QT+Xft fonts problem (kde crash). Analyzed. Need help with fix.

Denis Vlasenko vda at port.imtp.ilyichevsk.odessa.ua
Mon Apr 22 11:56:49 BST 2002 

Anybody willing to help please read on to the 'instrumenting patch'
part of this mail.

kde3, X 4.2.0, kwin and other kde apps SIGSEGVing at startup.
I gdb'ed kwin crash (my first gdb session ever).
Synopsis: call sequence in kwin leading to NULL ptr dereference
(contact me directly for gory details).
Here is how it happens:

XftPattern *QFontPrivate::findXftFont(const QChar &sample, bool *exact) const
{
    // look for foundry/family
    QString familyName;
    QString foundryName;
    QFontDatabase::parseFontName(request.family, foundryName, familyName);
    XftPattern *match = bestXftPattern(familyName, foundryName);
    match = checkXftFont( match, familyName, sample );  <-- match==0
...
static XftPattern *checkXftFont( XftPattern *match,
                const QString &familyName, const QChar &sample ){
    char * family_value;
    XftPatternGetString (match, XFT_FAMILY, 0, &family_value);  <-- match==0
...
XftResult
XftPatternGetString (XftPattern *p, const char *object, int id, char **s)
{
    XftValue    v;
    XftResult   r;
    r = XftPatternGet (p, object, id, &v);  <-- p==0
...
XftResult
XftPatternGet (XftPattern *p, const char *object, int id, XftValue *v)
{
    XftPatternElt   *e;
    XftValueList    *l;
    e = XftPatternFind (p, object, False);  <-- p==0
...
XftPatternElt*
XftPatternFind(XftPattern *p, const char *object, Bool insert)
{
    int             i;
    int             s;
    XftPatternElt   *e;

    /* match existing */
    for (i = 0; i < p->num; i++)      <-- p==0: SIGSEGV
    {
        if (!_XftStrCmpIgnoreCase (object, p->elts[i].object))
            return &p->elts[i];
    }


I hope some QT wizards know whether it is valid to return NULL from
bestXftPattern() or not and where fix should go:

- fix bestXftPattern() to never return NULL
or
- fix callers to check for NULL


BTW, I instrumented Qt to see what font it tries to find.
I'd be grateful if anybody will recompile Qt with this and
send me output of startkde along with X config and xlsfonts output.

--- qfont_x11.cpp.orig	Sun Apr 21 21:23:29 2002
+++ qfont_x11.cpp	Sun Apr 21 21:33:35 2002
@@ -1328,6 +1328,7 @@
 static XftPattern *checkXftFont( XftPattern *match, const QString &familyName, const QChar &sample )
 {
     char * family_value;
+    qDebug("checkXftFont(): match=0x%08x",int(match)); //vda
     XftPatternGetString (match, XFT_FAMILY, 0, &family_value);
     QString fam = family_value;
     //qDebug("got family %s for request %s", fam.latin1(), familyName.latin1() );
@@ -1368,6 +1369,11 @@

     QFontDatabase::parseFontName(request.family, foundryName, familyName);
     XftPattern *match = bestXftPattern(familyName, foundryName);
+
+    //vda:
+    qDebug("bestXftPattern(familyName='%s', foundryName='%s')==0x%08x",
+	familyName.latin1(), foundryName.latin1(), int(match)
+    );

     match = checkXftFont( match, familyName, sample );

-----------
adn now I see: (visually grep for "  ******************** here we fail")

kdeinit: Launched DCOPServer, pid = 16746 result = 0
DCOP: register 'anonymous-16746' -> number of clients is now 1
DCOPServer up and running.
DCOP: unregister 'anonymous-16746'
kdeinit: Launched KLauncher, pid = 16750 result = 0
DCOP: register 'klauncher' -> number of clients is now 1
DCOP: unregister 'klauncher'
DCOP: register 'klauncher' -> number of clients is now 1
DCOP: register 'anonymous-16750' -> number of clients is now 2
DCOP: new daemon klauncher
DCOP: unregister 'anonymous-16750'
kdeinit: Launched KDED, pid = 16752 result = 0
DCOP: register 'kded' -> number of clients is now 1
DCOP: unregister 'kded'
DCOP: register 'kded' -> number of clients is now 1
DCOP: register 'anonymous-16752' -> number of clients is now 2
kio (KDirWatch): Available methods: Stat
kio (KDirWatch): Added Dir /.share/root/.kde/share/servicetypes [KDirWatch-1]
kio (KDirWatch): Global Poll Freq is now 500 msec
kio (KDirWatch):  Started Polling Timer, freq 500
kio (KDirWatch):  Setup Stat (freq 500) for /.share/root/.kde/share/servicetypes
kio (KDirWatch): Added Dir /.share/usr/app/kde-3.0.0/share/servicetypes [KDirWatch-1]
<---snip--->
kio (KDirWatch): Added Dir /.share/usr/app/kde-3.0.0/share/services/searchproviders [KDirWatch-1]
kio (KDirWatch):  Setup Stat (freq 500) for /.share/usr/app/kde-3.0.0/share/services/searchproviders
DCOP: register 'anonymous-16753' -> number of clients is now 3
kio (KLauncher): KLauncher: Got kdeinit_exec_wait('kbuildsycoca', ...)
kdeinit: Got EXEC_NEW 'kbuildsycoca' from launcher.
kio (KLauncher): kbuildsycoca (pid 16754) up and running.
DCOP: register 'kbuildsycoca' -> number of clients is now 4
DCOP: register 'anonymous-16754' -> number of clients is now 5
kbuildsycoca: checking file timestamps
kbuildsycoca: timestamps check ok
DCOP: unregister 'anonymous-16754'
DCOP: unregister 'kbuildsycoca'
kdeinit: PID 16754 terminated.
DCOP: unregister 'anonymous-16753'
bestXftPattern(familyName='helvetica', foundryName='(null)')==0x00000000
checkXftFont(): match=0x00000000  ******************** here we fail
KCrash: crashing.... crashRecursionCounter = 2
KCrash: Application Name = kded path = <unknown> pid = 16753
DCOP aborting call from 'anonymous-16752' to 'kded'
DCOP: unregister 'kded'
ERROR: KUniqueApplication: DCOP communication error!
kdeinit: PID 16752 terminated.
kdeinit: opened connection to :0.0
DCOP: unregister 'anonymous-16752'
DCOP: register 'kwin-16742' -> number of clients is now 1
bestXftPattern(familyName='helvetica', foundryName='(null)')==0x00000000
checkXftFont(): match=0x00000000  ******************** here we fail
KCrash: crashing.... crashRecursionCounter = 2
KCrash: Application Name = kwin path = <unknown> pid = 16742
DCOP: unregister 'kwin-16742'
bestXftPattern(familyName='helvetica', foundryName='(null)')==0x00000000
checkXftFont(): match=0x00000000  ******************** here we fail
bestXftPattern(familyName='helvetica', foundryName='(null)')==0x00000000
checkXftFont(): match=0x00000000  ******************** here we fail
DCOPServer : slotTerminate() -> sending terminateKDE signal.
klauncher: KLauncher::process ---> terminateKDE
Mutex destroy failure: Device or resource busy
kdeinit: terminate KDE.
kdeinit: Fatal IO error: client killed
kdeinit: sending SIGHUP to children.
DCOP: unregister 'klauncher'
kdeinit: sending SIGTERM to children.
kdeinit: Exit.
--
vda
___________________________________________________
This message is from the kde mailing list.
Account management:  http://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.

More information about the kde mailing list