Bug 430220 - [text-tool] Crash when editing a text with a specific font (IMFellEnglish)
Summary: [text-tool] Crash when editing a text with a specific font (IMFellEnglish)
Status: RESOLVED FIXED
Alias: None
Product: krita
Classification: Applications
Component: Tool/Text (show other bugs)
Version: 4.4.2-beta1
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: Krita Bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-12-10 14:23 UTC by David REVOY
Modified: 2021-09-08 07:53 UTC (History)
2 users (show)

See Also:
Latest Commit: https://invent.kde.org/graphics/krita/commit/a7e69386f6cd62bd6e868cac74ca1c1f7e81010a
Version Fixed In:
Sentry Crash Report:

Attachments
^ Krita file sample that reproduce the crash: just a small 577x225px file with centered a text-box to edit. (772.39 KB, application/x-krita)
2020-12-10 14:23 UTC, David REVOY 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description David REVOY 2020-12-10 14:23:25 UTC 
Created attachment 133967 [details]
^ Krita file sample that reproduce the crash: just a small 577x225px file with centered a text-box to edit.

Hi,

To reproduce:
=============
1. Get and install the font IMFellEnglish on your O.S. (SIL Licensed, FLOSS), for GNU/Linux:
```
mkdir ~/.fonts
cd ~/.fonts
wget https://framagit.org/peppercarrot/fonts/-/raw/master/Latin/IM-Fell-English.italic.ttf
wget https://framagit.org/peppercarrot/fonts/-/blob/master/Latin/IM-Fell-english.roman.ttf
wget https://framagit.org/peppercarrot/fonts/-/raw/master/Latin/IM-Fell-english.sc.ttf
```
2. Open the Krita file in attachement
3. with the vector selection tool click on the text box, the boundaries rectangle decoration appear
4. Press [Enter] to edit the text box

Result:
=======
Krita crashes. Not new or specific to 4.4.2, I could also reproduce since 4.4.0 (it was on my to-do report for long, sorry about that).

Backtrace:
==========
Thread 1 "krita" received signal SIGSEGV, Segmentation fault.
0x00007ffff4f0d2eb in ?? () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
(gdb) thread apply all bt
[...]
Thread 1 (Thread 0x7fffef979800 (LWP 108061)):
#0  0x00007ffff4f0d2eb in ?? () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#1  0x00007ffff4f156ce in QFontDatabase::font(QString const&, QString const&, int) const () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#2  0x00007ffff5b1727b in KisFontComboBoxes::currentFont (this=this@entry=0x55557049b7a0, pointSize=14) at /home/deevad/sources/krita/src/libs/widgetutils/kis_font_family_combo_box.cpp:267
#3  0x00007fff6e895576 in SvgTextEditor::Private::saveFromWidgets (this=this@entry=0x5555700f32e0, actions=0x55556ff57870) at /home/deevad/sources/krita/src/plugins/tools/svgtexttool/SvgTextEditor.cpp:114
#4  0x00007fff6e89102e in SvgTextEditor::setInitialShape (this=0x55555780edd0, shape=shape@entry=0x55555bbed2b0) at /home/deevad/sources/krita/src/plugins/tools/svgtexttool/SvgTextEditor.cpp:385
#5  0x00007fff6e89852b in SvgTextTool::showEditor (this=0x55556d861b90) at /usr/include/c++/9/bits/atomic_base.h:413
#6  0x00007fff6e898805 in SvgTextTool::keyPressEvent (this=<optimized out>, event=0x7fffffffde60) at /home/deevad/sources/krita/src/plugins/tools/svgtexttool/SvgTextTool.cpp:428
#7  0x00007ffff6d080a6 in KisToolProxy::forwardEvent (this=0x55556d847c80, state=KisToolProxy::CONTINUE, action=KisTool::Primary, event=0x7fffffffde60, originalEvent=0x7fffffffde60) at /home/deevad/sources/krita/src/libs/ui/canvas/kis_tool_proxy.cpp:160
#8  0x00007ffff70390ec in KisToolInvocationAction::processUnhandledEvent (this=0x555569874bf0, event=0x7fffffffde60) at /home/deevad/sources/krita/src/libs/ui/input/kis_tool_invocation_action.cpp:190
#9  0x00007ffff702e7e5 in KisInputManager::Private::processUnhandledEvent (this=0x55556a6863b0, event=event@entry=0x7fffffffde60) at /home/deevad/sources/krita/src/libs/ui/input/kis_input_manager_p.cpp:599
#10 0x00007ffff702889e in KisInputManager::eventFilterImpl (this=0x55556a01a748, event=<optimized out>) at /home/deevad/sources/krita/src/libs/ui/input/kis_input_manager.cpp:394
#11 0x00007ffff4a4b64b in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#12 0x00007ffff5463a55 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#13 0x00007ffff546d81e in QApplication::notify(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#14 0x00007ffff70ca42d in KisApplication::notify (this=<optimized out>, receiver=0x55555bc2e730, event=0x7fffffffde60) at /home/deevad/sources/krita/src/libs/ui/KisApplication.cpp:689
#15 0x00007ffff4a4b93a in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#16 0x00007ffff54c5216 in ?? () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#17 0x00007ffff5463a66 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#18 0x00007ffff546d0f0 in QApplication::notify(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
#19 0x00007ffff70ca42d in KisApplication::notify (this=<optimized out>, receiver=0x55556a679590, event=0x7fffffffde60) at /home/deevad/sources/krita/src/libs/ui/KisApplication.cpp:689
--Type <RET> for more, q to quit, c to continue without paging--
#20 0x00007ffff4a4b93a in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#21 0x00007ffff4e30b2b in QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#22 0x00007ffff4e360f1 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#23 0x00007ffff4e1035b in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Gui.so.5
#24 0x00007fffef7f732e in ?? () from /lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
#25 0x00007ffff1fe2fbd in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#26 0x00007ffff1fe3240 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#27 0x00007ffff1fe32e3 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#28 0x00007ffff4aa3565 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#29 0x00007ffff4a4a4db in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#30 0x00007ffff4a52246 in QCoreApplication::exec() () from /lib/x86_64-linux-gnu/libQt5Core.so.5
#31 0x0000555555e28d58 in main (argc=<optimized out>, argv=0x7fffffffe488) at /home/deevad/sources/krita/src/krita/main.cc:656
Comment 1 Halla Rempt 2020-12-10 14:29:41 UTC 
Yes, I can confirm the crash.
Comment 2 Awakening 2020-12-10 15:46:03 UTC 
The crash is caused by ` [ ]` at the end of `font-family` property on text object, which is used to specify font foundry, according to Qt docs.
Comment 3 Halla Rempt 2021-09-07 12:54:57 UTC 
Git commit 105262fc28ddb8bb2f81c090823f4801524decd2 by Halla Rempt.
Committed on 07/09/2021 at 12:53.
Pushed by rempt into branch 'master'.

Fix QFontDatabase::parseFontName

It would crash if there was a space in the angle brackes for the
foundry.

A  +26   -0    3rdparty/ext_qt/0001-Do-not-crash-if-the-foundry-name-is-an-empty-space.patch
M  +1    -0    3rdparty/ext_qt/CMakeLists.txt

https://invent.kde.org/graphics/krita/commit/105262fc28ddb8bb2f81c090823f4801524decd2
Comment 4 Halla Rempt 2021-09-08 07:53:50 UTC 
Git commit a7e69386f6cd62bd6e868cac74ca1c1f7e81010a by Halla Rempt.
Committed on 08/09/2021 at 07:30.
Pushed by rempt into branch 'krita/5.0'.

Fix QFontDatabase::parseFontName

It would crash if there was a space in the angle brackes for the
foundry.
(cherry picked from commit 105262fc28ddb8bb2f81c090823f4801524decd2)

A  +26   -0    3rdparty/ext_qt/0001-Do-not-crash-if-the-foundry-name-is-an-empty-space.patch
M  +1    -0    3rdparty/ext_qt/CMakeLists.txt

https://invent.kde.org/graphics/krita/commit/a7e69386f6cd62bd6e868cac74ca1c1f7e81010a