Bug 1036351

Summary: [abrt] gimp-2.8.8-3.fc19: pango_layout_iter_get_char_extents: Process /usr/bin/gimp-2.8 was killed by signal 8 (SIGFPE)
Product: [Fedora] Fedora Reporter: HeeroYuy <baleineh>
Component: pangoAssignee: Akira TAGOH <tagoh>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: baleineh, fonts-bugs, i18n-bugs, nphilipp, phracek, tagoh, thuta87
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/47dafe76cbdcbd4c36877fb80f5976a2afbe65ca
Whiteboard: abrt_hash:ac5c0436ea0ca7860fb6028b44c44d7a377de16a
Fixed In Version: pango-1.34.1-2.fc19 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-01 04:05:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description HeeroYuy 2013-12-01 11:00:56 UTC 
Description of problem:
I don't know

Version-Release number of selected component:
gimp-2.8.8-3.fc19

Additional info:
reporter:       libreport-2.1.9
backtrace_rating: 4
cmdline:        gimp-2.8
crash_function: pango_layout_iter_get_char_extents
executable:     /usr/bin/gimp-2.8
kernel:         3.11.9-200.fc19.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (6 frames)
 #0 pango_layout_iter_get_char_extents at pango-layout.c:6098
 #1 gimp_text_tool_draw_selection at gimptexttool.c:857
 #2 gimp_text_tool_draw at gimptexttool.c:783
 #3 gimp_draw_tool_draw at gimpdrawtool.c:217
 #4 gimp_text_tool_apply at gimptexttool.c:1339
 #9 app_run at app.c:263
Comment 1 HeeroYuy 2013-12-01 11:01:04 UTC 
Created attachment 831185 [details]
File: backtrace
Comment 2 HeeroYuy 2013-12-01 11:01:07 UTC 
Created attachment 831186 [details]
File: cgroup
Comment 3 HeeroYuy 2013-12-01 11:01:12 UTC 
Created attachment 831187 [details]
File: core_backtrace
Comment 4 HeeroYuy 2013-12-01 11:01:17 UTC 
Created attachment 831189 [details]
File: dso_list
Comment 5 HeeroYuy 2013-12-01 11:01:20 UTC 
Created attachment 831191 [details]
File: environ
Comment 6 HeeroYuy 2013-12-01 11:01:24 UTC 
Created attachment 831193 [details]
File: limits
Comment 7 HeeroYuy 2013-12-01 11:01:27 UTC 
Created attachment 831195 [details]
File: maps
Comment 8 HeeroYuy 2013-12-01 11:01:30 UTC 
Created attachment 831197 [details]
File: open_fds
Comment 9 HeeroYuy 2013-12-01 11:01:34 UTC 
Created attachment 831200 [details]
File: proc_pid_status
Comment 10 HeeroYuy 2013-12-01 11:01:38 UTC 
Created attachment 831202 [details]
File: var_log_messages
Comment 11 Nils Philippsen 2013-12-04 16:57:42 UTC 
Looks like a division by zero here:

--- 8< --- pango/pango-layout.c:6098 -- pango_layout_iter_get_char_extents() ---
x0 = (iter->character_position * cluster_rect.width) / iter->cluster_num_chars;
--- >8 ---

The cluster_num_chars member is opaque to outside API users, so IMO has to be set by pango itself:

--- 8< --- app/tools/gimptexttool.c:841 -- gimp_text_tool_draw_selection() ---
  iter = pango_layout_get_iter (layout);

  gimp_draw_tool_push_group (draw_tool, fill_group);

  do
    {
      if (! pango_layout_iter_get_run (iter))
        continue;

      i = pango_layout_iter_get_index (iter);

      if (i >= min && i < max)
        {
          PangoRectangle rect;
          gint           ytop, ybottom;

          pango_layout_iter_get_char_extents (iter, &rect);
          pango_layout_iter_get_line_yrange (iter, &ytop, &ybottom);

          rect.y      = ytop;
          rect.height = ybottom - ytop;

          pango_extents_to_pixels (&rect, NULL);

          gimp_text_layout_transform_rect (text_tool->layout, &rect);

          rect.x += offset_x;
          rect.y += offset_y;

          gimp_draw_tool_add_rectangle (draw_tool, TRUE,
                                        rect.x, rect.y,
                                        rect.width, rect.height);
        }
    }
  while (pango_layout_iter_next_char (iter));
--- >8 ---

Changing component to pango.
Comment 12 Akira TAGOH 2013-12-17 08:59:31 UTC 
Please let me know how to reproduce this issue.
Comment 13 Fedora Update System 2014-01-23 02:04:36 UTC 
pango-1.36.1-2.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/pango-1.36.1-2.fc20
Comment 14 Fedora Update System 2014-01-23 02:29:56 UTC 
pango-1.34.1-2.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/pango-1.34.1-2.fc19
Comment 15 Fedora Update System 2014-01-24 07:42:20 UTC 
Package pango-1.36.1-2.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing pango-1.36.1-2.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-1429/pango-1.36.1-2.fc20
then log in and leave karma (feedback).
Comment 16 Fedora Update System 2014-02-01 04:05:16 UTC 
pango-1.36.1-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 17 Fedora Update System 2014-02-11 22:58:11 UTC 
pango-1.34.1-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 18 Red Hat Bugzilla 2023-09-14 01:54:41 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days