Bug#656359: fontforge: Segfault when pressing modifier/arrow keys if more than 4 points are selected

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)

On 01/18/2012 01:33 PM, Theppitak Karoonboonyanan wrote:

Package: fontforge
Version: 0.0.20110222-6
Severity: grave

Fontforge consistently crashes (segmentation fault) when pressing any
modifier key (Ctrl, Alt or Shift) or arrow key if more than 4 points are
currently selected. This is annoying for font editing, as all keyboard
shortcuts become virtually crippled. And the crash can cause the loss of
unsaved data.

Steps to reproduce:
- Start fontforge and create a new font.
- Randomly choose a first glyph to edit.
- Draw splines with at least 5 points.
- Select up to 4 points and press a modifier or arrow key. It won't crash.
- Select at least 5 points and press a modifier or arrow key. It will
always crash.

I can reproduce this on an i386 system with the same version of
fontforge. :(

When trying to get a backtrace with fontforge-dbg 0.0.20110222-6
installed, i get the following error message (twice) from gdb:

warning: the debug information found in
"/usr/lib/debug//usr/bin/fontforge" does not match "/usr/bin/fontforge"
(CRC mismatch).

Pressing ahead anyway, i can trigger the segfault, and i get this
(partially-mangled) backtrace:

xb7c7ec4c in CVLayer (cv=0x86a3858) at cvundoes.c:552
552 cvundoes.c: No such file or directory.
in cvundoes.c
(gdb) bt
#0 0xb7c7ec4c in CVLayer (cv=0x86a3858) at cvundoes.c:552
#1 0x0808faf0 in ?? ()
#2 0xb7b97518 in GMenuSearchShortcut (gw=0x85f70f0, mi=<optimized out>,
event=
0xbfffe8c8, call_moveto=1) at gmenu.c:951
#3 0xb7b9bc5c in GMenuBarCheckKey (g=0x85f7200, event=0xbfffe8c8)
at gmenu.c:1500
#4 0xb7b6ce4d in _GWidget_TopLevel_Key (top=<optimized out>, ew=0x85fd7f0,
event=0xbfffe8c8) at gcontainer.c:498
#5 0xb7b6e1a7 in _GWidget_Container_eh (gw=0x85fd7f0, event=0xbfffe8c8)
at gcontainer.c:337
#6 0xb7bcbe74 in dispatchEvent (gdisp=<optimized out>, event=0xbfffea7c)
at gxdraw.c:3869
#7 0xb7bcd21c in GXDrawEventLoop (gd=0x8439f48) at gxdraw.c:3968
#8 0xb7b7097b in GDrawEventLoop (gdisp=<optimized out>) at gdraw.c:748
#9 0x08061f5a in ?? ()
#10 0xb6bcbe46 in __libc_start_main (main=0x80611b0, argc=1, ubp_av=
0xbffff864, init=0x81c8660, fini=0x81c8650, rtld_fini=0xb7ff1310,
stack_end=0xbffff85c) at libc-start.c:228
#11 0x08062cd1 in ?? ()
Backtrace stopped: Not enough registers or memory available to unwind
further
(gdb)

hope this is helpful in debugging,








To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

To the best of my knowledge this error occurs because of a change in
something that fontforge is dependent upon not because of a change in
fontforge itself the same error occurs if one puts an older version of
fontforge on a newer Linux. I got the same error when I upgrade
unbuntu-9.10 to ubuntu-10.04, and also when I tried running fontforge on
PuppyLinux, both using a 2009 build. I thought briefly by using a newer
build had solved this, but on checking the further it is still there - just
that it a few case one can use these keys. The widgets for fontforge where
written by George Williams himself which may make check dependencies a
little harder. Of course saying this does not mean that changing the
depends list will solve the problem but it is a good place to start.

John Knightley


On Thu, Jan 19, 2012 at 6:36 AM, Daniel Kahn Gillmor
wrote:

On 01/18/2012 01:33 PM, Theppitak Karoonboonyanan wrote:
> Package: fontforge
> Version: 0.0.20110222-6
> Severity: grave
>
> Fontforge consistently crashes (segmentation fault) when pressing any
> modifier key (Ctrl, Alt or Shift) or arrow key if more than 4 points are
> currently selected. This is annoying for font editing, as all keyboard
> shortcuts become virtually crippled. And the crash can cause the loss of
> unsaved data.
>
> Steps to reproduce:
> - Start fontforge and create a new font.
> - Randomly choose a first glyph to edit.
> - Draw splines with at least 5 points.
> - Select up to 4 points and press a modifier or arrow key. It won't
crash.
> - Select at least 5 points and press a modifier or arrow key. It will
> always crash.

I can reproduce this on an i386 system with the same version of
fontforge. :(

When trying to get a backtrace with fontforge-dbg 0.0.20110222-6
installed, i get the following error message (twice) from gdb:

warning: the debug information found in
"/usr/lib/debug//usr/bin/fontforge" does not match "/usr/bin/fontforge"
(CRC mismatch).

Pressing ahead anyway, i can trigger the segfault, and i get this
(partially-mangled) backtrace:

xb7c7ec4c in CVLayer (cv=0x86a3858) at cvundoes.c:552
552 cvundoes.c: No such file or directory.
in cvundoes.c
(gdb) bt
#0 0xb7c7ec4c in CVLayer (cv=0x86a3858) at cvundoes.c:552
#1 0x0808faf0 in ?? ()
#2 0xb7b97518 in GMenuSearchShortcut (gw=0x85f70f0, mi=<optimized out>,
event> 0xbfffe8c8, call_moveto=1) at gmenu.c:951
#3 0xb7b9bc5c in GMenuBarCheckKey (g=0x85f7200, event=0xbfffe8c8)
at gmenu.c:1500
#4 0xb7b6ce4d in _GWidget_TopLevel_Key (top=<optimized out>, ew=0x85fd7f0,
event=0xbfffe8c8) at gcontainer.c:498
#5 0xb7b6e1a7 in _GWidget_Container_eh (gw=0x85fd7f0, event=0xbfffe8c8)
at gcontainer.c:337
#6 0xb7bcbe74 in dispatchEvent (gdisp=<optimized out>, event=0xbfffea7c)
at gxdraw.c:3869
#7 0xb7bcd21c in GXDrawEventLoop (gd=0x8439f48) at gxdraw.c:3968
#8 0xb7b7097b in GDrawEventLoop (gdisp=<optimized out>) at gdraw.c:748
#9 0x08061f5a in ?? ()
#10 0xb6bcbe46 in __libc_start_main (main=0x80611b0, argc=1, ubp_av> 0xbffff864, init=0x81c8660, fini=0x81c8650, rtld_fini=0xb7ff1310,
stack_end=0xbffff85c) at libc-start.c:228
#11 0x08062cd1 in ?? ()
Backtrace stopped: Not enough registers or memory available to unwind
further
(gdb)

hope this is helpful in debugging,



_______________________________________________
Pkg-fonts-devel mailing list

http://lists.alioth.debian.org/cgi-...onts-devel

  To the best of my knowledge this error occurs because of a change in something that fontforge is dependent upon not because of a change in fontforge itself the same error occurs if one  puts an older version of fontforge on a newer Linux. I got the same error when I upgrade unbuntu-9.10 to ubuntu-10.04, and also when I tried running fontforge on PuppyLinux, both using a 2009 build.  I thought briefly by using a newer build had solved this, but on checking the further it is still there - just that it a few case one can use these keys. The widgets for fontforge where written by George Williams himself which may make check dependencies a little harder. Of course saying this does not mean that changing the depends list will solve the problem but it is a good place to start.<br>
<br>John Knightley<br><br><br><div class="gmail_quote">On Thu, Jan 19, 2012 at 6:36 AM, Daniel Kahn Gillmor <span dir="ltr">&lt;<a href="mailto:"></a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
On 01/18/2012 01:33 PM, Theppitak Karoonboonyanan wrote:<br>
&gt; Package: fontforge<br>
&gt; Version: 0.0.20110222-6<br>
&gt; Severity: grave<br>
&gt;<br>
&gt; Fontforge consistently crashes (segmentation fault) when pressing any<br>
&gt; modifier key (Ctrl, Alt or Shift) or arrow key if more than 4 points are<br>
&gt; currently selected. This is annoying for font editing, as all keyboard<br>
&gt; shortcuts become virtually crippled. And the crash can cause the loss of<br>
&gt; unsaved data.<br>
&gt;<br>
&gt; Steps to reproduce:<br>
&gt; - Start fontforge and create a new font.<br>
&gt; - Randomly choose a first glyph to edit.<br>
&gt; - Draw splines with at least 5 points.<br>
&gt; - Select up to 4 points and press a modifier or arrow key. It won&#39;t crash.<br>
&gt; - Select at least 5 points and press a modifier or arrow key. It will<br>
&gt;   always crash.<br>
<br>
I can reproduce this on an i386 system with the same version of<br>
fontforge. :(<br>
<br>
When trying to get a backtrace with fontforge-dbg 0.0.20110222-6<br>
installed, i get the following error message (twice) from gdb:<br>
<br>
warning: the debug information found in<br>
&quot;/usr/lib/debug//usr/bin/fontforge&quot; does not match &quot;/usr/bin/fontforge&quot;<br>
(CRC mismatch).<br>
<br>
Pressing ahead anyway, i can trigger the segfault, and i get this<br>
(partially-mangled) backtrace:<br>
<br>
xb7c7ec4c in CVLayer (cv=0x86a3858) at cvundoes.c:552<br>
552     cvundoes.c: No such file or directory.<br>
       in cvundoes.c<br>
(gdb) bt<br>
#0  0xb7c7ec4c in CVLayer (cv=0x86a3858) at cvundoes.c:552<br>
#1  0x0808faf0 in ?? ()<br>
#2  0xb7b97518 in GMenuSearchShortcut (gw=0x85f70f0, mi=&lt;optimized out&gt;,<br>
event=<br>
   0xbfffe8c8, call_moveto=1) at gmenu.c:951<br>
#3  0xb7b9bc5c in GMenuBarCheckKey (g=0x85f7200, event=0xbfffe8c8)<br>
   at gmenu.c:1500<br>
#4  0xb7b6ce4d in _GWidget_TopLevel_Key (top=&lt;optimized out&gt;, ew=0x85fd7f0,<br>
   event=0xbfffe8c8) at gcontainer.c:498<br>
#5  0xb7b6e1a7 in _GWidget_Container_eh (gw=0x85fd7f0, event=0xbfffe8c8)<br>
   at gcontainer.c:337<br>
#6  0xb7bcbe74 in dispatchEvent (gdisp=&lt;optimized out&gt;, event=0xbfffea7c)<br>
   at gxdraw.c:3869<br>
#7  0xb7bcd21c in GXDrawEventLoop (gd=0x8439f48) at gxdraw.c:3968<br>
#8  0xb7b7097b in GDrawEventLoop (gdisp=&lt;optimized out&gt;) at gdraw.c:748<br>
#9  0x08061f5a in ?? ()<br>
#10 0xb6bcbe46 in __libc_start_main (main=0x80611b0, argc=1, ubp_av=<br>
   0xbffff864, init=0x81c8660, fini=0x81c8650, rtld_fini=0xb7ff1310,<br>
   stack_end=0xbffff85c) at libc-start.c:228<br>
#11 0x08062cd1 in ?? ()<br>
Backtrace stopped: Not enough registers or memory available to unwind<br>
further<br>
(gdb)<br>
<br>
hope this is helpful in debugging,<br>
<br>
       --dkg<br>
<br>
<br>_______________________________________________<br>
Pkg-fonts-devel mailing list<br>
<a href="mailto:"></a><br>
<a href="http://lists.alioth.debian.org/cgi-...evel" target="_blank">http://lists.alioth.debian.org/cgi-...<br>




To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

Quoting Daniel Kahn Gillmor ():

I can reproduce this on an i386 system with the same version of
fontforge. :(

When trying to get a backtrace with fontforge-dbg 0.0.20110222-6
installed, i get the following error message (twice) from gdb:

Anyone in the pkg-fonts team wanting to take responsibility on getting
in touch with fontforge upstream about this issue?

Kestutis is unfortunately unresponsive these days and I tried to do
my best to at least keep some maintenance on fontforge, but my
expertise is not enough, here (and so is my free time).

So, really, help woul dbe appreciated.









To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)

On 01/19/2012 01:08 AM, Christian PERRIER wrote:

Anyone in the pkg-fonts team wanting to take responsibility on getting
in touch with fontforge upstream about this issue?

i've just written to the fontforge-devel list, cc'ing this bug report,
and marked this bug as forwarded to

http://sourceforge.net/mailarchive/...d=28696933

So, really, help woul dbe appreciated.

i'm also not very clear how i should go about this. I'm particularly
concerned, though, because of the weird gdb error messages, which i have
no idea how to interpret or workaround.

I've tried a rebuild of fontforge from source on a sid i386 system, and
my self-generated packages give the same gdb error (and show the same
crashing behavior, of course).

here's a bit more detail i managed to coax out of the debugger, though:


Program received signal SIGSEGV, Segmentation fault.
0xb7c85c4c in CVLayer (cv=0x8667c60) at cvundoes.c:552
552 return( cv->layerheads[cv->drawmode]-cv->sc->layers );
(gdb) bt
#0 0xb7c85c4c in CVLayer (cv=0x8667c60) at cvundoes.c:552
#1 0x0808fb00 in ?? ()
#2 0xb7b9c618 in GMenuSearchShortcut (gw=0x8614408, mi=<optimized out>,
event=0xbfffe038, call_moveto=1) at gmenu.c:951
#3 0xb7ba0d5c in GMenuBarCheckKey (g=0x8614498, event=0xbfffe038) at
gmenu.c:1500
#4 0xb7b71f4d in _GWidget_TopLevel_Key (top=<optimized out>,
ew=0x8619b98, event=0xbfffe038) at gcontainer.c:498
#5 0xb7b732a7 in _GWidget_Container_eh (gw=0x8619b98, event=0xbfffe038)
at gcontainer.c:337
#6 0xb7bd16cc in dispatchEvent (gdisp=<optimized out>,
event=0xbfffe1ec) at gxdraw.c:3869
#7 0xb7bd2b6c in GXDrawEventLoop (gd=0x847ad30) at gxdraw.c:3968
#8 0xb7b75a7b in GDrawEventLoop (gdisp=<optimized out>) at gdraw.c:748
#9 0x08061f6a in ?? ()
#10 0xb6bbde46 in __libc_start_main () from
/lib/i386-linux-gnu/i686/cmov/libc.so.6
#11 0x08062ce1 in ?? ()
Backtrace stopped: Not enough registers or memory available to unwind
further
(gdb) print *(cv->sc)
Cannot access memory at address 0x43240000
(gdb) print *cv
$1 = {next = 0x43240000, fv = 0x44148000, sc = 0x43240000, layerheads =
{0x44148000, 0x43240000, 0x44148000},
drawmode = 51 '3', ft_gridfitwidth = 82, gridfit = 0xfffefffe,
container = 0x0}
(gdb)

not sure what to make of it, though. my fontforge programming chops are
weak.

all the best,








To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact