Xvnc 3.3.3r2 crashes while rendering Type 1 font

Dimitry Andric dim "at" xs4all.nl
Mon, 13 Nov 2000 20:32:29 +0000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I had been running vnc-3.3.3r1 on FreeBSD/i386 for some time, without
any problems. When a new version of the port, 3.3.3r2, became
available, I installed it, and immediately Xvnc began coredumping,
initially due to my window manager (icewm).

So I compiled vnc-3.3.3r2 with "-g -O0", to prevent any optimization
snafus, and it still segfaulted in the same way. I then got the
following backtrace in gdb:

#0  0x80bcfee in crosses (h=1, left=0x4, right=0x283be0a8) at
regions.c:1278
#1  0x80bcb98 in swathxsort (before0=0xbfbfe4bc, edge=0x283be090) at
regions.c:1055
#2  0x80bc8e2 in t1_SortSwath (anchor=0x283bec70, edge=0x283be090,
swathfcn=0x80bca98 <swathxsort>) at regions.c:875
#3  0x80bc722 in newfilledge (R=0x283bf490, xmin=250466, xmax=271415,
ymin=1, ymax=34284, isdown=1) at regions.c:765
#4  0x80bc507 in t1_ChangeDirection (type=0, R=0x283bf490, x=250466,
y=34284, dy=0) at regions.c:684
#5  0x80d4838 in t1_StepLine (R=0x283bf490, x1=250466, y1=34284,
x2=252370, y2=34284) at lines.c:89
#6  0x80bc261 in t1_Interior (p=0x283bec00, fillrule=126) at
regions.c:510
#7  0x80b8f02 in fontfcnB (S=0x283be010 "\005\001\002",
code=0x81db6d1 "Q", lenP=0xbfbfe72c, mode=0xbfbfe728) at
fontfcn.c:178
#8  0x809f153 in Type1OpenScalable (fpe=0x8219d84, ppFont=0xbfbff8b0,
flags=0, entry=0x2838b164, fileName=0xbfbfec3c
"/usr/X11R6/lib/X11/fonts/Type1/cour.pfa", vals=0xbfbfebcc,
format=512, fmask=31, non_cachable_font=0x0) at t1funcs.c:290
#9  0x808ea50 in FontFileOpenFont (client=0x82154e0 "\003",
fpe=0x8219d84, flags=0, name=0x827b92c
"-adobe-courier-medium-r-*-*-*-140-*-*-*-*-*-*pppy \030%P\004",
namelen=45, format=512, fmask=31, id=12583002, pFont=0xbfbff8b0,
aliasName=0xbfbff89c, non_cachable_font=0x0) at fontfile.c:442
#10 0x805363a in doOpenFont (client=0x82154e0, c=0x827b4f4) at
dixfonts.c:273
#11 0x8053b71 in OpenFont (client=0x82154e0, fid=12583002, flags=0,
lenfname=45, pfontname=0x8261068
"-adobe-courier-medium-r-*-*-*-140-*-*-*-*-*-*") at dixfonts.c:448
#12 0x80622d0 in ProcOpenFont (client=0x82154e0) at dispatch.c:1146
#13 0x80609f7 in Dispatch () at dispatch.c:300
#14 0x804a851 in main (argc=18, argv=0xbfbffae8) at main.c:400
#15 0x804a215 in _start ()

So it crashes when it is rendering the
"-adobe-courier-medium-r-*-*-*-140-*-*-*-*-*-*" font. This is not
caused specifically by icewm, I can also get Xvnc to segfault by
using xfontsel, and selecting this specific adobe-courier font. These
fonts are from the normal FreeBSD XFree86 distribution.

These segfaults do not occur when I use vnc-3.3.3r1, so I think I can
rule out bad or corrupt font files (or is r1 more tolerant?). I'm
starting Xvnc with the (unmodified) vncserver script from the
distribution. I also tried modifying the script, to specify an exact
font path, but that didn't make any difference. Logical, because the
problem is obviously not that it can't find the font, it accesses an
"almost-NULL" pointer (i.e. 0x4) in crosses() from regions.c.

Cheers,
- --
Dimitry Andric <dim "at" xs4all.nl>
PGP key: http://www.xs4all.nl/~dim/dim.asc
KeyID: 4096/1024-0x2E2096A3
Fingerprint: 7AB4 62D2 CE35 FC6D 4239 4FCD B05E A30A 2E20 96A3

-----BEGIN PGP SIGNATURE-----
Version: Encrypted with PGP Plugin for Calypso
Comment: http://www.gn.apc.org/duncan/stoa_cover.htm

iQA/AwUBOhBAubBeowouIJajEQIfpgCbBmLkPV2hqUNb7Y9zjYNr32Gno/8AoOL2
cxBoXnOQl1gXtrlVjLN1ZRRx
=19ME
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------