RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 998812 - gedit segfaults when loading a certain file
Summary: gedit segfaults when loading a certain file
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: harfbuzz
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Parag Nemade
QA Contact: QE Internationalization Bugs
URL:
Whiteboard:
Depends On: 998667
Blocks: 1164793
TreeView+ depends on / blocked
 
Reported: 2013-08-20 06:31 UTC by Mike FABIAN
Modified: 2014-11-25 11:25 UTC (History)
3 users (show)

Fixed In Version: harfbuzz-0.9.20-4.el7
Doc Type: Bug Fix
Doc Text:
Clone Of: 998667
Environment:
Last Closed: 2014-11-25 11:25:49 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
fix this bug (1.38 KB, patch)
2014-07-10 07:50 UTC, Parag Nemade 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
FreeDesktop.org 75076 0 None None None Never
GNOME Bugzilla 723582 0 None None None Never
Red Hat Product Errata RHBA-2014:1900 0 normal SHIPPED_LIVE harfbuzz bug fix update 2014-11-25 16:25:39 UTC

Comment 2 Ray Strode [halfline] 2014-01-28 19:45:37 UTC 
This seems to be a pango issue.  the invalid write happens in the pango_glyph_item_get_logical_widths function.  The function expects the array that's passed in to be item->num_chars * sizeof(int) big (as specified in the documentation), and the caller (PangoLayout) is making the array that's passed in that size, but it then goes and writes an entry one element passed that in the array.  The implementation never looks at item->num_chars directly, but through some helpers for iterating over the glyphs. I suppose some invariant has been broken (or something).

reassigning to pango for further analysis by the pango maintainer.
Comment 3 Akira TAGOH 2014-02-14 05:26:43 UTC 
This seems introduced by the negative values in log_clusters array at PangoGlyphString, where is came from hg_glyph->cluster - item_offset in basic_engine_shape in basic-fc.c. in this case hb_glyph->cluster points to 0 even though it isn't a first cluster.

This seems fixed in the harfbuzz git at least.

Reassigning to harfbuzz
Comment 4 RHEL Program Management 2014-03-22 06:41:26 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 5 Akira TAGOH 2014-06-02 06:31:09 UTC 
This seems fixed in harfbuzz upstream.
Comment 9 Parag Nemade 2014-07-10 07:50:16 UTC 
Created attachment 917005 [details]
fix this bug
Comment 10 Parag Nemade 2014-07-15 06:11:03 UTC 
the upstream patch link is http://cgit.freedesktop.org/harfbuzz/commit/?id=6ae13f257c3986517c097fa666ab9f58bdc918b5 which is same what we want to use for this bug.
Comment 11 Parag Nemade 2014-08-18 09:01:50 UTC 
built the fix in harfbuzz-0.9.20-4.el7
Comment 15 errata-xmlrpc 2014-11-25 11:25:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2014-1900.html
Note You need to log in before you can comment on or make changes to this bug.