892359 – segfault in pango_font_description_hash()

Bug 892359 - segfault in pango_font_description_hash()

Summary: segfault in pango_font_description_hash()

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gtk3
Sub Component:
Version:	18
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Matthias Clasen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (12):	892082 892088 892107 892167 892183 892189 892216 892224 892225 892347 892368 892776 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-01-06 21:08 UTC by Kamil Páral
Modified:	2013-01-11 23:40 UTC (History)
CC List:	19 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-01-11 23:40:01 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
GNOME Bugzilla	691186	0	None	None	None	Never
Red Hat Bugzilla	892088	0	unspecified	CLOSED	[abrt] evolution-3.6.2-3.fc18: case_insensitive_hash: Process /usr/bin/evolution was killed by signal 11 (SIGSEGV)	2021-02-22 00:41:40 UTC

Internal Links: 892088

Description Kamil Páral 2013-01-06 21:08:15 UTC

Description of problem:
Recently the transmission application started to either crash or display graphical glitches. If I try to open any dialog (application preferences, torrent details), one of these three things happen at random:
1) dialog is displayed fine
2) application crashes
3) I see a large black rectangle of huge proportions (e.g. 10000x10000 px). If I shrink the black rectangle to a reasonable size, it redraws into a working dialog. It is black in those huge proportions probably because my Intel video card can't render such large windows.

When it crashes, I see this in dmesg:

> transmission-gt[1948]: segfault at 1 ip 000000322fa14443 sp 00007fff45fb16a8 error 4 in libpango-1.0.so.0.3200.3[322fa00000+49000]

Abrt doesn't kick in, so I enabled coredump creation manually and extracted the backtrace. It seems to be a crash in pango:

> (gdb) bt
> #0  0x000000322fa14443 in pango_font_description_hash () from /lib64/libpango-1.0.so.0
> #1  0x000000322f2094d9 in pango_fc_fontset_key_hash () from /lib64/libpangoft2-1.0.so.0
> #2  0x00000038af637c99 in g_hash_table_lookup () from /lib64/libglib-2.0.so.0
> #3  0x000000322f20a8be in pango_fc_font_map_load_fontset () from /lib64/libpangoft2-1.0.so.0
> #4  0x00007fed50a9c851 in pk_pango_fc_font_map_load_fontset () from /usr/lib64/gtk-3.0/modules/libpk-gtk-module.so
> #5  0x000000322fa1a791 in itemize_state_process_run () from /lib64/libpango-1.0.so.0
> #6  0x000000322fa1ab3a in itemize_with_font.constprop.4 () from /lib64/libpango-1.0.so.0
> #7  0x000000322fa1b593 in pango_context_get_metrics () from /lib64/libpango-1.0.so.0
> #8  0x00000039312f0649 in gtk_combo_box_get_preferred_width () from /lib64/libgtk-3.so.0
> #9  0x000000393140ac5a in compute_size_for_orientation () from /lib64/libgtk-3.so.0
> #10 0x00000039312b5685 in gtk_box_get_size () from /lib64/libgtk-3.so.0
> #11 0x000000393140ac5a in compute_size_for_orientation () from /lib64/libgtk-3.so.0
> #12 0x000000393135849e in gtk_grid_request_run () from /lib64/libgtk-3.so.0
> #13 0x00000039313587ad in gtk_grid_get_size () from /lib64/libgtk-3.so.0
> #14 0x000000393140ac5a in compute_size_for_orientation () from /lib64/libgtk-3.so.0
> #15 0x00000039313b8f0d in gtk_notebook_size_request () from /lib64/libgtk-3.so.0
> #16 0x000000393140ac5a in compute_size_for_orientation () from /lib64/libgtk-3.so.0
> #17 0x00000039312b5685 in gtk_box_get_size () from /lib64/libgtk-3.so.0
> #18 0x000000393140ac5a in compute_size_for_orientation () from /lib64/libgtk-3.so.0
> #19 0x00000039314cf02a in gtk_window_get_preferred_width () from /lib64/libgtk-3.so.0
> #20 0x000000393140ac5a in compute_size_for_orientation () from /lib64/libgtk-3.so.0
> #21 0x000000393140b28e in gtk_widget_get_preferred_size () from /lib64/libgtk-3.so.0
> #22 0x00000039314cff10 in gtk_window_compute_configure_request () from /lib64/libgtk-3.so.0
> #23 0x00000039314d22c1 in gtk_window_show () from /lib64/libgtk-3.so.0
> #24 0x00000038afa0f910 in g_closure_invoke () from /lib64/libgobject-2.0.so.0
> #25 0x00000038afa20633 in signal_emit_unlocked_R () from /lib64/libgobject-2.0.so.0
> #26 0x00000038afa28c8d in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0
> #27 0x00000038afa28de2 in g_signal_emit () from /lib64/libgobject-2.0.so.0
> #28 0x00000039314c7239 in gtk_widget_show () from /lib64/libgtk-3.so.0
> #29 0x00000000004310b6 in show_details_dialog_for_selected_torrents (data=0x7fff45fb4460) at main.c:173
> #30 gtr_actions_handler (action_name=<optimized out>, user_data=0x7fff45fb4460) at main.c:1540
> #31 0x00000038afa0f910 in g_closure_invoke () from /lib64/libgobject-2.0.so.0
> #32 0x00000038afa20d08 in signal_emit_unlocked_R () from /lib64/libgobject-2.0.so.0
> #33 0x00000038afa28c8d in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0
> #34 0x00000038afa28de2 in g_signal_emit () from /lib64/libgobject-2.0.so.0
> #35 0x000000393129a838 in _gtk_action_emit_activate () from /lib64/libgtk-3.so.0
> #36 0x000000393146bec9 in button_clicked () from /lib64/libgtk-3.so.0
> #37 0x00000038afa0fbd7 in _g_closure_invoke_va () from /lib64/libgobject-2.0.so.0
> #38 0x00000038afa283a8 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0
> #39 0x00000038afa28de2 in g_signal_emit () from /lib64/libgobject-2.0.so.0
> #40 0x00000039312c1118 in gtk_real_button_released () from /lib64/libgtk-3.so.0
> #41 0x00000038afa0f910 in g_closure_invoke () from /lib64/libgobject-2.0.so.0
> #42 0x00000038afa20633 in signal_emit_unlocked_R () from /lib64/libgobject-2.0.so.0
> #43 0x00000038afa28c8d in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0
> #44 0x00000038afa28de2 in g_signal_emit () from /lib64/libgobject-2.0.so.0
> #45 0x00000039312bfe83 in gtk_button_button_release () from /lib64/libgtk-3.so.0
> #46 0x000000393138edef in _gtk_marshal_BOOLEAN__BOXEDv () from /lib64/libgtk-3.so.0
> #47 0x00000038afa0fbd7 in _g_closure_invoke_va () from /lib64/libgobject-2.0.so.0
> #48 0x00000038afa283a8 in g_signal_emit_valist () from /lib64/libgobject-2.0.so.0
> #49 0x00000038afa28de2 in g_signal_emit () from /lib64/libgobject-2.0.so.0
> #50 0x00000039314bccde in gtk_widget_event_internal () from /lib64/libgtk-3.so.0
> #51 0x000000393138ccee in propagate_event () from /lib64/libgtk-3.so.0
> #52 0x000000393138e9b3 in gtk_main_do_event () from /lib64/libgtk-3.so.0
> #53 0x0000003931a4a822 in gdk_event_source_dispatch () from /lib64/libgdk-3.so.0
> #54 0x00000038af647a75 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
> #55 0x00000038af647da8 in g_main_context_iterate.isra.24 () from /lib64/libglib-2.0.so.0
> #56 0x00000038af647e64 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
> #57 0x00000038b0e9a7ec in g_application_run () from /lib64/libgio-2.0.so.0
> #58 0x0000000000421759 in main (argc=1, argv=0x7fff45fb4758) at main.c:668

I have the core file available if it helps.

I tried to downgrade transmission, xorg-x11-server-Xorg, xorg-x11-drv-intel, but nothing helps. I can't downgrade pango, it's the only version available in F18.

But I believe I have used transmission quite a few times some weeks ago and I never saw this problem.

Version-Release number of selected component (if applicable):
pango-1.32.3-1.fc18.x86_64
transmission-gtk-2.75-1.fc18.x86_64
xorg-x11-drv-intel-2.20.17-1.fc18.x86_64
xorg-x11-server-Xorg-1.13.1-1.fc18.x86_64

How reproducible:
easily

Steps to Reproduce:
1. start transmission
2. if you have some torrent, select it and repeat: open its properties window, close it, open it again, close it, ...
3. alternatively you can do the same with transmission preferences window
4. after a few attempts you should see either a big black rectangle covering the whole screen or program crash

Comment 1 Kamil Páral 2013-01-06 21:19:13 UTC

I found the problem, it's this bug:

https://bugzilla.gnome.org/show_bug.cgi?id=691186

I can confirm that transmission doesn't crash with gtk3-3.6.2-1.fc18.x86_64, but does crash with gtk3-3.6.3-1.fc18.x86_64.

Reassigning to gtk3.

Comment 2 Fedora Update System 2013-01-07 13:42:19 UTC

gtk3-3.6.4-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/FEDORA-2013-0166/gtk3-3.6.4-1.fc18

Comment 3 Milan Crha 2013-01-07 14:14:57 UTC

*** Bug 892088 has been marked as a duplicate of this bug. ***

Comment 4 Cosimo Cecchi 2013-01-07 20:03:59 UTC

*** Bug 892224 has been marked as a duplicate of this bug. ***

Comment 5 Fedora Update System 2013-01-07 21:19:19 UTC

Package gtk3-3.6.4-1.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing gtk3-3.6.4-1.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-0166/gtk3-3.6.4-1.fc18
then log in and leave karma (feedback).

Comment 6 Jirka Klimes 2013-01-08 11:14:17 UTC

*** Bug 892183 has been marked as a duplicate of this bug. ***

Comment 7 Jirka Klimes 2013-01-08 11:17:40 UTC

*** Bug 892776 has been marked as a duplicate of this bug. ***

Comment 8 Jirka Klimes 2013-01-08 11:20:27 UTC

*** Bug 892368 has been marked as a duplicate of this bug. ***

Comment 9 Jirka Klimes 2013-01-08 11:24:21 UTC

*** Bug 892225 has been marked as a duplicate of this bug. ***

Comment 10 Jirka Klimes 2013-01-08 11:25:44 UTC

*** Bug 892167 has been marked as a duplicate of this bug. ***

Comment 11 Jirka Klimes 2013-01-08 11:29:26 UTC

*** Bug 892082 has been marked as a duplicate of this bug. ***

Comment 12 Jirka Klimes 2013-01-08 11:31:26 UTC

*** Bug 892107 has been marked as a duplicate of this bug. ***

Comment 13 Jirka Klimes 2013-01-08 11:33:24 UTC

*** Bug 892347 has been marked as a duplicate of this bug. ***

Comment 14 Jirka Klimes 2013-01-08 11:36:16 UTC

*** Bug 892189 has been marked as a duplicate of this bug. ***

Comment 15 Jirka Klimes 2013-01-08 11:39:09 UTC

*** Bug 892216 has been marked as a duplicate of this bug. ***

Comment 16 Kamil Páral 2013-01-08 12:43:34 UTC

gtk3-3.6.3-1.fc18 (the broken one) never entered stable repository, therefore it doesn't make sense to propose it as a blocker. Removing blocker nomination. Please put it back if there is another reason for blocker status. Thanks.

Comment 17 sciamp 2013-01-08 13:48:10 UTC

Open evolution (mail view) go to Edit > Preferences
BOOM!


backtrace_rating: 4
Package: evolution-3.6.2-3.fc18
OS Release: Fedora release 18 (Spherical Cow)

Comment 18 Richard Monk 2013-01-08 14:49:10 UTC

Just trying to start it.

backtrace_rating: 4
Package: evolution-3.6.2-3.fc18
OS Release: Fedora release 18 (Spherical Cow)

Comment 19 Richard Monk 2013-01-08 14:56:54 UTC

(In reply to comment #18)
> Just trying to start it.
> 
> backtrace_rating: 4
> Package: evolution-3.6.2-3.fc18
> OS Release: Fedora release 18 (Spherical Cow)

updating to the updates-testing gtk3 solved my issue.

Comment 20 Bill Sanford 2013-01-08 19:50:15 UTC

I wanted to edit the profile preferences of the Terminal and got a crash.

backtrace_rating: 4
Package: gnome-terminal-3.6.1-1.fc18
OS Release: Fedora release 18 (Spherical Cow)

Comment 21 Bill Sanford 2013-01-08 20:03:11 UTC

I was using gtk3-3.6.3-1.fc18.x86_64 and that was causing the issue.

I upgraded to 3.6.4 and the issue is no more.

Comment 22 Adam Williamson 2013-01-08 21:32:15 UTC

For the record - for anyone concerned about F18 release, the bad gtk3, 3.6.3, was never in the stable repo and is not in any of the F18 composes, so this bug does not block release. The bad gtk3 has only ever been in updates-testing and will never make it out, since it's been superseded by 3.6.4. Please don't mark this bug or any of its dupes as release blockers. Thanks!

Comment 23 Fedora Update System 2013-01-11 23:40:04 UTC

gtk3-3.6.4-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.