[Bug 1800003] Re: evince crashes in FcConfigParseAndLoad

Thu Dec 20 11:51:34 UTC 2018

Using the same sample as above:

==19477== Memcheck, a memory error detector
==19477== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==19477== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==19477== Command: ../../fc-test
==19477== 
==19477== Invalid read of size 8
==19477==    at 0x4E5FC7C: FcConfigParseAndLoad (fcxml.c:3378)
==19477==    by 0x108766: main (fc-test.c:8)
==19477==  Address 0x20 is not stack'd, malloc'd or (recently) free'd
==19477== 
==19477== 
==19477== Process terminating with default action of signal 11 (SIGSEGV)
==19477==  Access not within mapped region at address 0x20
==19477==    at 0x4E5FC7C: FcConfigParseAndLoad (fcxml.c:3378)
==19477==    by 0x108766: main (fc-test.c:8)
==19477==  If you believe this happened as a result of a stack
==19477==  overflow in your program's main thread (unlikely but
==19477==  possible), you can try to increase the size of the
==19477==  main thread stack using the --main-stacksize= flag.
==19477==  The main thread stack size used in this run was 8388608.
==19477== 
==19477== HEAP SUMMARY:
==19477==     in use at exit: 192,962 bytes in 5,678 blocks
==19477==   total heap usage: 11,118 allocs, 5,440 frees, 3,905,324 bytes allocated
==19477== 
==19477== LEAK SUMMARY:
==19477==    definitely lost: 6,656 bytes in 26 blocks
==19477==    indirectly lost: 2,151 bytes in 101 blocks
==19477==      possibly lost: 0 bytes in 0 blocks
==19477==    still reachable: 184,155 bytes in 5,551 blocks
==19477==         suppressed: 0 bytes in 0 blocks
==19477== Rerun with --leak-check=full to see details of leaked memory
==19477== 
==19477== For counts of detected and suppressed errors, rerun with: -v
==19477== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault (core dumped)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fontconfig in Ubuntu.
https://bugs.launchpad.net/bugs/1800003

Title:
  evince crashes in FcConfigParseAndLoad

Status in fontconfig package in Ubuntu:
  Incomplete

Bug description:
  I have the following situation persistently on my system (Ubuntu
  18.04.1 on Dell Latitude E6500):

  Evince called with any pdf file crashes immediately with a
  segmentation fault. From the crash dump, I see that the crash happens
  in fontconfig's FcConfigParseAndLoad function, i.e. when the system
  fonts.conf is read. I can reproduce the crash with the following
  minimal example:

  ----
  #include </usr/include/fontconfig/fontconfig.h>

  const FcChar8* filename = "/home/mirkoh/fontconfig-test/fonts.conf";
  FcConfig* config;

  int main(){
     FcConfigParseAndLoad(config, filename, FcTrue);
  }
  ----

  The fonts.conf file used here is also absolutely minimal:

  ----
  <?xml version="1.0"?>
  <!DOCTYPE fontconfig SYSTEM "fonts.dtd">
  <fontconfig>
  </fontconfig>
  ----

  (Get me right. It first happened with my system fonts.conf, which is
  not empty. In order to find out whether a specific entry lead to the
  crash, I deleted entry after entry, ultimately reaching the file
  above, and always FcConfigParseAndLoad crashes.

  I have no idea how to go on from here.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fontconfig/+bug/1800003/+subscriptions