Mike FABIAN wrote: > For details see: > > http://bugzilla.novell.com/show_bug.cgi?id=128080 > > This bugreport also has a backtrace attached (comment #10). > > Until now I don't know a easy way to reproduce the problem, it occurs > "sometimes" and goes away by calling "fc-cache -f" as root. > I.e. I guess there is something wrong with the cache files. > > I have started debugging this but until now I only found that > it crashes in fccharset.c in > > FcCharSet * > FcCharSetCopy (FcCharSet *src) > { > if (src->ref != FC_REF_CONSTANT) > src->ref++; > return src; > } > > > when src->ref happens to be 0 (which is != FC_REF_CONSTANT) > and then tries to execute > > src->ref++; > > which won't work because "src" is v.u.c where v is of type FcValue and > FcCharSet is "const" in that union (fontconfig.h), therefore it cannot > be incremented: The constness is not a problem, since that's cast away. However, the problem might be that the charset is in mmapped space and therefore ref can't be incremented. But that's strange, because mmapped charsets should always have ref set to -1. Also, the backtrace seems to point to line 359, which is the statement just after the increment. However, v.u.c just seems to be not an address ('address 0x2aaaad90c4ef out of bounds') I notice that this is occuring on x86_64, which may be somewhat relevant. If you can reproduce this problem, there are two pieces of information which would be useful. 1) step up to fclist.c:431 and print v there, before canonicalization. 2) also print charsets[0]. Hmm, let's put an assert there too. Try this patch (to see if the cache files themselves are corrupted in a simple way) and tell me if you can make it abort. I don't think that'll happen; I think the corruption is elsewhere. diff -u -r1.25.4.4 fccharset.c --- src/fccharset.c 22 Sep 2005 23:45:53 -0000 1.25.4.4 +++ src/fccharset.c 25 Oct 2005 14:46:42 -0000 @@ -1406,6 +1406,7 @@ FcCharSetUnserialize (FcCache metadata, void *block_ptr) { int bi = FcCacheBankToIndex(metadata.bank); + int i; if (!FcCharSetEnsureBank(bi)) return 0; @@ -1422,6 +1423,10 @@ block_ptr = (void *)((char *)block_ptr + (sizeof(int) * metadata.charset_leaf_idx_count)); + for (i = 0; i < metadata.charset_count; i++) + if (charsets[bi][i].ref != FC_REF_CONSTANT) + abort(); + return block_ptr; } pat
