Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Panic: misaligned pointer reference" in rustc 1.70.0 #38

Closed
ruifengx opened this issue Jun 9, 2023 · 3 comments
Closed

"Panic: misaligned pointer reference" in rustc 1.70.0 #38

ruifengx opened this issue Jun 9, 2023 · 3 comments

Comments

@ruifengx
Copy link

ruifengx commented Jun 9, 2023
edited
Loading

I experienced this crash after upgrading rustc to 1.70.0, and I cannot reproduce it using rustc 1.69.0. The crash happens in an iced application (with a dependency on swash 0.1.6).

The full crash log is attached here for your information. It seems there is something wrong about the font parsing process. I tested the application in Windows Sandbox (which comes with only the fonts that Microsoft ships with Windows), so the issue should not be about the custom fonts I installed.

Full crash log 
thread 'main' panicked at 'misaligned pointer dereference: address must be a multiple of 0x2 but is 0x25ace2382a5', $HOME\.cargo\registry\src\mirrors.tuna.tsinghua.edu.cn-df7c3c540f42cdbd\swash-0.1.6\src\internal\parse.rs:452:13
stack backtrace:
   0: std::panicking::begin_panic_handler
             at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library\std\src\panicking.rs:578
   1: core::panicking::panic_fmt
             at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library\core\src\panicking.rs:67
   2: core::panicking::panic_misaligned_pointer_dereference
             at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library\core\src\panicking.rs:174
   3: swash::internal::parse::impl$9::from_be_data_unchecked
             at $HOME\.cargo\registry\src\mirrors.tuna.tsinghua.edu.cn-df7c3c540f42cdbd\swash-0.1.6\src\internal\parse.rs:452
   4: swash::internal::parse::FromBeData::from_be_data
             at $HOME\.cargo\registry\src\mirrors.tuna.tsinghua.edu.cn-df7c3c540f42cdbd\swash-0.1.6\src\internal\parse.rs:424
   5: swash::internal::parse::Bytes::read
             at $HOME\.cargo\registry\src\mirrors.tuna.tsinghua.edu.cn-df7c3c540f42cdbd\swash-0.1.6\src\internal\parse.rs:55
   6: swash::scale::cff::cff::IndexMetadata::unpack
             at $HOME\.cargo\registry\src\mirrors.tuna.tsinghua.edu.cn-df7c3c540f42cdbd\swash-0.1.6\src\scale\cff\cff.rs:1191
   7: swash::scale::cff::cff::Index::new
             at $HOME\.cargo\registry\src\mirrors.tuna.tsinghua.edu.cn-df7c3c540f42cdbd\swash-0.1.6\src\scale\cff\cff.rs:1226
   8: swash::scale::cff::cff::CffProxy::parse
             at $HOME\.cargo\registry\src\mirrors.tuna.tsinghua.edu.cn-df7c3c540f42cdbd\swash-0.1.6\src\scale\cff\cff.rs:92
   9: swash::scale::cff::cff::CffProxy::from_font
             at $HOME\.cargo\registry\src\mirrors.tuna.tsinghua.edu.cn-df7c3c540f42cdbd\swash-0.1.6\src\scale\cff\cff.rs:54
  10: swash::scale::proxy::ScalerProxy::from_font
             at $HOME\.cargo\registry\src\mirrors.tuna.tsinghua.edu.cn-df7c3c540f42cdbd\swash-0.1.6\src\scale\proxy.rs:28
  11: swash::scale::impl$3::new::closure$0<swash::font::FontRef>
             at $HOME\.cargo\registry\src\mirrors.tuna.tsinghua.edu.cn-df7c3c540f42cdbd\swash-0.1.6\src\scale\mod.rs:351
  12: swash::cache::FontCache<swash::scale::proxy::ScalerProxy>::get<swash::scale::proxy::ScalerProxy,swash::scale::impl$3::new::closure_env$0<swash::font::FontRef> >
             at $HOME\.cargo\registry\src\mirrors.tuna.tsinghua.edu.cn-df7c3c540f42cdbd\swash-0.1.6\src\cache.rs:50
  13: swash::scale::ScalerBuilder::new<swash::font::FontRef>
             at $HOME\.cargo\registry\src\mirrors.tuna.tsinghua.edu.cn-df7c3c540f42cdbd\swash-0.1.6\src\scale\mod.rs:349
  14: swash::scale::ScaleContext::builder<swash::font::FontRef>
             at $HOME\.cargo\registry\src\mirrors.tuna.tsinghua.edu.cn-df7c3c540f42cdbd\swash-0.1.6\src\scale\mod.rs:325
  15: cosmic_text::swash::swash_image
             at $HOME\.cargo\git\checkouts\cosmic-text-ea4fb601986df06b\b85d6a4\src\swash.rs:32
  16: cosmic_text::swash::SwashCache::get_image_uncached
             at $HOME\.cargo\git\checkouts\cosmic-text-ea4fb601986df06b\b85d6a4\src\swash.rs:115
  17: glyphon::text_render::TextRenderer::prepare_with_depth<core::iter::adapters::filter_map::FilterMap<core::iter::adapters::zip::Zip<core::slice::iter::Iter<iced_wgpu::layer::text::Text>,core::slice::iter::Iter<u64> >,iced_wgpu::text::impl$0::prepare::closur
             at $HOME\.cargo\git\checkouts\glyphon-70ff9ac92aaa9d8a\f145067\src\text_render.rs:103
  18: glyphon::text_render::TextRenderer::prepare<core::iter::adapters::filter_map::FilterMap<core::iter::adapters::zip::Zip<core::slice::iter::Iter<iced_wgpu::layer::text::Text>,core::slice::iter::Iter<u64> >,iced_wgpu::text::impl$0::prepare::closure_env$1> >
             at $HOME\.cargo\git\checkouts\glyphon-70ff9ac92aaa9d8a\f145067\src\text_render.rs:347
  19: iced_wgpu::text::Pipeline::prepare
             at $HOME\.cargo\git\checkouts\iced-f01cba4d5e61fd0a\fcb1b45\wgpu\src\text.rs:170
  20: iced_wgpu::backend::Backend::prepare_text
             at $HOME\.cargo\git\checkouts\iced-f01cba4d5e61fd0a\fcb1b45\wgpu\src\backend.rs:141
  21: iced_wgpu::backend::Backend::present<alloc::string::String>
             at $HOME\.cargo\git\checkouts\iced-f01cba4d5e61fd0a\fcb1b45\wgpu\src\backend.rs:99
  22: iced_wgpu::window::compositor::present<enum2$<iced_style::theme::Theme>,alloc::string::String>
             at $HOME\.cargo\git\checkouts\iced-f01cba4d5e61fd0a\fcb1b45\wgpu\src\window\compositor.rs:172
  23: iced_renderer::compositor::impl$0::present::closure$0<enum2$<iced_style::theme::Theme>,alloc::string::String>
             at $HOME\.cargo\git\checkouts\iced-f01cba4d5e61fd0a\fcb1b45\renderer\src\compositor.rs:122
  24: iced_graphics::renderer::Renderer<enum2$<iced_renderer::backend::Backend>,enum2$<iced_style::theme::Theme> >::with_primitives<enum2$<iced_renderer::backend::Backend>,enum2$<iced_style::theme::Theme>,enum2$<core::result::Result<tuple$<>,iced_graphics::comp
             at $HOME\.cargo\git\checkouts\iced-f01cba4d5e61fd0a\fcb1b45\graphics\src\renderer.rs:51
  25: iced_renderer::compositor::impl$0::present<enum2$<iced_style::theme::Theme>,alloc::string::String>
             at $HOME\.cargo\git\checkouts\iced-f01cba4d5e61fd0a\fcb1b45\renderer\src\compositor.rs:103
  26: iced_winit::application::run_instance::async_fn$0<iced::application::Instance<bin_data_inspector::App>,iced_futures::backend::null::Executor,enum2$<iced_renderer::compositor::Compositor<enum2$<iced_style::theme::Theme> > > >
             at $HOME\.cargo\git\checkouts\iced-f01cba4d5e61fd0a\fcb1b45\winit\src\application.rs:532
  27: iced_winit::application::run::closure$1<iced::application::Instance<bin_data_inspector::App>,iced_futures::backend::null::Executor,enum2$<iced_renderer::compositor::Compositor<enum2$<iced_style::theme::Theme> > > >
             at $HOME\.cargo\git\checkouts\iced-f01cba4d5e61fd0a\fcb1b45\winit\src\application.rs:251
  28: winit::platform_impl::platform::event_loop::impl$3::run_return::closure$0<tuple$<>,iced_winit::application::run::closure_env$1<iced::application::Instance<bin_data_inspector::App>,iced_futures::backend::null::Executor,enum2$<iced_renderer::compositor::Com
             at $HOME\.cargo\git\checkouts\winit-57d3141eaf559308\ac1ddfe\src\platform_impl\windows\event_loop.rs:260
  29: alloc::boxed::impl$46::call_mut<tuple$<enum2$<winit::event::Event<tuple$<> > >,ref_mut$<enum2$<winit::event_loop::ControlFlow> > >,dyn$<core::ops::function::FnMut<tuple$<enum2$<winit::event::Event<tuple$<> > >,ref_mut$<enum2$<winit::event_loop::ControlFlo
             at /rustc/90c541806f23a127002de5b4038be731ba1458ca\library\alloc\src\boxed.rs:1980
  30: winit::platform_impl::platform::event_loop::runner::impl$3::call_event_handler::closure$0<tuple$<> >
             at $HOME\.cargo\git\checkouts\winit-57d3141eaf559308\ac1ddfe\src\platform_impl\windows\event_loop\runner.rs:250
  31: core::panic::unwind_safe::impl$23::call_once<tuple$<>,winit::platform_impl::platform::event_loop::runner::impl$3::call_event_handler::closure_env$0<tuple$<> > >
             at /rustc/90c541806f23a127002de5b4038be731ba1458ca\library\core\src\panic\unwind_safe.rs:271
  32: std::panicking::try::do_call<core::panic::unwind_safe::AssertUnwindSafe<winit::platform_impl::platform::event_loop::runner::impl$3::call_event_handler::closure_env$0<tuple$<> > >,tuple$<> >
             at /rustc/90c541806f23a127002de5b4038be731ba1458ca\library\std\src\panicking.rs:485
  33: winit::platform_impl::platform::icon::impl$8::clone
  34: std::panicking::try<tuple$<>,core::panic::unwind_safe::AssertUnwindSafe<winit::platform_impl::platform::event_loop::runner::impl$3::call_event_handler::closure_env$0<tuple$<> > > >
             at /rustc/90c541806f23a127002de5b4038be731ba1458ca\library\std\src\panicking.rs:449
  35: std::panic::catch_unwind<core::panic::unwind_safe::AssertUnwindSafe<winit::platform_impl::platform::event_loop::runner::impl$3::call_event_handler::closure_env$0<tuple$<> > >,tuple$<> >
             at /rustc/90c541806f23a127002de5b4038be731ba1458ca\library\std\src\panic.rs:140
  36: winit::platform_impl::platform::event_loop::runner::EventLoopRunner<tuple$<> >::catch_unwind<tuple$<>,tuple$<>,winit::platform_impl::platform::event_loop::runner::impl$3::call_event_handler::closure_env$0<tuple$<> > >
             at $HOME\.cargo\git\checkouts\winit-57d3141eaf559308\ac1ddfe\src\platform_impl\windows\event_loop\runner.rs:157
  37: winit::platform_impl::platform::event_loop::runner::EventLoopRunner<tuple$<> >::call_event_handler<tuple$<> >
             at $HOME\.cargo\git\checkouts\winit-57d3141eaf559308\ac1ddfe\src\platform_impl\windows\event_loop\runner.rs:242
  38: winit::platform_impl::platform::event_loop::runner::EventLoopRunner<tuple$<> >::send_event<tuple$<> >
             at $HOME\.cargo\git\checkouts\winit-57d3141eaf559308\ac1ddfe\src\platform_impl\windows\event_loop\runner.rs:215
  39: winit::platform_impl::platform::event_loop::WindowData<tuple$<> >::send_event<tuple$<> >
             at $HOME\.cargo\git\checkouts\winit-57d3141eaf559308\ac1ddfe\src\platform_impl\windows\event_loop.rs:142
  40: winit::platform_impl::platform::event_loop::public_window_callback_inner::closure$0<tuple$<> >
             at $HOME\.cargo\git\checkouts\winit-57d3141eaf559308\ac1ddfe\src\platform_impl\windows\event_loop.rs:1125
  41: core::ops::function::FnOnce::call_once<winit::platform_impl::platform::event_loop::public_window_callback_inner::closure_env$0<tuple$<> >,tuple$<> >
             at /rustc/90c541806f23a127002de5b4038be731ba1458ca\library\core\src\ops\function.rs:250
  42: core::panic::unwind_safe::impl$23::call_once<isize,winit::platform_impl::platform::event_loop::public_window_callback_inner::closure_env$0<tuple$<> > >
             at /rustc/90c541806f23a127002de5b4038be731ba1458ca\library\core\src\panic\unwind_safe.rs:271
  43: std::panicking::try::do_call<core::panic::unwind_safe::AssertUnwindSafe<winit::platform_impl::platform::event_loop::public_window_callback_inner::closure_env$0<tuple$<> > >,isize>
             at /rustc/90c541806f23a127002de5b4038be731ba1458ca\library\std\src\panicking.rs:485
  44: std::panicking::try::do_catch<core::panic::unwind_safe::AssertUnwindSafe<winit::platform_impl::platform::window::impl$4::on_nccreate::closure_env$0<tuple$<> > >,tuple$<winit::platform_impl::platform::window::Window,winit::platform_impl::platform::event_lo
  45: std::panicking::try<isize,core::panic::unwind_safe::AssertUnwindSafe<winit::platform_impl::platform::event_loop::public_window_callback_inner::closure_env$0<tuple$<> > > >
             at /rustc/90c541806f23a127002de5b4038be731ba1458ca\library\std\src\panicking.rs:449
  46: std::panic::catch_unwind<core::panic::unwind_safe::AssertUnwindSafe<winit::platform_impl::platform::event_loop::public_window_callback_inner::closure_env$0<tuple$<> > >,isize>
             at /rustc/90c541806f23a127002de5b4038be731ba1458ca\library\std\src\panic.rs:140
  47: winit::platform_impl::platform::event_loop::runner::EventLoopRunner<tuple$<> >::catch_unwind<tuple$<>,isize,winit::platform_impl::platform::event_loop::public_window_callback_inner::closure_env$0<tuple$<> > >
             at $HOME\.cargo\git\checkouts\winit-57d3141eaf559308\ac1ddfe\src\platform_impl\windows\event_loop\runner.rs:157
  48: winit::platform_impl::platform::event_loop::public_window_callback_inner<tuple$<> >
             at $HOME\.cargo\git\checkouts\winit-57d3141eaf559308\ac1ddfe\src\platform_impl\windows\event_loop.rs:2320
  49: winit::platform_impl::platform::event_loop::public_window_callback<tuple$<> >
             at $HOME\.cargo\git\checkouts\winit-57d3141eaf559308\ac1ddfe\src\platform_impl\windows\event_loop.rs:994
  50: DispatchMessageW
  51: DispatchMessageW
  52: GetClassLongW
  53: KiUserCallbackDispatcher
  54: NtUserDispatchMessage
  55: DispatchMessageW
  56: winit::platform_impl::platform::event_loop::EventLoop<tuple$<> >::run_return<tuple$<>,iced_winit::application::run::closure_env$1<iced::application::Instance<bin_data_inspector::App>,iced_futures::backend::null::Executor,enum2$<iced_renderer::compositor::
             at $HOME\.cargo\git\checkouts\winit-57d3141eaf559308\ac1ddfe\src\platform_impl\windows\event_loop.rs:282
  57: winit::platform::run_return::impl$0::run_return<tuple$<>,iced_winit::application::run::closure_env$1<iced::application::Instance<bin_data_inspector::App>,iced_futures::backend::null::Executor,enum2$<iced_renderer::compositor::Compositor<enum2$<iced_style:
             at $HOME\.cargo\git\checkouts\winit-57d3141eaf559308\ac1ddfe\src\platform\run_return.rs:51
  58: iced_winit::application::platform::run<tuple$<>,iced_winit::application::run::closure_env$1<iced::application::Instance<bin_data_inspector::App>,iced_futures::backend::null::Executor,enum2$<iced_renderer::compositor::Compositor<enum2$<iced_style::theme::T
             at $HOME\.cargo\git\checkouts\iced-f01cba4d5e61fd0a\fcb1b45\winit\src\application.rs:887
  59: iced_winit::application::run<iced::application::Instance<bin_data_inspector::App>,iced_futures::backend::null::Executor,enum2$<iced_renderer::compositor::Compositor<enum2$<iced_style::theme::Theme> > > >
             at $HOME\.cargo\git\checkouts\iced-f01cba4d5e61fd0a\fcb1b45\winit\src\application.rs:226
  60: iced::application::Application::run<bin_data_inspector::App>
             at $HOME\.cargo\git\checkouts\iced-f01cba4d5e61fd0a\fcb1b45\src\application.rs:208
  61: iced::sandbox::Sandbox::run<bin_data_inspector::App>
             at $HOME\.cargo\git\checkouts\iced-f01cba4d5e61fd0a\fcb1b45\src\sandbox.rs:153

The crash can be consistently reproduced on my PC with the following simple program:

use iced::{Element, Sandbox, Settings};
use iced::widget::TextInput;

struct App;

impl Sandbox for App {
    type Message = ();
    fn new() -> Self { App }
    fn title(&self) -> String { "Swash Crash".to_string() }
    fn update(&mut self, _message: Self::Message) {}
    fn view(&self) -> Element<'_, Self::Message> {
        TextInput::new("Placeholder", "Value").into()
    }
}

fn main() -> iced::Result { App::run(Settings::default()) }

with the following in Cargo.toml configuration (to use iced master):

[dependencies.iced]
git = "https://github.com/iced-rs/iced.git"
rev = "fcb1b454368638209862aeb5db41bc5f7d6d51a7"

I have already filed iced-rs/iced#1905, but I feel that this is more related to swash, so I also file a copy here.
@ruifengx ruifengx changed the title "Panic: misaligned pointer reference" in swash::scale::cff::cff::IndexMetadata::unpack "Panic: misaligned pointer reference" in rustc 1.70.0 Jun 9, 2023
@ruifengx
Copy link
Author

ruifengx commented Jun 9, 2023

Update: this crash cannot be reproduced using the latest version of swash (0.1.8). However, this might still be an interesting case to investigate (if it is not already known), because usually upgrading the compiler should not change program semantics.

@Rodrigodd
Copy link

Appear to be a duplicate of #34.

because usually upgrading the compiler should not change program semantics.

In this case in particular, the program was containing undefined-behaviour, whose semantics may indeed change between versions.

@ruifengx
Copy link
Author

ruifengx commented Jun 9, 2023

Indeed, it looks like the compiler managed to exploit a previously-unnoticed UB. Since it is already known and fixed in the latest version, I will close this issue now. Thanks for your explanation.

@ruifengx ruifengx closed this as completed Jun 9, 2023
@WhyNotHugo WhyNotHugo mentioned this issue Jun 26, 2023
Closed
@yuvadm yuvadm mentioned this issue Mar 3, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Rodrigodd @ruifengx