Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-26124

Segfault in font engine when laying out unexpected characters

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.0.0
    • 5.0.0
    • GUI: Font handling
    • None
    • Ubuntu 10.4
    • 28826fe4631ae06b49bf718c807accab6a6eb89b

    Description

      1. qmake,make the mymodule plugin in the attached app
      2. run QML_IMPORT_PATH=<path to app> qmlscene garbletext.qml
      3. press the top (segfault) button

      The app will segfault. Pressing the bottom button will have the app running random characters, which eventually also crashes.

      The app basically grabs a sequence of QChar(

      {random number <= 8000}

      ) and, if a character category can be recognized, attempts to display them in the qml Text.

      Program received signal SIGSEGV, Segmentation fault.
0xb7616151 in QFontEngineMulti::getGlyphBearings (this=0xb3b13380, glyph=620757477, leftBearing=0x0, rightBearing=0xbfffc6e0) at text/qfontengine.cpp:1491
1491        engine(which)->getGlyphBearings(stripped(glyph), leftBearing, rightBearing);
(gdb) bt
#0  0xb7616151 in QFontEngineMulti::getGlyphBearings (this=0xb3b13380, glyph=620757477, leftBearing=0x0, rightBearing=0xbfffc6e0) at text/qfontengine.cpp:1491
#1  0xb7647cd8 in (anonymous namespace)::LineBreakHelper::adjustRightBearing (this=0xbfffc778, glyph=620757477) at text/qtextlayout.cpp:1665
#2  0xb7647d73 in (anonymous namespace)::LineBreakHelper::adjustPreviousRightBearing (this=0xbfffc778) at text/qtextlayout.cpp:1679
#3  0xb76488bc in QTextLine::layout_helper (this=0xbfffccf0, maxGlyphs=2147483647) at text/qtextlayout.cpp:1832
#4  0xb76478e1 in QTextLine::setLineWidth (this=0xbfffccf0, width=500) at text/qtextlayout.cpp:1564
#5  0xb7e2c2ee in QQuickTextPrivate::setLineGeometry (this=0x80e9df8, line=..., lineWidth=500, height=@0xbfffcce8: 252) at items/qquicktext.cpp:1063
#6  0xb7e2ada1 in QQuickTextPrivate::setupTextLayout (this=0x80e9df8, naturalWidth=0xbfffcf18, baseline=0xbfffcf10) at items/qquicktext.cpp:793
#7  0xb7e295fa in QQuickTextPrivate::updateSize (this=0x80e9df8) at items/qquicktext.cpp:449
#8  0xb7e290a5 in QQuickTextPrivate::updateLayout (this=0x80e9df8) at items/qquicktext.cpp:347
#9  0xb7e2d2e8 in QQuickText::setText (this=0x8124938, n=...) at items/qquicktext.cpp:1432
#10 0xb7f4a1de in QQuickText::qt_metacall (this=0x8124938, _c=QMetaObject::WriteProperty, _id=0, _a=0xbfffd804) at .moc/debug-shared/moc_qquicktext_p.cpp:599
#11 0xb6ca907e in QMetaObject::metacall (object=0x8124938, cl=QMetaObject::WriteProperty, idx=42, argv=0xbfffd804) at kernel/qmetaobject.cpp:306
#12 0xb7baf822 in QV4Bindings::run (this=0x811f4a8, instrIndex=1, executedBlocks=@0x81247bc: 1, context=0x8124b98, error=0x8124798, scope=0x8124938, output=0x8124938, storeFlags=..., table=0x0) at qml/v4/qv4bindings.cpp:2187
#13 0xb7ba8241 in QV4Bindings::run (this=0x811f4a8, binding=0x8124790, flags=...) at qml/v4/qv4bindings.cpp:462
#14 0xb7ba7ae7 in QV4Bindings::subscriptionNotify (this=0x811f4a8, id=1) at qml/v4/qv4bindings.cpp:396
#15 0xb7ba7a59 in QV4BindingsSubscription_callback (e=0x8124c14) at qml/v4/qv4bindings.cpp:383
#16 0xb7b38850 in QQmlNotifier::emitNotify (endpoint=0x8124c14, a=0x0) at qml/qqmlnotifier.cpp:83
#17 0xb7a9044a in QQmlData::signalEmitted (object=0x81246b0, index=37, a=0x0) at qml/qqmlengine.cpp:523
#18 0xb6cdd757 in QMetaObject::activate (sender=0x81246b0, methodOffset=37, signalOffset=28, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3298
#19 0xb7a8bc7a in QQmlVMEMetaObject::activate (this=0x81247d8, object=0x81246b0, index=37, args=0x0) at qml/qqmlvmemetaobject.cpp:1222
#20 0xb7a89bce in QQmlVMEMetaObject::metaCall (this=0x81247d8, c=QMetaObject::WriteProperty, _id=44, a=0xbfffe224) at qml/qqmlvmemetaobject.cpp:719
#21 0xb7a6b081 in QAbstractDynamicMetaObject::metaCall (this=0x81247d8, c=QMetaObject::WriteProperty, _id=44, a=0xbfffe224) at ../../../qtbase/include/QtCore/5.0.0/QtCore/private/../../../../../src/corelib/kernel/qobject_p.h:314
#22 0xb6ca9055 in QMetaObject::metacall (object=0x81246b0, cl=QMetaObject::WriteProperty, idx=44, argv=0xbfffe224) at kernel/qmetaobject.cpp:304
#23 0xb7aabafd in QQmlPropertyPrivate::writeBinding (object=0x81246b0, core=..., context=0x8124b98, expression=0x812221c, result=..., isUndefined=false, flags=...) at qml/qqmlproperty.cpp:1515
#24 0xb7beb00e in QV8Bindings::Binding::update (this=0x812221c, flags=...) at qml/v8/qv8bindings.cpp:176
#25 0xb7beb2f3 in QV8Bindings::Binding::expressionChanged (e=0x812221c) at qml/v8/qv8bindings.cpp:214
#26 0xb7b585a4 in QQmlJavaScriptExpressionGuard_callback (e=0xb3b2bf64) at qml/qqmljavascriptexpression.cpp:376
#27 0xb7b38850 in QQmlNotifier::emitNotify (endpoint=0xb3b2bf64, a=0x0) at qml/qqmlnotifier.cpp:83
#28 0xb7a9044a in QQmlData::signalEmitted (object=0xbffff27c, index=5, a=0x0) at qml/qqmlengine.cpp:523
#29 0xb6cdd757 in QMetaObject::activate (sender=0xbffff27c, methodOffset=5, signalOffset=3, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3298
#30 0xb6cdd606 in QMetaObject::activate (sender=0xbffff27c, m=0x805eca0, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3286
#31 0x08057b5b in tst_QQuickText::mainTextChanged (this=0xbffff27c) at tst_qquicktext.moc:172
#32 0x080572bb in tst_QQuickText::textChanges (this=0xbffff27c) at tst_qquicktext.cpp:147
#33 0x080577dc in tst_QQuickText::qt_static_metacall (_o=0xbffff27c, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0xbfffe8f0) at tst_qquicktext.moc:92
#34 0xb6cac5f3 in QMetaMethod::invoke (this=0xbfffeaa0, object=0xbffff27c, connectionType=Qt::DirectConnection, returnValue=..., val0=..., val1=..., val2=..., val3=..., val4=..., val5=..., val6=..., val7=..., val8=..., val9=...)
    at kernel/qmetaobject.cpp:2085
#35 0xb6cabb2c in QMetaObject::invokeMethod (obj=0xbffff27c, member=0x80b3ad0 "textChanges", type=Qt::DirectConnection, ret=..., val0=..., val1=..., val2=..., val3=..., val4=..., val5=..., val6=..., val7=..., val8=..., val9=...)
    at kernel/qmetaobject.cpp:1408
#36 0xb79f8966 in QMetaObject::invokeMethod (obj=0xbffff27c, member=0x80b3ad0 "textChanges", type=Qt::DirectConnection, val0=..., val1=..., val2=..., val3=..., val4=..., val5=..., val6=..., val7=..., val8=..., val9=...)
    at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs.h:398
#37 0xb79f45a1 in QTest::qInvokeTestMethodDataEntry (slot=0x80b3ad0 "textChanges") at qtestcase.cpp:1631
#38 0xb79f4da3 in QTest::qInvokeTestMethod (slotName=0x80b3f48 "textChanges()", data=0x0) at qtestcase.cpp:1748
#39 0xb79f560a in QTest::qInvokeTestMethods (testObject=0xbffff27c) at qtestcase.cpp:1902
#40 0xb79f5d82 in QTest::qExec (testObject=0xbffff27c, argc=1, argv=0xbffff354) at qtestcase.cpp:2121
#41 0x08057bd4 in main (argc=1, argv=0xbffff354) at tst_qquicktext.cpp:183

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            esabraha Eskil Abrahamsen Blomfeldt
            dajansen Damian Jansen (closed Nokia identity) (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes