data_host=0x1ffcbfc0, connection=0x1f80dfd0,
database=0x14e65450 "kangaroo")
at ../Kangaroo/IntelliSense/Collectors/collector.vala:16
#32 0x00007fff5b022dd9 in __lambda10_ (_data31_=0x1fd22120)
at ../Kangaroo/Business/connection_manager.vala:212
#33 0x00007fff5b022e56 in ___lambda10__gthread_func (self=0x1fd22120)
at D:/Github/kangaroo/build/connection_manager.c:1583
#34 0x00007fff8941ff51 in g_thread_proxy (data=0x1f86e4d0)
at ../glib-2.76.4/glib/gthread.c:831
#35 0x00007fff8944cc89 in g_thread_win32_proxy (data=<optimized out>)
at ../glib-2.76.4/glib/gthread-win32.c:457
#36 0x00007fffd4849363 in ucrtbase!_recalloc ()
from C:\Windows\System32\ucrtbase.dll
#37 0x00007fffd57e26ad in KERNEL32!BaseThreadInitThunk ()
from C:\Windows\System32\kernel32.dll
#38 0x00007fffd6d2aa68 in ntdll!RtlUserThreadStart ()
from C:\Windows\SYSTEM32\ntdll.dll
#39 0x0000000000000000 in ?? ()
(gdb)
Edited by Luca Bacci