Bug 749218

Summary: Memory error detected by glibc
Product: [Fedora] Fedora Reporter: Mohamed AMAZIRH <m.amazirh>
Component: freetypeAssignee: Marek Kašík <mkasik>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: behdad, fonts-bugs, kevin, martin.sourada, mkasik
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-11-12 10:51:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Cprogram to test with none

Description Mohamed AMAZIRH 2011-10-26 14:09:00 UTC 
Description of problem:
A memory problem shows up when using freetype with libass, which causes (for example) mplayer to quit when trying to play video files with SSA subtitles using -ass parameter. 
On opensuse 11.4 the C program I provided as an attachement works without problems. But on Fedora 16, it crashes.
I built the C program with the default libass library and with version 0.9.11 (which is the same used in opensuse 11.4 ). In both cases the program crashes.
So I guess it's a freetype bug.

to build the C program : 
gcc -o test_ssa -lass test_ssa.c
To test the C program :
./test_ssa neoin.ssa


Version-Release number of selected component (if applicable):


How reproducible:
build the example program (see the attachments).
launch it with the subtitle file as an argument

Steps to Reproduce:
1../test_ssa noein.ssa
2.
3.
  
Actual results:

*** glibc detected *** ./ssa_test: free(): invalid next size (fast): 0x097b6cf8 ***
======= Backtrace: =========
/lib/libc.so.6[0x46b04f92]
/usr/lib/libfreetype.so.6[0x4ceacc2c]
/usr/lib/libfreetype.so.6(ft_mem_free+0x1a)[0x4ceb1f2a]
/usr/lib/libfreetype.so.6(FT_Outline_Done_Internal+0xb3)[0x4ceb2e83]
/usr/lib/libfreetype.so.6(FT_Outline_Done+0x2f)[0x4ceb2ebf]
/usr/lib/libfreetype.so.6[0x4ceb8f75]
/usr/lib/libfreetype.so.6(FT_Done_Glyph+0x36)[0x4ceb9326]
/usr/lib/libass.so.4(+0x5ee9)[0xbb4ee9]
/usr/lib/libass.so.4(+0x68b2)[0xbb58b2]
/usr/lib/libass.so.4(+0x6dfc)[0xbb5dfc]
/usr/lib/libass.so.4(+0x6e36)[0xbb5e36]
/usr/lib/libass.so.4(ass_render_frame+0x20c)[0xbbafac]
./ssa_test[0x8048ad1]
/lib/libc.so.6(__libc_start_main+0xf3)[0x46aa86b3]
./ssa_test[0x8048731]
======= Memory map: ========
00b0c000-00b0d000 r-xp 00000000 00:00 0          [vdso]
00baf000-00bc9000 r-xp 00000000 fd:01 1978410    /usr/lib/libass.so.4.1.0
00bc9000-00bca000 rw-p 0001a000 fd:01 1978410    /usr/lib/libass.so.4.1.0
08048000-08049000 r-xp 00000000 fd:01 1319061    /home/mohamed/ssa_test
08049000-0804a000 rw-p 00000000 fd:01 1319061    /home/mohamed/ssa_test
09300000-09c8c000 rw-p 00000000 00:00 0          [heap]
46a6a000-46a8b000 r-xp 00000000 fd:01 527033     /lib/ld-2.14.90.so
46a8b000-46a8c000 r--p 00020000 fd:01 527033     /lib/ld-2.14.90.so
46a8c000-46a8d000 rw-p 00021000 fd:01 527033     /lib/ld-2.14.90.so
46a8f000-46c34000 r-xp 00000000 fd:01 527034     /lib/libc-2.14.90.so
46c34000-46c36000 r--p 001a5000 fd:01 527034     /lib/libc-2.14.90.so
46c36000-46c37000 rw-p 001a7000 fd:01 527034     /lib/libc-2.14.90.so
46c37000-46c3a000 rw-p 00000000 00:00 0 
46c60000-46c89000 r-xp 00000000 fd:01 528541     /lib/libm-2.14.90.so
46c89000-46c8a000 r--p 00028000 fd:01 528541     /lib/libm-2.14.90.so
46c8a000-46c8b000 rw-p 00029000 fd:01 528541     /lib/libm-2.14.90.so
46c8d000-46ca9000 r-xp 00000000 fd:01 527036     /lib/libgcc_s-4.6.1-20111002.so.1
46ca9000-46caa000 rw-p 0001b000 fd:01 527036     /lib/libgcc_s-4.6.1-20111002.so.1
471a3000-471c9000 r-xp 00000000 fd:01 530133     /lib/libexpat.so.1.5.2
471c9000-471cb000 rw-p 00026000 fd:01 530133     /lib/libexpat.so.1.5.2
47501000-47526000 r-xp 00000000 fd:01 1990246    /usr/lib/libenca.so.0.5.1
47526000-47529000 rw-p 00025000 fd:01 1990246    /usr/lib/libenca.so.0.5.1
4cea3000-4cf3b000 r-xp 00000000 fd:01 1981890    /usr/lib/libfreetype.so.6.7.1
4cf3b000-4cf3f000 r--p 00097000 fd:01 1981890    /usr/lib/libfreetype.so.6.7.1
4cf3f000-4cf40000 rw-p 0009b000 fd:01 1981890    /usr/lib/libfreetype.so.6.7.1
4cf42000-4cf75000 r-xp 00000000 fd:01 1982077    /usr/lib/libfontconfig.so.1.4.4
4cf75000-4cf76000 rw-p 00033000 fd:01 1982077    /usr/lib/libfontconfig.so.1.4.4
b76d5000-b771c000 rw-p 00000000 00:00 0 
b7788000-b7789000 rw-p 00000000 00:00 0 
b7789000-b7792000 r--p 00000000 fd:01 1318659    /home/mohamed/.fonts/harabara.ttf
b7792000-b77aa000 r--p 00000000 fd:01 1318683    /home/mohamed/.fonts/leelawad.ttf
b77aa000-b77c2000 r--p 00000000 fd:01 1319012    /home/mohamed/.fonts/leelawdb.ttf
b77c2000-b77c3000 r--s 00000000 fd:01 267393     /var/cache/fontconfig/87f5e051180a7a75f16eb6fe7dbd3749-le32d4.cache-3
b77c3000-b77c9000 r--s 00000000 fd:01 266622     /var/cache/fontconfig/b79f3aaa7d385a141ab53ec885cc22a8-le32d4.cache-3
b77c9000-b77cb000 r--s 00000000 fd:01 268997     /var/cache/fontconfig/0b1bcc92b4d25cc154d77dafe3bceaa0-le32d4.cache-3
b77cb000-b77cd000 r--s 00000000 fd:01 268950     /var/cache/fontconfig/2e1514a9fdd499050989183bb65136db-le32d4.cache-3
b77cd000-b77cf000 r--s 00000000 fd:01 269007     /var/cache/fontconfig/5c755b2f27115486aa6359c84dd3cbda-le32d4.cache-3
b77cf000-b77d0000 r--s 00000000 fd:01 270600     /var/cache/fontconfig/3f821257dd33660ba7bbb45c32deb84c-le32d4.cache-3
b77d0000-b77d2000 r--s 00000000 fd:01 268963     /var/cache/fontconfig/830f035fa84a65ce80e050178dbb630d-le32d4.cache-3
b77d2000-b77d3000 r--s 00000000 fd:01 268975     /var/cache/fontconfig/81a173283b451552b599cfaafd6236bd-le32d4.cache-3
b77d3000-b77d4000 r--s 00000000 fd:01 269032     /var/cache/fontconfig/ac68f755438cc3dc5a526084839fc7ca-le32d4.cache-3
b77d4000-b77d5000 r--s 00000000 fd:01 269028     /var/cache/fontconfig/12513961c6e7090f8648812f9eaf65d6-le32d4.cache-3
b77d5000-b77d7000 r--s 00000000 fd:01 268994     /var/cache/fontconfig/e26bf336397aae6fcef4d3803472adec-le32d4.cache-3
b77d7000-b77d8000 r--s 00000000 fd:01 269019     /var/cache/fontconfig/a5c2dc934fad9bbf30c854216245519d-le32d4.cache-3
b77d8000-b77d9000 r--s 00000000 fd:01 269016     /var/cache/fontconfig/17e60ccdf2eb53b214a9a5d6663eb217-le32d4.cache-3
b77d9000-b77da000 r--s 00000000 fd:01 270598     /var/cache/fontconfig/6fcb01a03a016cc71057b587cdea6709-le32d4.cache-3
b77da000-b77db000 r--s 00000000 fd:01 268978     /var/cache/fontconfig/b887eea8f1b96e1d899b44ed6681fc27-le32d4.cache-3
b77db000-b77dc000 r--s 00000000 fd:01 268957     /var/cache/fontconfig/860639f272b8b4b3094f9e399e41bccd-le32d4.cache-3
b77dc000-b77dd000 r--s 00000000 fd:01 268954     /var/cache/fontconfig/211368abcb0ff835c229ff05c9ec01dc-le32d4.cache-3
b77dd000-b77de000 r--s 00000000 fd:01 268952     /var/cache/fontconfig/c46020d7221988a13df853d2b46304fc-le32d4.cache-3
b77de000-b77df000 r--s 00000000 fd:01 268972     /var/cache/fontconfig/df893b4576ad6107f9397134092c4059-le32d4.cache-3
b77df000-b7814000 rw-p 00000000 00:00 0 
b7814000-b7815000 r--s 00000000 fd:01 268969     /var/cache/fontconfig/900402270e15d763a6e008bb2d4c7686-le32d4.cache-3
b7815000-b7816000 r--s 00000000 fd:01 269025     /var/cache/fontconfig/47f48679023f44a4d1e44699a69464f6-le32d4.cache-3
b7816000-b7817000 r--s 00000000 fd:01 269000     /var/cache/fontconfig/2881ed3fd21ca306ddad6f9b0dd3189f-le32d4.cache-3
b7817000-b7818000 r--s 00000000 fd:01 269003     /var/cache/fontconfig/3c3fb04d32a5211b073874b125d29701-le32d4.cache-3
b7818000-b7819000 r--s 00000000 fd:01 268986     /var/cache/fontconfig/e61abf8156cc476151baa07d67337cae-le32d4.cache-3
b7819000-b781c000 r--s 00000000 fd:01 266540     /var/cache/fontconfig/b67b32625a2bb51b023d3814a918f351-le32d4.cache-3
b781c000-b781d000 r--s 00000000 fd:01 268983     /var/cache/fontconfig/d3379abda271c4acd2ad0c01f565d0b0-le32d4.cache-3
b781d000-b781e000 r--s 00000000 fd:01 268966     /var/cache/fontconfig/b4d0b56f766d89640448751fcd18ec1e-le32d4.cache-3
b781e000-b7825000 r--s 00000000 fd:01 266539     /var/cache/fontconfig/12b26b760a24f8b4feb03ad48a333a72-le32d4.cache-3
b7825000-b782b000 r--s 00000000 fd:01 269022     /var/cache/fontconfig/928306c3ad40271d946e41014a49fc28-le32d4.cache-3
b782b000-b782c000 r--s 00000000 fd:01 266206     /var/cache/fontconfig/3640555adad8a8f6978400293cfce7ab-le32d4.cache-3
b782c000-b7831000 r--s 00000000 fd:01 1319179    /home/mohamed/.fontconfig/d457b820a07d0a8f98c85d1f8afad8f0-le32d4.cache-3
b7831000-b7833000 rw-p 00000000 00:00 0 
bf916000-bf937000 rw-p 00000000 00:00 0          [stack]
Aborted (core dumped)

Expected results:

Clean exit

Additional info:
Comment 1 Mohamed AMAZIRH 2011-10-26 14:12:54 UTC 
Created attachment 530290 [details]
Cprogram to test with
Comment 2 Martin Sourada 2011-11-12 10:51:36 UTC 

*** This bug has been marked as a duplicate of bug 753017 ***