215258 – Crash with @font-face embedded fonts [FT_Get_Sfnt_Table, QFreetypeFace::fsType, QFontEngineXLFD::faceId]

Bug 215258 - Crash with @font-face embedded fonts [FT_Get_Sfnt_Table, QFreetypeFace::fsType, QFontEngineXLFD::faceId]

Summary: Crash with @font-face embedded fonts [FT_Get_Sfnt_Table, QFreetypeFace::fsTyp...

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml (show other bugs)
Version:	4.4.0
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Duplicates (24):	229142 231583 231588 240753 244990 245818 246658 247091 247893 250209 257034 257299 257735 259240 264311 270341 273089 276654 277426 281350 281912 282442 282699 287225 (view as bug list)
Depends on:
Blocks:

Reported:	2009-11-19 11:39 UTC by Rafał Rzepecki
Modified:	2014-12-02 12:59 UTC (History)
CC List:	21 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
New crash information added by DrKonqi (17.87 KB, text/plain) 2010-12-04 17:07 UTC, Marek Paśnikowski	Details
New crash information added by DrKonqi (22.47 KB, text/plain) 2010-12-05 14:32 UTC, Marek Paśnikowski	Details
New crash information added by DrKonqi (18.63 KB, text/plain) 2011-06-02 14:25 UTC, kavol	Details
Bash script that generates HTML page with @font-face CSS code based on locally installed TrueType fonts (818 bytes, text/plain) 2011-09-16 13:13 UTC, Thomas Fischer	Details
Minor corrections (791 bytes, text/plain) 2011-09-16 13:15 UTC, Thomas Fischer	Details
Show Obsolete (1) View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Rafał Rzepecki 2009-11-19 11:39:33 UTC

Application: konqueror (4.3.72 (KDE 4.3.72 (KDE 4.4 >= 20091015)))
KDE Version: 4.3.75 (KDE 4.3.74 (KDE 4.4 >= 20091102)) (Compiled from sources)
Qt Version: 4.6.0
Operating System: Linux 2.6.32-rc3-git1 i686

What I was doing when the application crashed:
Konqueror crashed after some font browsing at typekit.com. Additionally, only some glyphs and in only a few fonts loaded properly; this might be related.

 -- Backtrace:
Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 0 (LWP 9825)]

Thread 2 (Thread 0xb036bb90 (LWP 10060)):
#0  0xb787e424 in __kernel_vsyscall ()
#1  0xb75d2fa2 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb7672e80 in QWaitCondition::wait (this=0xa3fdf94, mutex=0xa3fdf90, time=30000) at /home/divide/projekty/kde4/kde-qt/src/corelib/thread/qwaitcondition_unix.cpp:85
#3  0xb76687bd in QThreadPoolThread::run (this=0xa27faa0) at /home/divide/projekty/kde4/kde-qt/src/corelib/concurrent/qthreadpool.cpp:140
#4  0xb7671ff1 in QThreadPrivate::start (arg=0xa27faa0) at /home/divide/projekty/kde4/kde-qt/src/corelib/thread/qthread_unix.cpp:244
#5  0xb75cf15f in start_thread () from /lib/libpthread.so.0
#6  0xb5e13a7e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb5551a90 (LWP 9825)):
[KCrash Handler]
#6  0xb598d063 in FT_Get_Sfnt_Table () from /usr/lib/libfreetype.so.6
#7  0xb63e1c02 in QFreetypeFace::fsType (this=0xb5d04d8) at /home/divide/projekty/kde4/kde-qt/src/gui/text/qfontengine_ft.cpp:162
#8  0xb63dfbd0 in QFontEngineXLFD::faceId (this=0xb95cf68) at /home/divide/projekty/kde4/kde-qt/src/gui/text/qfontengine_x11.cpp:697
#9  0xb63def1f in QFontEngineXLFD::getSfntTableData (this=0xb95cf68, tag=1195656518, buffer=0x0, length=0xbff4e0a8) at /home/divide/projekty/kde4/kde-qt/src/gui/text/qfontengine_x11.cpp:772
#10 0xb631703d in hb_getSFntTable (font=0xb95cf68, tableTag=1195656518, buffer=0x0, length=0xbff4e0a8) at /home/divide/projekty/kde4/kde-qt/src/gui/text/qfontengine.cpp:164
#11 0xb76e0a5d in getTableStream (font=0xb95cf68, tableFunc=0xb6317017 <hb_getSFntTable>, tag=1195656518) at /home/divide/projekty/kde4/kde-qt/src/3rdparty/harfbuzz/src/harfbuzz-shaper.cpp:934
#12 0xb76e0b60 in HB_NewFace (font=0xb95cf68, tableFunc=0xb6317017 <hb_getSFntTable>) at /home/divide/projekty/kde4/kde-qt/src/3rdparty/harfbuzz/src/harfbuzz-shaper.cpp:978
#13 0xb76e5cf9 in qHBNewFace (font=0xb95cf68, tableFunc=0xb6317017 <hb_getSFntTable>) at /home/divide/projekty/kde4/kde-qt/src/corelib/tools/qharfbuzz.cpp:155
#14 0xb6318b65 in QFontEngine::harfbuzzFace (this=0xb95cf68) at /home/divide/projekty/kde4/kde-qt/src/gui/text/qfontengine.cpp:240
#15 0xb634cbeb in QTextEngine::shapeTextWithHarfbuzz (this=0xbff4eb44, item=0) at /home/divide/projekty/kde4/kde-qt/src/gui/text/qtextengine.cpp:1228
#16 0xb634d755 in QTextEngine::shapeText (this=0xbff4eb44, item=0) at /home/divide/projekty/kde4/kde-qt/src/gui/text/qtextengine.cpp:874
#17 0xb634db8f in QTextEngine::shape (this=0xbff4eb44, item=0) at /home/divide/projekty/kde4/kde-qt/src/gui/text/qtextengine.cpp:1359
#18 0xb6350f7c in QTextEngine::shapeLine (this=0xbff4eb44, line=@0xbff51950) at /home/divide/projekty/kde4/kde-qt/src/gui/text/qtextengine.cpp:844
#19 0xb62534c3 in QPainter::drawText (this=0xbff525a4, p=@0xbff51af0, str=@0xbff51b38, tf=0, justificationPadding=0) at /home/divide/projekty/kde4/kde-qt/src/gui/painting/qpainter.cpp:5666
#20 0xb6253aba in QPainter::drawText (this=0xbff525a4, p=@0xbff51af0, str=@0xbff51b38) at /home/divide/projekty/kde4/kde-qt/src/gui/painting/qpainter.cpp:5639
#21 0xb1abf69d in khtml::Font::drawText (this=0xa779398, p=0xbff525a4, x=182, y=995, str=0xa5cd1d8, slen=11, pos=0, len=11, toAdd=0, d=Qt::LeftToRight, from=-1, to=-1, bg=
          {cspec = 3220511748, ct = {argb = {alpha = 65535, red = 65535, green = 65535, blue = 65535, pad = 0}, ahsv = {alpha = 65535, hue = 65535, saturation = 65535, value = 65535, pad = 0}, acmyk = {alpha = 65535, cyan = 65535, magenta = 65535, yellow = 65535, black = 0}, ahsl = {alpha = 65535, hue = 65535, saturation = 65535, lightness = 65535, pad = 0}, array = {65535, 65535, 65535, 65535, 0}}}, uy=-1, h=-1, deco=0) at /usr/local/qt4/include/QtGui/qpainter.h:916
#22 0xb1a830fd in khtml::InlineTextBox::paint (this=0xb415978, i=@0xbff52264, tx=182, ty=980) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_text.cpp:181
#23 0xb1ac2b35 in khtml::InlineFlowBox::paint (this=0xb4159b8, i=@0xbff52264, tx=182, ty=980) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_line.cpp:875
#24 0xb1ac2c65 in khtml::RootInlineBox::paint (this=0xb4159b8, i=@0xbff52264, tx=182, ty=980) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_line.cpp:1183
#25 0xb1a7e5d4 in khtml::RenderFlow::paintLines (this=0xb0edcc4, i=@0xbff52264, _tx=182, _ty=980) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_flow.cpp:390
#26 0xb1a54f85 in khtml::RenderBlock::paintObject (this=0xb0edcc4, pI=@0xbff52264, _tx=182, _ty=980, shouldPaintOutline=true)
    at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1794
#27 0xb1a55340 in khtml::RenderBlock::paint (this=0xb0edcc4, pI=@0xbff52264, _tx=182, _ty=980) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1764
#28 0xb1a550c2 in khtml::RenderBlock::paintObject (this=0xb5d4838, pI=@0xbff52264, _tx=182, _ty=179, shouldPaintOutline=true)
    at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1798
#29 0xb1a55340 in khtml::RenderBlock::paint (this=0xb5d4838, pI=@0xbff52264, _tx=182, _ty=179) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1764
#30 0xb1a550c2 in khtml::RenderBlock::paintObject (this=0xb1d3c34, pI=@0xbff52264, _tx=182, _ty=151, shouldPaintOutline=true)
    at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1798
#31 0xb1a55340 in khtml::RenderBlock::paint (this=0xb1d3c34, pI=@0xbff52264, _tx=162, _ty=151) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1764
#32 0xb1a550c2 in khtml::RenderBlock::paintObject (this=0xb1d2d94, pI=@0xbff52264, _tx=162, _ty=82, shouldPaintOutline=true)
    at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1798
#33 0xb1a55340 in khtml::RenderBlock::paint (this=0xb1d2d94, pI=@0xbff52264, _tx=162, _ty=82) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1764
#34 0xb1a550c2 in khtml::RenderBlock::paintObject (this=0xb1d2d10, pI=@0xbff52264, _tx=162, _ty=82, shouldPaintOutline=true)
    at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1798
#35 0xb1a55340 in khtml::RenderBlock::paint (this=0xb1d2d10, pI=@0xbff52264, _tx=162, _ty=82) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1764
#36 0xb1a54d86 in khtml::RenderBlock::paintFloats (this=0xb1d2bcc, pI=@0xbff52264, _tx=162, _ty=82, paintSelection=false) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1898
#37 0xb1a54fc5 in khtml::RenderBlock::paintObject (this=0xb1d2bcc, pI=@0xbff52264, _tx=162, _ty=82, shouldPaintOutline=true)
    at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1803
#38 0xb1a55340 in khtml::RenderBlock::paint (this=0xb1d2bcc, pI=@0xbff52264, _tx=162, _ty=82) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1764
#39 0xb1a550c2 in khtml::RenderBlock::paintObject (this=0xb1d2b48, pI=@0xbff52264, _tx=162, _ty=82, shouldPaintOutline=true)
    at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1798
#40 0xb1a55340 in khtml::RenderBlock::paint (this=0xb1d2b48, pI=@0xbff52264, _tx=152, _ty=82) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1764
#41 0xb1a550c2 in khtml::RenderBlock::paintObject (this=0xb1d2ac4, pI=@0xbff52264, _tx=152, _ty=82, shouldPaintOutline=true)
    at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1798
#42 0xb1a55340 in khtml::RenderBlock::paint (this=0xb1d2ac4, pI=@0xbff52264, _tx=0, _ty=82) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1764
#43 0xb1a550c2 in khtml::RenderBlock::paintObject (this=0xb1d224c, pI=@0xbff52264, _tx=0, _ty=0, shouldPaintOutline=true) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1798
#44 0xb1a55340 in khtml::RenderBlock::paint (this=0xb1d224c, pI=@0xbff52264, _tx=0, _ty=0) at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_block.cpp:1764
#45 0xb1a89d4f in khtml::RenderLayer::paintLayer (this=0xb1d22d0, rootLayer=0xb1d1da8, p=0xbff525a4, paintDirtyRect=@0xbff52570, selectionOnly=false)
    at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_layer.cpp:1102
#46 0xb1a8a013 in khtml::RenderLayer::paintLayer (this=0xb1d1e9c, rootLayer=0xb1d1da8, p=0xbff525a4, paintDirtyRect=@0xbff52570, selectionOnly=false)
    at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_layer.cpp:1129
#47 0xb1a8a013 in khtml::RenderLayer::paintLayer (this=0xb1d1da8, rootLayer=0xb1d1da8, p=0xbff525a4, paintDirtyRect=@0xbff52570, selectionOnly=false)
    at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_layer.cpp:1129
#48 0xb1a8a1d7 in khtml::RenderLayer::paint (this=0xb1d1da8, p=0xbff525a4, damageRect=@0xbff52570, selectionOnly=<value optimized out>)
    at /home/divide/projekty/kde4/kdelibs/khtml/rendering/render_layer.cpp:996
#49 0xb1917d9e in KHTMLView::paintEvent (this=0xb605708, e=0xbff52c44) at /home/divide/projekty/kde4/kdelibs/khtml/khtmlview.cpp:924
#50 0xb614fdd8 in QWidget::event (this=0xb605708, event=0xbff52c44) at /home/divide/projekty/kde4/kde-qt/src/gui/kernel/qwidget.cpp:8072
#51 0xb650891e in QFrame::event (this=0xb605708, e=0xbff52c44) at /home/divide/projekty/kde4/kde-qt/src/gui/widgets/qframe.cpp:557
#52 0xb191a63f in KHTMLView::widgetEvent (this=0xb605708, e=0xb95cf68) at /home/divide/projekty/kde4/kdelibs/khtml/khtmlview.cpp:2338
#53 0xb191a945 in KHTMLView::eventFilter (this=0xb605708, o=0xb1b2600, e=0xbff52c44) at /home/divide/projekty/kde4/kdelibs/khtml/khtmlview.cpp:2191
#54 0xb776957d in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=0x9fd6c28, receiver=0xb1b2600, event=0xbff52c44)
    at /home/divide/projekty/kde4/kde-qt/src/corelib/kernel/qcoreapplication.cpp:819
#55 0xb60f844b in QApplicationPrivate::notify_helper (this=0x9fd6c28, receiver=0xb1b2600, e=0xbff52c44) at /home/divide/projekty/kde4/kde-qt/src/gui/kernel/qapplication.cpp:4241
#56 0xb60fec54 in QApplication::notify (this=0xbff53b50, receiver=0xb1b2600, e=0xbff52c44) at /home/divide/projekty/kde4/kde-qt/src/gui/kernel/qapplication.cpp:4133
#57 0xb6c63d4d in KApplication::notify (this=0xbff53b50, receiver=0xb1b2600, event=0xbff52c44) at /home/divide/projekty/kde4/kdelibs/kdeui/kernel/kapplication.cpp:302
#58 0xb776a167 in QCoreApplication::notifyInternal (this=0xbff53b50, receiver=0xb1b2600, event=0xbff52c44) at /home/divide/projekty/kde4/kde-qt/src/corelib/kernel/qcoreapplication.cpp:704
#59 0xb615817e in QWidgetPrivate::drawWidget (this=0xba64148, pdev=0xa272b94, rgn=@0xbff52f28, offset=@0xbff52ef8, flags=4, sharedPainter=0x0, backingStore=0xa3c7c60)
    at ../../include/QtCore/../../../../kde-qt/src/corelib/kernel/qcoreapplication.h:218
#60 0xb6309f24 in QWidgetBackingStore::sync (this=0xa3c7c60) at /home/divide/projekty/kde4/kde-qt/src/gui/painting/qbackingstore.cpp:1285
#61 0xb6148a30 in QWidgetPrivate::syncBackingStore (this=0xa027698) at /home/divide/projekty/kde4/kde-qt/src/gui/kernel/qwidget.cpp:1657
#62 0xb6150131 in QWidget::event (this=0xa028188, event=0xa5b0e80) at /home/divide/projekty/kde4/kde-qt/src/gui/kernel/qwidget.cpp:8218
#63 0xb652494d in QMainWindow::event (this=0xa028188, event=0xa5b0e80) at /home/divide/projekty/kde4/kde-qt/src/gui/widgets/qmainwindow.cpp:1434
#64 0xb6d521f7 in KMainWindow::event (this=0xa028188, ev=0xa5b0e80) at /home/divide/projekty/kde4/kdelibs/kdeui/widgets/kmainwindow.cpp:1101
#65 0xb6d98c3c in KXmlGuiWindow::event (this=0xa028188, ev=0xa5b0e80) at /home/divide/projekty/kde4/kdelibs/kdeui/xmlgui/kxmlguiwindow.cpp:131
#66 0xb37b50cd in KonqMainWindow::event (this=0xa028188, e=0xa5b0e80) at /home/divide/projekty/kde4/kdebase/apps/konqueror/src/konqmainwindow.cpp:5659
#67 0xb60f8468 in QApplicationPrivate::notify_helper (this=0x9fd6c28, receiver=0xa028188, e=0xa5b0e80) at /home/divide/projekty/kde4/kde-qt/src/gui/kernel/qapplication.cpp:4245
#68 0xb60fec54 in QApplication::notify (this=0xbff53b50, receiver=0xa028188, e=0xa5b0e80) at /home/divide/projekty/kde4/kde-qt/src/gui/kernel/qapplication.cpp:4133
#69 0xb6c63d4d in KApplication::notify (this=0xbff53b50, receiver=0xa028188, event=0xa5b0e80) at /home/divide/projekty/kde4/kdelibs/kdeui/kernel/kapplication.cpp:302
#70 0xb776a167 in QCoreApplication::notifyInternal (this=0xbff53b50, receiver=0xa028188, event=0xa5b0e80) at /home/divide/projekty/kde4/kde-qt/src/corelib/kernel/qcoreapplication.cpp:704
#71 0xb776afda in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x9f655f0) at /home/divide/projekty/kde4/kde-qt/src/corelib/kernel/qcoreapplication.h:215
#72 0xb776b18a in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /home/divide/projekty/kde4/kde-qt/src/corelib/kernel/qcoreapplication.cpp:1238
#73 0xb77944b4 in postEventSourceDispatch (s=0x9fd8f20) at /home/divide/projekty/kde4/kde-qt/src/corelib/kernel/qcoreapplication.h:220
#74 0xb5c883e6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#75 0xb5c8b601 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#76 0xb5c8b772 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#77 0xb7794044 in QEventDispatcherGlib::processEvents (this=0x9fd6c08, flags={i = -1074448408}) at /home/divide/projekty/kde4/kde-qt/src/corelib/kernel/qeventdispatcher_glib.cpp:407
#78 0xb61a46ce in QGuiEventDispatcherGlib::processEvents (this=0x9fd6c08, flags={i = -1074448360}) at /home/divide/projekty/kde4/kde-qt/src/gui/kernel/qguieventdispatcher_glib.cpp:202
#79 0xb77689ff in QEventLoop::processEvents (this=0xbff53890, flags={i = -1074448296}) at /home/divide/projekty/kde4/kde-qt/src/corelib/kernel/qeventloop.cpp:149
#80 0xb7768e05 in QEventLoop::exec (this=0xbff53890, flags={i = -1074448232}) at /home/divide/projekty/kde4/kde-qt/src/corelib/kernel/qeventloop.cpp:201
#81 0xb776b237 in QCoreApplication::exec () at /home/divide/projekty/kde4/kde-qt/src/corelib/kernel/qcoreapplication.cpp:981
#82 0xb60f8500 in QApplication::exec () at /home/divide/projekty/kde4/kde-qt/src/gui/kernel/qapplication.cpp:3578
#83 0xb37e6bd7 in kdemain (argc=4, argv=0x9fa4828) at /home/divide/projekty/kde4/kdebase/apps/konqueror/src/konqmain.cpp:257
#84 0x0804e501 in launch (argc=4, _name=0x9fcd6a4 "konqueror", args=0x9fcd6d0 "", cwd=0x9fcd6d1 "/home/divide", envc=79, 
    envs=0x9fcd6e2 "MANPATH=/home/divide/.gentoo/java-config-2/current-user-vm/man:/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/i686-pc-linux-gnu/2.18/man:/usr/share/gcc-data/i686-pc-linux-gnu/4.3.2/man:/"..., reset_env=true, tty=0x0, avoid_loops=false, startup_id_str=0x9fceb79 "barium;1258625297;451346;8381_TIME174462861") at /home/divide/projekty/kde4/kdelibs/kinit/kinit.cpp:705
#85 0x0804ecad in handle_launcher_request (sock=15, who=<value optimized out>) at /home/divide/projekty/kde4/kdelibs/kinit/kinit.cpp:1197
#86 0x0804f0c2 in handle_requests (waitForPid=0) at /home/divide/projekty/kde4/kdelibs/kinit/kinit.cpp:1381
#87 0x0804fa11 in main (argc=4, argv=0xbff54774, envp=0xbff54788) at /home/divide/projekty/kde4/kdelibs/kinit/kinit.cpp:1825

Reported using DrKonqi

Comment 1 Dario Andres 2009-11-21 17:20:45 UTC

The crash seems to be related to FreeType and the Qt library. If you could identify which typography caused the crash to download it and test it on some other font viewer application and see if it also crashes, that would be useful.
Thanks

Comment 2 Dario Andres 2010-01-01 03:48:13 UTC

- Any news on this ? Have you tried what I mentioned ? Thanks

Comment 3 Tommi Tervo 2010-03-02 19:04:52 UTC

*** Bug 229142 has been marked as a duplicate of this bug. ***

Comment 4 Tommi Tervo 2010-03-02 19:06:49 UTC

Which qt version are you using? One harfbuzz bug was fixed in qt 4.6.1, see

http://bugreports.qt.nokia.com/browse/QTBUG-6436
https://bugs.kde.org/show_bug.cgi?id=217472

Comment 5 Grósz Dániel 2010-03-02 23:57:41 UTC

As reported in Bug 229142, it still crashes with Qt 4.6.2.

Comment 6 Christophe Marin 2010-06-06 15:36:22 UTC

*** Bug 240753 has been marked as a duplicate of this bug. ***

Comment 7 Tommi Tervo 2010-07-18 10:37:45 UTC

*** Bug 244990 has been marked as a duplicate of this bug. ***

Comment 8 Maksim Orlovich 2010-07-29 18:50:53 UTC

*** Bug 245818 has been marked as a duplicate of this bug. ***

Comment 9 Maksim Orlovich 2010-07-29 18:52:13 UTC

*** Bug 231588 has been marked as a duplicate of this bug. ***

Comment 10 Maksim Orlovich 2010-07-29 18:54:04 UTC

*** Bug 231583 has been marked as a duplicate of this bug. ***

Comment 11 Tommi Tervo 2010-08-04 07:31:23 UTC

*** Bug 246658 has been marked as a duplicate of this bug. ***

Comment 12 Pino Toscano 2010-08-09 16:19:09 UTC

*** Bug 247091 has been marked as a duplicate of this bug. ***

Comment 13 Maksim Orlovich 2010-08-21 02:21:33 UTC

*** Bug 247893 has been marked as a duplicate of this bug. ***

Comment 14 Maksim Orlovich 2010-08-21 02:23:12 UTC

Valgrind log from rakuco:
 
==12090== Invalid read of size 4
==12090==    at 0x4514EC3: QBasicAtomicInt::ref() (qatomic_i386.h:120)
==12090==    by 0x5773E57: QFreetypeFace::getFace(QFontEngine::FaceId const&) (qfontengine_ft.cpp:210)
==12090==    by 0x576FCC2: fontFile(QByteArray const&, QFreetypeFace**, int*) (qfontengine_x11.cpp:289)
==12090==    by 0x5771B66: QFontEngineXLFD::faceId() const (qfontengine_x11.cpp:693)
==12090==    by 0x57720AF: QFontEngineXLFD::getSfntTableData(unsigned int, unsigned char*, unsigned int*) const (qfontengine_x11.cpp:772)
==12090==    by 0x5690E65: hb_getSFntTable(void*, unsigned int, unsigned char*, unsigned int*) (qfontengine.cpp:164)
==12090==    by 0x4F9EED7: getTableStream(void*, HB_Error (*)(void*, unsigned int, unsigned char*, unsigned int*), unsigned int) (harfbuzz-shaper.cpp:935)
==12090==    by 0x4F9F04F: HB_NewFace (harfbuzz-shaper.cpp:979)
==12090==    by 0x4FA622E: qHBNewFace(void*, HB_Error (*)(void*, unsigned int, unsigned char*, unsigned int*)) (qharfbuzz.cpp:125)
==12090==    by 0x56913B2: QFontEngine::harfbuzzFace() const (qfontengine.cpp:229)
==12090==    by 0x56C89D1: QTextEngine::shapeTextWithHarfbuzz(int) const (qtextengine.cpp:1227)
==12090==    by 0x56C7D18: QTextEngine::shapeText(int) const (qtextengine.cpp:874)
==12090==    by 0x56C9568: QTextEngine::shape(int) const (qtextengine.cpp:1358)
==12090==    by 0x56C7B8F: QTextEngine::shapeLine(QScriptLine const&) (qtextengine.cpp:844)
==12090==    by 0x55A2625: QPainter::drawText(QPointF const&, QString const&, int, int) (qpainter.cpp:5975)
==12090==    by 0x55A1A76: QPainter::drawText(QPointF const&, QString const&) (qpainter.cpp:5811)
==12090==    by 0xD77AEC1: QPainter::drawText(int, int, QString const&) (qpainter.h:957)
==12090==    by 0xD778871: khtml::drawDirectedText(QPainter*, Qt::LayoutDirection, int, int, QString const&) (font.cpp:95)
==12090==    by 0xD778A76: khtml::Font::drawText(QPainter*, int, int, QChar*, int, int, int, int, Qt::LayoutDirection, int, int, QColor, int, int, int) const (font.cpp:148)
==12090==    by 0xD7308B5: khtml::InlineTextBox::paintShadow(QPainter*, khtml::Font const*, int, int, khtml::ShadowData const*) (render_text.cpp:317)
==12090==    by 0xD72FC5D: khtml::InlineTextBox::paint(khtml::RenderObject::PaintInfo&, int, int) (render_text.cpp:178)
==12090==    by 0xD77F0A5: khtml::InlineFlowBox::paint(khtml::RenderObject::PaintInfo&, int, int) (render_line.cpp:874)
==12090==    by 0xD77F0A5: khtml::InlineFlowBox::paint(khtml::RenderObject::PaintInfo&, int, int) (render_line.cpp:874)
==12090==    by 0xD7808FD: khtml::RootInlineBox::paint(khtml::RenderObject::PaintInfo&, int, int) (render_line.cpp:1182)
==12090==    by 0xD72DFE1: khtml::RenderFlow::paintLines(khtml::RenderObject::PaintInfo&, int, int) (render_flow.cpp:389)
==12090==    by 0xD6F8287: khtml::RenderBlock::paintObject(khtml::RenderObject::PaintInfo&, int, int, bool) (render_block.cpp:1797)
==12090==    by 0xD6F8123: khtml::RenderBlock::paint(khtml::RenderObject::PaintInfo&, int, int) (render_block.cpp:1767)
==12090==    by 0xD6F8D72: khtml::RenderBlock::paintFloats(khtml::RenderObject::PaintInfo&, int, int, bool) (render_block.cpp:1901)
==12090==    by 0xD6F8371: khtml::RenderBlock::paintObject(khtml::RenderObject::PaintInfo&, int, int, bool) (render_block.cpp:1806)
==12090==    by 0xD6F8123: khtml::RenderBlock::paint(khtml::RenderObject::PaintInfo&, int, int) (render_block.cpp:1767)
==12090==    by 0xD6F8304: khtml::RenderBlock::paintObject(khtml::RenderObject::PaintInfo&, int, int, bool) (render_block.cpp:1801)
==12090==    by 0xD6F8123: khtml::RenderBlock::paint(khtml::RenderObject::PaintInfo&, int, int) (render_block.cpp:1767)
==12090==    by 0xD6F8304: khtml::RenderBlock::paintObject(khtml::RenderObject::PaintInfo&, int, int, bool) (render_block.cpp:1801)
==12090==    by 0xD6F8123: khtml::RenderBlock::paint(khtml::RenderObject::PaintInfo&, int, int) (render_block.cpp:1767)
==12090==    by 0xD6F8304: khtml::RenderBlock::paintObject(khtml::RenderObject::PaintInfo&, int, int, bool) (render_block.cpp:1801)
==12090==    by 0xD6F8123: khtml::RenderBlock::paint(khtml::RenderObject::PaintInfo&, int, int) (render_block.cpp:1767)
==12090==    by 0xD73A42B: khtml::RenderLayer::paintLayer(khtml::RenderLayer*, QPainter*, QRect const&, bool) (render_layer.cpp:1107)
==12090==    by 0xD73A68B: khtml::RenderLayer::paintLayer(khtml::RenderLayer*, QPainter*, QRect const&, bool) (render_layer.cpp:1134)
==12090==    by 0xD739BB1: khtml::RenderLayer::paint(QPainter*, QRect const&, bool) (render_layer.cpp:1001)
==12090==    by 0xD5971D9: KHTMLView::paintEvent(QPaintEvent*) (khtmlview.cpp:929)
==12090==    by 0x54810E5: QWidget::event(QEvent*) (qwidget.cpp:8306)
==12090==    by 0x58E08AF: QFrame::event(QEvent*) (qframe.cpp:557)
==12090==    by 0xD59E529: KHTMLView::widgetEvent(QEvent*) (khtmlview.cpp:2362)
==12090==    by 0xD59DEEE: KHTMLView::eventFilter(QObject*, QEvent*) (khtmlview.cpp:2207)
==12090==    by 0x5029092: QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (qcoreapplication.cpp:847)
==12090==    by 0x5420AB7: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4395)
==12090==    by 0x5420811: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4364)
==12090==    by 0x49DD891: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:310)
==12090==    by 0x5028DBA: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:732)
==12090==    by 0x542397C: QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) (in /home/rakuco/kde4/qt4/lib/libQtGui.so.4.7.0)
==12090==  Address 0x3c9198ac is 2,092 bytes inside a block of size 2,104 free'd
==12090==    at 0x40237AC: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==12090==    by 0x577466B: QFreetypeFace::release(QFontEngine::FaceId const&) (qfontengine_ft.cpp:320)
==12090==    by 0x577018C: QFontEngineXLFD::~QFontEngineXLFD() (qfontengine_x11.cpp:346)
==12090==    by 0x577022C: QFontEngineXLFD::~QFontEngineXLFD() (qfontengine_x11.cpp:348)
==12090==    by 0x5695952: QFontEngineMulti::~QFontEngineMulti() (qfontengine.cpp:1282)
==12090==    by 0x576E580: QFontEngineMultiXLFD::~QFontEngineMultiXLFD() (qfontengine_x11.cpp:115)
==12090==    by 0x576E5E6: QFontEngineMultiXLFD::~QFontEngineMultiXLFD() (qfontengine_x11.cpp:116)
==12090==    by 0x568C838: QFontCache::clear() (qfont.cpp:2704)
==12090==    by 0x56A6D66: QFontDatabasePrivate::invalidate() (qfontdatabase.cpp:689)
==12090==    by 0x56B1B31: QFontDatabasePrivate::addAppFont(QByteArray const&, QString const&) (qfontdatabase.cpp:2516)
==12090==    by 0x56B1E00: QFontDatabase::addApplicationFontFromData(QByteArray const&) (qfontdatabase.cpp:2579)
==12090==    by 0xD7DE25B: DOM::CSSFontFaceSource::notifyFinished(khtml::CachedObject*) (css_webfont.cpp:92)
==12090==    by 0xD7E3BB7: khtml::CachedFont::checkNotify() (loader.cpp:877)
==12090==    by 0xD7E3AC6: khtml::CachedFont::data(QBuffer&, bool) (loader.cpp:869)
==12090==    by 0xD7E5F1C: khtml::Loader::slotFinished(KJob*) (loader.cpp:1244)
==12090==    by 0xD7E85B9: khtml::Loader::qt_metacall(QMetaObject::Call, int, void**) (loader.moc:141)
==12090==    by 0x503044D: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==12090==    by 0x504337C: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3272)
==12090==    by 0x4D55D7D: KJob::result(KJob*) (kjob.moc:194)
==12090==    by 0x4D5538C: KJob::emitResult() (kjob.cpp:312)
==12090==    by 0x4342D7A: KIO::SimpleJob::slotFinished() (job.cpp:522)
==12090==    by 0x4345DDA: KIO::TransferJob::slotFinished() (job.cpp:1111)
==12090==    by 0x434CFE7: KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) (jobclasses.moc:367)
==12090==    by 0x503044D: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==12090==    by 0x504337C: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3272)
==12090==    by 0x43EB988: KIO::SlaveInterface::finished() (slaveinterface.moc:171)
==12090==    by 0x43E90DB: KIO::SlaveInterface::dispatch(int, QByteArray const&) (slaveinterface.cpp:175)
==12090==    by 0x43E8D7D: KIO::SlaveInterface::dispatch() (slaveinterface.cpp:91)
==12090==    by 0x43DF099: KIO::Slave::gotInput() (slave.cpp:344)
==12090==    by 0x43E0165: KIO::Slave::qt_metacall(QMetaObject::Call, int, void**) (slave.moc:82)
==12090==    by 0x503044D: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==12090==    by 0x504337C: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3272)
==12090==    by 0x4314EE6: KIO::Connection::readyRead() (connection.moc:92)
==12090==    by 0x4311C87: KIO::ConnectionPrivate::dequeue() (connection.cpp:82)
==12090==    by 0x4314E73: KIO::Connection::qt_metacall(QMetaObject::Call, int, void**) (connection.moc:79)
==12090==    by 0x503044D: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==12090==    by 0x503E48C: QMetaCallEvent::placeMetaCall(QObject*) (qobject.cpp:534)
==12090==    by 0x503F510: QObject::event(QEvent*) (qobject.cpp:1211)
==12090==    by 0x5420ADB: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4399)
==12090==    by 0x541E387: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3801)
==12090==    by 0x49DD891: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:310)
==12090==    by 0x5028DBA: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:732)
==12090==    by 0x502C6A8: QCoreApplication::sendEvent(QObject*, QEvent*) (in /home/rakuco/kde4/qt4/lib/libQtCore.so.4.7.0)
==12090==    by 0x5029E53: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1373)
==12090==    by 0x5029B10: QCoreApplication::sendPostedEvents(QObject*, int) (qcoreapplication.cpp:1266)
==12090==    by 0x505DA81: QCoreApplication::sendPostedEvents() (qcoreapplication.h:220)
==12090==    by 0x505CB95: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qeventdispatcher_glib.cpp:277)
==12090==    by 0x66C0F71: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.2400.1)
==12090==    by 0x66C174F: g_main_context_iterate (in /usr/lib/libglib-2.0.so.0.2400.1)
==12090==    by 0x66C1A03: g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.2400.1)

Comment 15 Tommi Tervo 2010-09-05 09:34:27 UTC

*** Bug 250209 has been marked as a duplicate of this bug. ***

Comment 16 Marcin Gryszkalis 2010-09-19 14:56:56 UTC

I'm getting same backtrace (up to FT_Get_Sfnt_Table) in akregator. 

KDE 4.5.1 (gentoo portage build), freetype 2.4.2, QT 4.6.3

Comment 17 Tommi Tervo 2010-11-16 18:37:54 UTC

*** Bug 257034 has been marked as a duplicate of this bug. ***

Comment 18 Dario Andres 2010-11-24 20:04:23 UTC

*** Bug 257735 has been marked as a duplicate of this bug. ***

Comment 19 Tommi Tervo 2010-11-25 07:55:00 UTC

*** Bug 257299 has been marked as a duplicate of this bug. ***

Comment 20 Marek Paśnikowski 2010-12-04 17:07:26 UTC

Created attachment 54093 [details]
New crash information added by DrKonqi

konqueror (4.5.4 (KDE 4.5.4)) on KDE Platform 4.5.4 (KDE 4.5.4) using Qt 4.7.0

- What I was doing when the application crashed:

Had just clicked link to site in the same domain. This particular website has problem with rendering fonts - all fonts there are not smoothed at all.

This seems to be a random segfault, as I had browsed this website for days without crashes.

Using Arch-based Chakra Jaz.

-- Backtrace (Reduced):
#6  0x00007f53a4bb98ad in QFreetypeFace::getSfntTable (this=<value optimized out>, tag=1195656518, buffer=0x0, length=0x7fff9320c5dc) at text/qfontengine_ft.cpp:412
#7  0x00007f53a4bb3531 in QFontEngineXLFD::getSfntTableData (this=0x8488780, tag=1195656518, buffer=<value optimized out>, length=<value optimized out>) at text/qfontengine_x11.cpp:775
#8  0x00007f53a4adcd1a in hb_getSFntTable (font=<value optimized out>, tableTag=<value optimized out>, buffer=<value optimized out>, length=<value optimized out>) at text/qfontengine.cpp:164
#9  0x00007f53a57107b0 in getTableStream (font=0x8488780, tableFunc=0x7f53a4adcd10 <hb_getSFntTable>, tag=1195656518) at ../3rdparty/harfbuzz/src/harfbuzz-shaper.cpp:935
#10 0x00007f53a5711d88 in HB_NewFace (font=0x8488780, tableFunc=0x7f53a4adcd10 <hb_getSFntTable>) at ../3rdparty/harfbuzz/src/harfbuzz-shaper.cpp:979

Comment 21 Marek Paśnikowski 2010-12-05 14:32:37 UTC

Created attachment 54162 [details]
New crash information added by DrKonqi

konqueror (4.5.4 (KDE 4.5.4)) on KDE Platform 4.5.4 (KDE 4.5.4) using Qt 4.7.0

- What I was doing when the application crashed:

I opened 5 tabs in a row from my RSS reader. Nothing special about my setup.

Using Arch-based Chakra

-- Backtrace (Reduced):
#6  0x00007f3898c87cd0 in FT_Get_Sfnt_Table () from /usr/lib/libfreetype.so.6
#7  0x00007f389cb2a251 in QFreetypeFace::fsType (this=<value optimized out>) at text/qfontengine_ft.cpp:170
#8  0x00007f389cb26ff7 in QFontEngineXLFD::faceId (this=0x9ac0750) at text/qfontengine_x11.cpp:697
#9  0x00007f389cb24557 in QFontEngineXLFD::getSfntTableData (this=0x9ac0750, tag=1195656518, buffer=<value optimized out>, length=<value optimized out>) at text/qfontengine_x11.cpp:772
#10 0x00007f389ca4dd1a in hb_getSFntTable (font=<value optimized out>, tableTag=<value optimized out>, buffer=<value optimized out>, length=<value optimized out>) at text/qfontengine.cpp:164

Comment 22 Tommi Tervo 2010-12-08 19:23:41 UTC

*** Bug 259240 has been marked as a duplicate of this bug. ***

Comment 23 Tommi Tervo 2011-01-26 08:10:57 UTC

*** Bug 264311 has been marked as a duplicate of this bug. ***

Comment 24 Tommi Tervo 2011-05-12 09:07:35 UTC

*** Bug 270341 has been marked as a duplicate of this bug. ***

Comment 25 Tommi Tervo 2011-05-12 09:07:41 UTC

*** Bug 273089 has been marked as a duplicate of this bug. ***

Comment 26 kavol 2011-06-02 14:25:40 UTC

Created attachment 60554 [details]
New crash information added by DrKonqi

konqueror (4.6.2 (4.6.2)) on KDE Platform 4.6.2 (4.6.2) using Qt 4.7.2

- What I was doing when the application crashed:

konqueror crashed on closing tab with this page: http://www.fontonic.com/download.asp?id=6010
(not replicable, however, since it deals with fonts, it may give some clue ...)

-- Backtrace (Reduced):
#6  FT_Get_Sfnt_Table (face=0x1, tag=ft_sfnt_os2) at /var/tmp/portage/media-libs/freetype-2.4.4/work/freetype-2.4.4/src/base/ftobjs.c:3553
#7  0x00007fdb26dbd171 in QFreetypeFace::fsType (this=<value optimized out>) at text/qfontengine_ft.cpp:169
#8  0x00007fdb26dbad62 in QFontEngineXLFD::faceId (this=0x22eb9c0) at text/qfontengine_x11.cpp:697
#9  0x00007fdb26dbae77 in QFontEngineXLFD::getSfntTableData (this=0x22eb9c0, tag=1195656518, buffer=<value optimized out>, length=<value optimized out>) at text/qfontengine_x11.cpp:772
#10 0x00007fdb26cf00ba in hb_getSFntTable (font=0x1, tableTag=2, buffer=0x1 <Address 0x1 out of bounds>, length=0x5) at text/qfontengine.cpp:163

Comment 27 Tommi Tervo 2011-06-28 07:56:49 UTC

*** Bug 276654 has been marked as a duplicate of this bug. ***

Comment 28 Martin Koller 2011-07-15 20:11:40 UTC

*** Bug 277426 has been marked as a duplicate of this bug. ***

Comment 29 Neil Skrypuch 2011-07-29 02:28:26 UTC

The following site appears to trigger this crash every single time: http://www.bimmerpost.com/

(Just tested with KDE 4.7.0 and Qt 4.7.3.)

Comment 30 Unknown 2011-07-29 06:10:48 UTC

(In reply to comment #29)
> The following site appears to trigger this crash every single time:
> http://www.bimmerpost.com/
> 
> (Just tested with KDE 4.7.0 and Qt 4.7.3.)

Can't reproduce here on similar setup.

Comment 31 Andrei Slavoiu 2011-08-07 14:47:57 UTC

(In reply to comment #30)
> (In reply to comment #29)
> > The following site appears to trigger this crash every single time:
> > http://www.bimmerpost.com/
> > 
> > (Just tested with KDE 4.7.0 and Qt 4.7.3.)
> 
> Can't reproduce here on similar setup.

I can, with KDE SC 4.7.0, Qt 4.7.3 and freetype 2.4.6 on amd64.

Comment 32 Andrei Slavoiu 2011-08-07 15:15:56 UTC

running with valgrind --track-origin=yes I get the following right before the crash, looks like a double free:

==10309== Invalid read of size 4
==10309==    at 0x82084B8: QFreetypeFace::release(QFontEngine::FaceId const&) (qatomic_x86_64.h:133)
==10309==    by 0x82012CD: QFontEngineXLFD::~QFontEngineXLFD() (qfontengine_x11.cpp:346)
==10309==    by 0x8201368: QFontEngineXLFD::~QFontEngineXLFD() (qfontengine_x11.cpp:348)
==10309==    by 0x813E7B8: QFontEngineMulti::~QFontEngineMulti() (qfontengine.cpp:1306)
==10309==    by 0x82023C8: QFontEngineMultiXLFD::~QFontEngineMultiXLFD() (qfontengine_x11.cpp:116)
==10309==    by 0x8136C50: QFontCache::clear() (qfont.cpp:2704)
==10309==    by 0x814D07B: QFontDatabasePrivate::invalidate() (qfontdatabase.cpp:691)
==10309==    by 0x8157339: QFontDatabasePrivate::addAppFont(QByteArray const&, QString const&) (qfontdatabase.cpp:2518)
==10309==    by 0x815750A: QFontDatabase::addApplicationFontFromData(QByteArray const&) (qfontdatabase.cpp:2585)
==10309==    by 0x1AF6A69F: DOM::CSSFontFaceSource::notifyFinished(khtml::CachedObject*) (css_webfont.cpp:92)
==10309==    by 0x1AF6F14E: khtml::CachedFont::checkNotify() (loader.cpp:877)
==10309==    by 0x1AF6F331: khtml::CachedFont::data(QBuffer&, bool) (loader.cpp:869)
==10309==  Address 0x12cb11b0 is 2,304 bytes inside a block of size 2,331 free'd
==10309==    at 0x4C27F6C: free (vg_replace_malloc.c:366)
==10309==    by 0x1BA539CC: WTF::Vector<unsigned char, 0ul>::resize(unsigned long) (Vector.h:635)
==10309==    by 0x1BA531CA: KJS::CodeGen::emitOp(KJS::CompileState*, KJS::OpName, KJS::OpValue*, KJS::OpValue*, KJS::OpValue*, KJS::OpValue*, KJS::OpValue*) (opcodes.cpp.in:331)
==10309==    by 0x1BA60BA1: KJS::FuncExprNode::generateEvalCode(KJS::CompileState*) (nodes2bytecode.cpp:980)
==10309==    by 0x1BA5FC2D: KJS::AssignExprNode::generateEvalCode(KJS::CompileState*) (nodes2bytecode.cpp:1078)
==10309==    by 0x1BA6AF00: KJS::VarDeclNode::generateCode(KJS::CompileState*) (nodes2bytecode.cpp:1099)
==10309==    by 0x1BA6BFCB: KJS::VarDeclListNode::generateEvalCode(KJS::CompileState*) (nodes2bytecode.cpp:1116)
==10309==    by 0x1BA64EFF: KJS::VarStatementNode::generateExecCode(KJS::CompileState*) (nodes2bytecode.cpp:1124)
==10309==    by 0x1BA5F78C: KJS::SourceElementsNode::generateExecCode(KJS::CompileState*) (nodes2bytecode.cpp:993)
==10309==    by 0x1BA67C9B: KJS::FunctionBodyNode::generateExecCode(KJS::CompileState*) (nodes2bytecode.cpp:1581)
==10309==    by 0x1BA1567D: KJS::FunctionBodyNode::compile(KJS::CodeType, KJS::CompileType) (nodes.cpp:947)
==10309==    by 0x1BA3D44A: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:150)

Comment 33 Jonathan Marten 2011-09-06 11:11:39 UTC

Have not seen the FT_Get_Sfnt_Table crash here yet, after a rebuild of current trunk with:

Qt        4.8 (git://anongit.kde.org/qt branch "4.8")
Freetype  2.4.6

Have tried all of the links quoted here and in duplicate bugs, the only one that fails is the "200 lines kernel patch" one which seems to be a different crash.

Comment 34 Christoph Feck 2011-09-09 12:15:15 UTC

*** Bug 281350 has been marked as a duplicate of this bug. ***

Comment 35 Tommi Tervo 2011-09-13 15:49:05 UTC

*** Bug 281912 has been marked as a duplicate of this bug. ***

Comment 36 Thomas Fischer 2011-09-16 07:09:54 UTC

I just want to contribute my backtrace. I differs from the previous ones that it contains source code filenames and lines like #26, but uses a more recent FreeType version (2.4.6). My crash happend in Konqueror/KDE 4.6.5 using Qt 4.7.3 in Gentoo Linux.


Thread 1 (Thread 0xb58b3710 (LWP 4145)):
[KCrash Handler]
#7  FT_Get_Sfnt_Table (face=0x6, tag=ft_sfnt_os2) at /var/tmp/portage/media-libs/freetype-2.4.6/work/freetype-2.4.6/src/base/ftobjs.c:3565
#8  0xb6662d7a in QFreetypeFace::fsType (this=0xbf669b8) at text/qfontengine_ft.cpp:169
#9  0xb6660c1f in QFontEngineXLFD::faceId (this=0xc65ad28) at text/qfontengine_x11.cpp:697
#10 0xb665ddfe in QFontEngineXLFD::getSfntTableData (this=0xc65ad28, tag=1195656518, buffer=0x0, length=0xbfc5ffcc) at text/qfontengine_x11.cpp:772
#11 0xb65758ad in hb_getSFntTable (font=0xc65ad28, tableTag=1195656518, buffer=0x0, length=0xbfc5ffcc) at text/qfontengine.cpp:163
#12 0xb6dd6e3c in getTableStream (font=0xc65ad28, tableFunc=<value optimized out>, tag=1195656518) at ../3rdparty/harfbuzz/src/harfbuzz-shaper.cpp:935
#13 0xb6dd6f3b in HB_NewFace (font=0xc65ad28, tableFunc=0xb6575887 <hb_getSFntTable(void*, HB_Tag, HB_Byte*, HB_UInt*)>) at ../3rdparty/harfbuzz/src/harfbuzz-shaper.cpp:979
#14 0xb6ddcfbd in qHBNewFace (font=0xc65ad28, tableFunc=0xb6575887 <hb_getSFntTable(void*, HB_Tag, HB_Byte*, HB_UInt*)>) at tools/qharfbuzz.cpp:125
#15 0xb657759f in QFontEngine::harfbuzzFace (this=0xc65ad28) at text/qfontengine.cpp:228
#16 0xb65b0fcd in QTextEngine::shapeTextWithHarfbuzz (this=0xbfc60a88, item=0) at text/qtextengine.cpp:1246
#17 0xb65b1c78 in QTextEngine::shapeText (this=0xbfc60a88, item=0) at text/qtextengine.cpp:874
#18 0xb65b2189 in QTextEngine::shape (this=0xbfc60a88, item=0) at text/qtextengine.cpp:1381
#19 0xb65b5f34 in QTextEngine::shapeLine (this=0xbfc60a88, line=...) at text/qtextengine.cpp:844
#20 0xb647eec6 in QPainter::drawText (this=0xbfc6462c, p=..., str=..., tf=0, justificationPadding=0) at painting/qpainter.cpp:5992
#21 0xb647f752 in QPainter::drawText (this=0xbfc6462c, p=..., str=...) at painting/qpainter.cpp:5820
#22 0xae25e3e3 in QPainter::drawText(int, int, QString const&) () from /usr/lib/libkhtml.so.5
#23 0xae25c92b in khtml::drawDirectedText (p=0xbfc6462c, d=<value optimized out>, x=368, y=405, str=...) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/font.cpp:95
#24 0xae25d247 in khtml::Font::drawText (this=0xc48c640, p=0xbfc6462c, x=368, y=405, str=0xc1efeb8, slen=29, pos=0, len=29, toAdd=0, d=Qt::LeftToRight, from=-1, to=-1, bg=..., uy=-1, h=-1, deco=0) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/font.cpp:148
#25 0xae21efea in khtml::InlineTextBox::paint (this=0xb2986d4, i=..., tx=368, ty=372) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/render_text.cpp:181
#26 0xae260521 in khtml::InlineFlowBox::paint (this=0xb298714, i=..., tx=368, ty=372) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/render_line.cpp:874
#27 0xae260656 in khtml::RootInlineBox::paint (this=0xb298714, i=..., tx=368, ty=372) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/render_line.cpp:1182
#28 0xae219148 in khtml::RenderFlow::paintLines (this=0xaed5aa4, i=..., _tx=368, _ty=372) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/render_flow.cpp:389
#29 0xae1ebe55 in khtml::RenderBlock::paintObject (this=0xaed5aa4, pI=..., _tx=368, _ty=372, shouldPaintOutline=true) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/render_block.cpp:1797
#30 0xae1ec176 in khtml::RenderBlock::paint (this=0xaed5aa4, pI=..., _tx=368, _ty=372) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/render_block.cpp:1767
#31 0xae1e6791 in khtml::RenderBlock::paintFloats (this=0xaed59b0, pI=..., _tx=368, _ty=366, paintSelection=false) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/render_block.cpp:1901
#32 0xae1ec0aa in khtml::RenderBlock::paintObject (this=0xaed59b0, pI=..., _tx=368, _ty=366, shouldPaintOutline=true) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/render_block.cpp:1806
#33 0xae1ec176 in khtml::RenderBlock::paint (this=0xaed59b0, pI=..., _tx=368, _ty=366) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/render_block.cpp:1767
#34 0xae224636 in khtml::RenderLayer::paintLayer (this=0xaed5a34, rootLayer=0xaece018, p=0xbfc6462c, paintDirtyRect=..., selectionOnly=false) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/render_layer.cpp:1124
#35 0xae22435b in khtml::RenderLayer::paintLayer (this=0xaece10c, rootLayer=0xaece018, p=0xbfc6462c, paintDirtyRect=..., selectionOnly=false) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/render_layer.cpp:1145
#36 0xae2243c8 in khtml::RenderLayer::paintLayer (this=0xaece018, rootLayer=0xaece018, p=0xbfc6462c, paintDirtyRect=..., selectionOnly=false) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/render_layer.cpp:1151
#37 0xae2249a0 in khtml::RenderLayer::paint (this=0xaece018, p=0xbfc6462c, damageRect=..., selectionOnly=<value optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/rendering/render_layer.cpp:1018
#38 0xae0b2c61 in KHTMLView::paintEvent (this=0xb3cbf68, e=0xbfc64d34) at /var/tmp/portage/kde-base/kdelibs-4.6.5-r1/work/kdelibs-4.6.5/khtml/khtmlview.cpp:917
#39 0xb635b9a1 in QWidget::event (this=0xb3cbf68, event=0xbfc64d34) at kernel/qwidget.cpp:8405
#40 0xb679fafa in QFrame::event (this=0xb3cbf68, e=0xbfc64d34) at widgets/qframe.cpp:557

Comment 37 Thomas Fischer 2011-09-16 13:13:39 UTC

Created attachment 63697 [details]
Bash script that generates HTML page with @font-face CSS code based on locally installed TrueType fonts

To gather more information on this bug, I wrote a small shell script that based on the TTF files you have installed on your system (/usr/local/share/fonts and /usr/share/fonts) creates an HTML page with CSS code using @font-face.
Does not crash my Konqueror reliably, but slows it down considerable (having 50+ fonts) so it may be used for profiling. Maybe it can be developed further to generate HTML/CSS code that makes Konqueror crash in a reproducible way.

Comment 38 Thomas Fischer 2011-09-16 13:15:05 UTC

Created attachment 63698 [details]
Minor corrections

Comment 39 Dawit Alemayehu 2011-11-19 16:36:25 UTC

(In reply to comment #37)
> Created an attachment (id=63697) [details]
> Bash script that generates HTML page with @font-face CSS code based on locally
> installed TrueType fonts
> 
> To gather more information on this bug, I wrote a small shell script that based
> on the TTF files you have installed on your system (/usr/local/share/fonts and
> /usr/share/fonts) creates an HTML page with CSS code using @font-face.
> Does not crash my Konqueror reliably, but slows it down considerable (having
> 50+ fonts) so it may be used for profiling. Maybe it can be developed further
> to generate HTML/CSS code that makes Konqueror crash in a reproducible way.

I can confirm this for the webkit browser engine too. It is very very slow in rendering the generated page compared to both Firefox and Chromium.

Comment 40 Dawit Alemayehu 2011-11-21 19:23:47 UTC

*** Bug 282699 has been marked as a duplicate of this bug. ***

Comment 41 Dawit Alemayehu 2011-11-21 19:27:30 UTC

*** Bug 282442 has been marked as a duplicate of this bug. ***

Comment 42 Dawit Alemayehu 2011-11-22 23:47:44 UTC

*** Bug 287225 has been marked as a duplicate of this bug. ***

Comment 43 Dawit Alemayehu 2012-01-27 23:34:32 UTC

This to me entirely seems to be an upstream issue. Both the crash and the issue reported in comment# 37. The crash no longer seems to be reproducible in Qt 4.8 as reported in comment# 33. And I can confirm the very slow renderning of the html generated using the script from comment# 37 with Qt 4.8, though it is much better than it was with Qt 4.7.4. 

Can anyone else confirm whether or not the original crash reported is gone in Qt 4.8 and KDE 4.8 ?

Comment 44 Neil Skrypuch 2012-03-09 03:29:58 UTC

With Qt 4.8 and KDE 4.8.1, I haven't been able to reproduce this crash yet, and I would have expected to hit it by now. However, I did run into another crash on phoronix.com (different backtrace), which is where (IIRC) I could most reliably reproduce this crash. I filed #295572 for this.

Comment 45 Dawit Alemayehu 2012-03-09 08:49:48 UTC

(In reply to comment #44)
> With Qt 4.8 and KDE 4.8.1, I haven't been able to reproduce this crash yet,
> and I would have expected to hit it by now. However, I did run into another
> crash on phoronix.com (different backtrace), which is where (IIRC) I could
> most reliably reproduce this crash. I filed #295572 for this.

Then reassinging this back to khtml.

Comment 46 Andrea Iacovitti 2014-12-02 12:59:58 UTC

Let's close this as fixed upstream

924312
adawit
aiacovitti
andresbajotierra
ansla80
arne_bab
cbruner
christiandehne
diazona
fischer
gatoso
groszdanielpub
guido-kdebugs
jjm
kavol
kde
luke-jr+kdebugs
mail
mg
null
wonko