FontForge 2019-08-01 / Mac OS X (10.14.6) Crashes #3877
Labels
Projects
Comments
|
Have you tried running the latest package from https://dl.bintray.com/fontforge/fontforge? |
|
No - but I will when I get back from work. ;-D
… On 15 Aug 2019, at 11:28, Jeremy Tan ***@***.***> wrote:
Have you tried running the latest package from dl.bintray.com/fontforge/fontforge?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
ping |
|
pong!
.... and now I’m on holiday - but it will happen
…Sent from my iPhone
On 26 Aug 2019, at 10:12, Jeremy Tan ***@***.***> wrote:
ping
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
On 15 Aug 2019, at 11:28, Jeremy Tan ***@***.***> wrote:
Have you tried running the latest package from dl.bintray.com/fontforge/fontforge?
Thanks for your patience.
Here are two crash reports - both of them within minutes of each other.
This is using the build FontForge-2019-08-24-efb1bd1.app.dmg <http://dl.bintray.com/fontforge/fontforge/:FontForge-2019-08-24-efb1bd1.app.dmg>
As I said before, I have quite a deep dependency tree on the font I was working on here - which causes slow downs - but it doesn’t seem to be that - the slowdowns eventually catch up.
I will try working on a new / fresh font and seeing if I get the same issues.
Crash 001
Process: fontforge [17673]
Path: /Applications/FontForge.app/Contents/Resources/opt/local/bin/fontforge
Identifier: net.sourceforge.fontforge
Version: Version 20190801 (20190801)
Code Type: X86-64 (Native)
Parent Process: ??? [17663]
Responsible: fontforge [17673]
User ID: 501
Date/Time: 2019-08-27 13:24:58.796 +0100
OS Version: Mac OS X 10.14.6 (18G87)
Report Version: 12
Bridge OS Version: 3.6 (16P6568)
Anonymous UUID: 3D8C0BEB-B1EA-7750-6F46-81074672117A
Sleep/Wake UUID: E1909158-DD7C-45C1-836B-C94FD85C5D75
Time Awake Since Boot: 790000 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00007fff00000030
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [17673]
VM Regions Near 0x7fff00000030:
Stack 00007ffeeee54000-00007ffeef654000 [ 8192K] rw-/rwx SM=SHM thread 0
--> Submap 00007fff00000000-00007fff80000000 [ 2.0G] r--/rwx SM=SHM machine-wide VM submap
unused shlib __TEXT 00007fff238e5000-00007fff23d1a000 [ 4308K] r-x/r-x SM=COW system shared lib __TEXT not used by this process
ID Vend/Dev
7030 67df1002
Seconds Ago ID Type
790000.0 7030 Attach
Application Specific Information:
objc_msgSend() selector name: release
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libobjc.A.dylib 0x00007fff59a1069d objc_msgSend + 29
1 com.apple.Foundation 0x00007fff3150e550 -[_NSXPCInterfaceMethodInfo dealloc] + 47
2 com.apple.CoreFoundation 0x00007fff2f26ac03 __CFBasicHashDrain + 346
3 com.apple.CoreFoundation 0x00007fff2f397ddb _CFRelease + 236
4 com.apple.Foundation 0x00007fff3150e4fb -[_NSXPCInterfaceInfo dealloc] + 44
5 com.apple.Foundation 0x00007fff3150e4aa -[NSXPCInterface dealloc] + 36
6 com.apple.Foundation 0x00007fff31507988 -[_NSXPCConnectionExportedObjectTable setInterface:forProxyNumber:] + 139
7 com.apple.HIToolbox 0x00007fff2e7585af -[IMKInputSession finishSession] + 851
8 com.apple.HIToolbox 0x00007fff2e709961 IMKInputSessionDealloc + 43
9 com.apple.HIToolbox 0x00007fff2e7098d8 __TSMInputMethodInstanceDeallocate + 119
10 com.apple.CoreFoundation 0x00007fff2f397daf _CFRelease + 192
11 com.apple.HIToolbox 0x00007fff2e6fe76a utCloseSelectedInputMethodInDoc + 259
12 com.apple.CoreFoundation 0x00007fff2f2c60de CFArrayApplyFunction + 66
13 com.apple.HIToolbox 0x00007fff2e569fba utCloseAllSelectedIMInDoc + 137
14 com.apple.HIToolbox 0x00007fff2e569c99 MyDeleteTSMDocument + 230
15 com.apple.AppKit 0x00007fff2d280d23 ___NSMainRunLoopPerformBlockInModes_block_invoke + 25
16 com.apple.CoreFoundation 0x00007fff2f2d3764 __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 12
17 com.apple.CoreFoundation 0x00007fff2f296e87 __CFRunLoopDoBlocks + 394
18 com.apple.CoreFoundation 0x00007fff2f2965a6 __CFRunLoopRun + 1174
19 com.apple.CoreFoundation 0x00007fff2f295ebe CFRunLoopRunSpecific + 455
20 com.apple.HIToolbox 0x00007fff2e4f51ab RunCurrentEventLoopInMode + 292
21 com.apple.HIToolbox 0x00007fff2e4f4ded ReceiveNextEventCommon + 355
22 com.apple.HIToolbox 0x00007fff2e4f4c76 _BlockUntilNextEventMatchingListInModeWithFilter + 64
23 com.apple.AppKit 0x00007fff2c88d79d _DPSNextEvent + 1135
24 com.apple.AppKit 0x00007fff2c88c48b -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1361
25 libgdk-3.0.dylib 0x000000010183effc poll_func + 172
26 libglib-2.0.0.dylib 0x0000000101be3c37 g_main_context_iterate + 343
27 libglib-2.0.0.dylib 0x0000000101be3d14 g_main_context_iteration + 100
28 fontforge 0x0000000100745a8d GGDKDrawEventLoop + 141
29 fontforge 0x000000010070fd9e fontforge_main + 5534
30 libdyld.dylib 0x00007fff5b1ec3d5 start + 1
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x0000000000000018 rbx: 0x00007fb61d9ac1f0 rcx: 0x0100000000000000 rdx: 0x0040000000000000
rdi: 0x00007fb61d9ad780 rsi: 0x00007fff2d410a3e rbp: 0x00007ffeef6517d0 rsp: 0x00007ffeef651798
r8: 0x0000000000000001 r9: 0x00007fb61d9d20c0 r10: 0x00007fff00000018 r11: 0x00007fff2d410a3e
r12: 0x00000000a7baadb1 r13: 0x00000000000000bf r14: 0x00007fff2d410a3e r15: 0x00007fff59a10680
rip: 0x00007fff59a1069d rfl: 0x0000000000010206 cr2: 0x00007fff00000030
Logical CPU: 0
Error Code: 0x00000004
Trap Number: 14
Crash 002
Process: fontforge [17717]
Path: /Applications/FontForge.app/Contents/Resources/opt/local/bin/fontforge
Identifier: net.sourceforge.fontforge
Version: Version 20190801 (20190801)
Code Type: X86-64 (Native)
Parent Process: ??? [17707]
Responsible: fontforge [17717]
User ID: 501
Date/Time: 2019-08-27 13:49:31.053 +0100
OS Version: Mac OS X 10.14.6 (18G87)
Report Version: 12
Bridge OS Version: 3.6 (16P6568)
Anonymous UUID: 3D8C0BEB-B1EA-7750-6F46-81074672117A
Sleep/Wake UUID: E1909158-DD7C-45C1-836B-C94FD85C5D75
Time Awake Since Boot: 790000 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00007fff00000048
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [17717]
VM Regions Near 0x7fff00000048:
Stack 00007ffee8abe000-00007ffee92be000 [ 8192K] rw-/rwx SM=SHM thread 0
--> Submap 00007fff00000000-00007fff80000000 [ 2.0G] r--/rwx SM=SHM machine-wide VM submap
unused shlib __TEXT 00007fff238e5000-00007fff23d1a000 [ 4308K] r-x/r-x SM=COW system shared lib __TEXT not used by this process
ID Vend/Dev
7030 67df1002
Seconds Ago ID Type
790000.0 7030 Attach
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libobjc.A.dylib 0x00007fff59a1264c objc_release + 28
1 com.apple.CoreFoundation 0x00007fff2f273ebd cow_cleanup + 118
2 com.apple.CoreFoundation 0x00007fff2f273e22 -[__NSArrayM dealloc] + 45
3 com.apple.CoreGraphics 0x00007fff2f6cba22 converter_finalize + 74
4 com.apple.CoreFoundation 0x00007fff2f397ddb _CFRelease + 236
5 com.apple.CoreGraphics 0x00007fff2f6cb9ba cache_entry_release + 34
6 com.apple.CoreGraphics 0x00007fff2f6cb969 cache_finalize + 27
7 com.apple.CoreFoundation 0x00007fff2f397ddb _CFRelease + 236
8 com.apple.CoreGraphics 0x00007fff2f6cb943 color_transform_base_finalize + 23
9 com.apple.CoreFoundation 0x00007fff2f397ddb _CFRelease + 236
10 com.apple.CoreGraphics 0x00007fff2f6cb743 color_transform_finalize + 87
11 com.apple.CoreGraphics 0x00007fff2f6b65c0 color_transform_retain_count + 93
12 com.apple.CoreFoundation 0x00007fff2f397e9b _CFRelease + 428
13 com.apple.CoreGraphics 0x00007fff2f6cb4ab ripc_Finalize + 115
14 com.apple.CoreGraphics 0x00007fff2f6cb3a8 CGContextDelegateFinalize + 59
15 com.apple.CoreFoundation 0x00007fff2f397daf _CFRelease + 192
16 com.apple.AppKit 0x00007fff2ca95f57 backing_store_delegate + 116
17 com.apple.AppKit 0x00007fff2cdb21e2 backing_store_DrawRects.llvm.2329424099933660171 + 907
18 com.apple.CoreGraphics 0x00007fff2f6b71f2 CGContextFillRects + 96
19 com.apple.CoreGraphics 0x00007fff2f6b718b CGContextFillRect + 105
20 com.apple.AppKit 0x00007fff2ca82466 +[NSBezierPath fillRect:] + 92
21 libgdk-3.0.dylib 0x0000000107bc7c9d -[GdkQuartzView drawRect:] + 525
22 com.apple.AppKit 0x00007fff2c9b621e _NSViewDrawRect + 66
23 com.apple.AppKit 0x00007fff2c9a105e -[NSView _drawRect:clip:] + 1752
24 com.apple.AppKit 0x00007fff2c99feee -[NSView _recursiveDisplayAllDirtyWithLockFocus:visRect:] + 1425
25 com.apple.AppKit 0x00007fff2c9a02a6 -[NSView _recursiveDisplayAllDirtyWithLockFocus:visRect:] + 2377
26 com.apple.AppKit 0x00007fff2c99df40 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 908
27 com.apple.AppKit 0x00007fff2c99b490 -[NSView _oldDisplayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] + 1893
28 com.apple.AppKit 0x00007fff2c99aac9 -[NSView _displayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] + 253
29 com.apple.AppKit 0x00007fff2c9976be -[NSView displayIfNeeded] + 1302
30 com.apple.AppKit 0x00007fff2c96b854 -[NSWindow _setFrameCommon:display:stashSize:] + 3891
31 com.apple.AppKit 0x00007fff2c96a90e -[NSWindow _setFrame:display:allowImplicitAnimation:stashSize:] + 192
32 com.apple.AppKit 0x00007fff2c96a847 -[NSWindow setFrame:display:] + 51
33 libgdk-3.0.dylib 0x0000000107bda646 move_resize_window_internal + 966
34 libgdk-3.0.dylib 0x0000000107bb9670 gdk_window_move_resize_internal + 464
35 fontforge 0x0000000106ada270 GGDKDrawMoveResize + 128
36 fontforge 0x0000000106ad281f msgpopup_eh + 911
37 fontforge 0x0000000106adce1f _GGDKDraw_ProcessTimerEvent + 175
38 libglib-2.0.0.dylib 0x0000000107f772b8 g_timeout_dispatch + 24
39 libglib-2.0.0.dylib 0x0000000107f7a956 g_main_context_dispatch + 310
40 libglib-2.0.0.dylib 0x0000000107f7ac8d g_main_context_iterate + 429
41 libglib-2.0.0.dylib 0x0000000107f7ad14 g_main_context_iteration + 100
42 fontforge 0x0000000106adba8d GGDKDrawEventLoop + 141
43 fontforge 0x0000000106aa5d9e fontforge_main + 5534
44 libdyld.dylib 0x00007fff5b1ec3d5 start + 1
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x00007fff00000028 rbx: 0x0000000000000018 rcx: 0x0000000000000000 rdx: 0x00000000000d2bb0
rdi: 0x00007f9041652970 rsi: 0x00007f9041600000 rbp: 0x00007ffee92bb5d0 rsp: 0x00007ffee92bb5d0
r8: 0x0000000000000010 r9: 0x00007f904161b4e0 r10: 0x0000000000000011 r11: 0x0000000000000011
r12: 0x00007f904162a650 r13: 0x0000000000000038 r14: 0x0000000000000000 r15: 0x00007f904162a650
rip: 0x00007fff59a1264c rfl: 0x0000000000010206 cr2: 0x00007fff00000048
Logical CPU: 6
Error Code: 0x00000004
Trap Number: 14
|
|
Hmm, interesting. It's hard to tell from the crash report alone, but if I had to guess, there's some memory corruption going on. Were there any particular steps that you took that seem to cause crashes more often than others? What was the previous version you were using that was better? Are you able to share the font that you were working on? |
|
The crashes seem just to be moving stuff around. There is the issue with overlapping windows - focus tends to often drift onto the back window - but I’m not sure it’s an issue.
If you have the ability to generate some sort of memory - catching build (not my area, sorry) maybe I can help more with that? Or?
I would prefer NOT to share the font – right now I’m just setting up a new font to see if I can replicate the issue.
Also, the crash seems to happen quite spuriously - as you can see from the stack trace.
I will be able to work some more on this today before work starts - I will keep in touch.
… On 27 Aug 2019, at 14:05, Jeremy Tan ***@***.***> wrote:
Hmm, interesting. It's hard to tell from the crash report alone, but if I had to guess, there's some memory corruption going on.
Were there any particular steps that you took that seem to cause crashes more often than others? What was the previous version you were using that was better? Are you able to share the font that you were working on?
|
|
Just to update you on my earlier comment. |
|
I've made a version compiled with ASan (memory checking): http://dl.bintray.com/fontforge/fontforge/FontForge-2019-08-28-c15c2e6-asan.app.dmg Just note the following when using this:
|
|
Brilliant - I will have a look this afternoon.
… On 28 Aug 2019, at 10:19, Jeremy Tan ***@***.***> wrote:
I've made a version compiled with ASan (memory checking): http://dl.bintray.com/fontforge/fontforge/FontForge-2019-08-28-c15c2e6-asan.app.dmg
Just note the following when using this:
• I'd expect it to be more likely to crash than the normal version, as it will hard-fail on any memory errors, instead of continuing on
• Expect it to be slower (iirc they mention a 2x slowdown)
• Run it from a terminal, as it will dump info there if there's an issue, like:
==2979==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000146148 at pc 0x00010db4859a bp 0x7fff52144f30 sp 0x7fff52144f28
READ of size 8 at 0x611000146148 thread T0
#0 0x10db48599 in CVInfoDrawText (fontforge:x86_64+0x10008f599)
#1 0x10db45a41 in CVInfoDraw (fontforge:x86_64+0x10008ca41)
#2 0x10dbd64b5 in CVMouseDownSpiroPoint (fontforge:x86_64+0x10011d4b5)
#3 0x10db966f2 in CVMouseDown (fontforge:x86_64+0x1000dd6f2)
#4 0x10db91e7b in v_e_h (fontforge:x86_64+0x1000d8e7b)
#5 0x10df88a14 in _GWidget_Container_eh (fontforge:x86_64+0x1004cfa14)
#6 0x10dfc607c in _GGDKDraw_CallEHChecked (fontforge:x86_64+0x10050d07c)
#7 0x10dfbab29 in _GGDKDraw_DispatchEvent (fontforge:x86_64+0x100501b29)
#8 0x10ef1e2a0 in _gdk_event_emit (libgdk-3.0.dylib:x86_64+0x152a0)
#9 0x10ef4b651 in gdk_event_dispatch (libgdk-3.0.dylib:x86_64+0x42651)
#10 0x10f2d1955 in g_main_context_dispatch (libglib-2.0.0.dylib:x86_64+0x38955)
#11 0x10f2d1c8c in g_main_context_iterate (libglib-2.0.0.dylib:x86_64+0x38c8c)
#12 0x10f2d1d13 in g_main_context_iteration (libglib-2.0.0.dylib:x86_64+0x38d13)
#13 0x10dfc27fc in GGDKDrawEventLoop (fontforge:x86_64+0x1005097fc)
#14 0x10df1f3ab in fontforge_main (fontforge:x86_64+0x1004663ab)
#15 0x7fffa497a234 in start (libdyld.dylib:x86_64+0x5234)
0x611000146148 is located 200 bytes inside of 240-byte region [0x611000146080,0x611000146170)
freed by thread T0 here:
#0 0x110b3e2f0 in wrap_realloc (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x562f0)
#1 0x10dbd62e0 in CVMouseDownSpiroPoint (fontforge:x86_64+0x10011d2e0)
#2 0x10db966f2 in CVMouseDown (fontforge:x86_64+0x1000dd6f2)
#3 0x10db91e7b in v_e_h (fontforge:x86_64+0x1000d8e7b)
#4 0x10df88a14 in _GWidget_Container_eh (fontforge:x86_64+0x1004cfa14)
#5 0x10dfc607c in _GGDKDraw_CallEHChecked (fontforge:x86_64+0x10050d07c)
#6 0x10dfbab29 in _GGDKDraw_DispatchEvent (fontforge:x86_64+0x100501b29)
#7 0x10ef1e2a0 in _gdk_event_emit (libgdk-3.0.dylib:x86_64+0x152a0)
#8 0x10ef4b651 in gdk_event_dispatch (libgdk-3.0.dylib:x86_64+0x42651)
#9 0x10f2d1955 in g_main_context_dispatch (libglib-2.0.0.dylib:x86_64+0x38955)
#10 0x10f2d1c8c in g_main_context_iterate (libglib-2.0.0.dylib:x86_64+0x38c8c)
#11 0x10f2d1d13 in g_main_context_iteration (libglib-2.0.0.dylib:x86_64+0x38d13)
#12 0x10dfc27fc in GGDKDrawEventLoop (fontforge:x86_64+0x1005097fc)
#13 0x10df1f3ab in fontforge_main (fontforge:x86_64+0x1004663ab)
#14 0x7fffa497a234 in start (libdyld.dylib:x86_64+0x5234)
previously allocated by thread T0 here:
#0 0x110b3df5c in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x55f5c)
#1 0x10dbd5fc5 in CVMouseDownSpiroPoint (fontforge:x86_64+0x10011cfc5)
#2 0x10db966f2 in CVMouseDown (fontforge:x86_64+0x1000dd6f2)
#3 0x10db91e7b in v_e_h (fontforge:x86_64+0x1000d8e7b)
#4 0x10df88a14 in _GWidget_Container_eh (fontforge:x86_64+0x1004cfa14)
#5 0x10dfc607c in _GGDKDraw_CallEHChecked (fontforge:x86_64+0x10050d07c)
#6 0x10dfbab29 in _GGDKDraw_DispatchEvent (fontforge:x86_64+0x100501b29)
#7 0x10ef1e2a0 in _gdk_event_emit (libgdk-3.0.dylib:x86_64+0x152a0)
#8 0x10ef4b651 in gdk_event_dispatch (libgdk-3.0.dylib:x86_64+0x42651)
#9 0x10f2d1955 in g_main_context_dispatch (libglib-2.0.0.dylib:x86_64+0x38955)
#10 0x10f2d1c8c in g_main_context_iterate (libglib-2.0.0.dylib:x86_64+0x38c8c)
#11 0x10f2d1d13 in g_main_context_iteration (libglib-2.0.0.dylib:x86_64+0x38d13)
#12 0x10dfc27fc in GGDKDrawEventLoop (fontforge:x86_64+0x1005097fc)
#13 0x10df1f3ab in fontforge_main (fontforge:x86_64+0x1004663ab)
#14 0x7fffa497a234 in start (libdyld.dylib:x86_64+0x5234)
SUMMARY: AddressSanitizer: heap-use-after-free (fontforge:x86_64+0x10008f599) in CVInfoDrawText
Shadow bytes around the buggy address:
0x1c2200028bd0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
0x1c2200028be0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x1c2200028bf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c2200028c00: fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x1c2200028c10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x1c2200028c20: fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fa fa
0x1c2200028c30: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x1c2200028c40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1c2200028c50: 00 00 00 00 00 fa fa fa fa fa fa fa fa fa fa fa
0x1c2200028c60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x1c2200028c70: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==2979==ABORTING
/Applications/FontForge.app/Contents/MacOS/FontForge: line 107: 2979 Abort trap: 6 ( exec $WRAPPER $bundle_bin/fontforge -new )
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
I enclose two crashes - the first is easily replicable - and both of them are breaking at 'u_WordlistEscapedInputStringToRealString_readGlyphName()'
The first crash (another below)
This doesn't use any font at all. Just the default 'untitled'.
(1) Click on the first character. ( U+0016 )
(2) Press Command-E
Application Specific Information:
=================================================================
==3710==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300059a420 at pc 0x000109e0d856 bp 0x7ffee628b990 sp 0x7ffee628b988
READ of size 4 at 0x60300059a420 thread T0
#0 0x109e0d855 in u_WordlistEscapedInputStringToRealString_readGlyphName (fontforge:x86_64+0x10049c855)
#1 0x109e0cb0e in WordlistEscapedInputStringToParsedDataComplex (fontforge:x86_64+0x10049bb0e)
#2 0x1099fe9c9 in CV_OnCharSelectorTextChanged (fontforge:x86_64+0x10008d9c9)
#3 0x1099fb915 in CVChangeSC (fontforge:x86_64+0x10008a915)
#4 0x109be539d in FVMouse (fontforge:x86_64+0x10027439d)
#5 0x109be06df in v_e_h (fontforge:x86_64+0x10026f6df)
#6 0x109e40a14 in _GWidget_Container_eh (fontforge:x86_64+0x1004cfa14)
#7 0x109e7e07c in _GGDKDraw_CallEHChecked (fontforge:x86_64+0x10050d07c)
#8 0x109e72b29 in _GGDKDraw_DispatchEvent (fontforge:x86_64+0x100501b29)
#9 0x10c3952a0 in _gdk_event_emit (libgdk-3.0.dylib:x86_64+0x152a0)
#10 0x10c3c2651 in gdk_event_dispatch (libgdk-3.0.dylib:x86_64+0x42651)
#11 0x10c75d955 in g_main_context_dispatch (libglib-2.0.0.dylib:x86_64+0x38955)
#12 0x10c75dc8c in g_main_context_iterate (libglib-2.0.0.dylib:x86_64+0x38c8c)
#13 0x10c75dd13 in g_main_context_iteration (libglib-2.0.0.dylib:x86_64+0x38d13)
#14 0x109e7a7fc in GGDKDrawEventLoop (fontforge:x86_64+0x1005097fc)
#15 0x109dd73ab in fontforge_main (fontforge:x86_64+0x1004663ab)
#16 0x7fff6f4e53d4 in start (libdyld.dylib:x86_64+0x163d4)
0x60300059a420 is located 0 bytes to the right of 32-byte region [0x60300059a400,0x60300059a420)
allocated by thread T0 here:
#0 0x10c8c1e9c in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x58e9c)
#1 0x109e0d24f in u_WordlistEscapedInputStringToRealString_readGlyphName (fontforge:x86_64+0x10049c24f)
#2 0x109e0cb0e in WordlistEscapedInputStringToParsedDataComplex (fontforge:x86_64+0x10049bb0e)
#3 0x1099fe9c9 in CV_OnCharSelectorTextChanged (fontforge:x86_64+0x10008d9c9)
#4 0x1099fb915 in CVChangeSC (fontforge:x86_64+0x10008a915)
#5 0x109be539d in FVMouse (fontforge:x86_64+0x10027439d)
#6 0x109be06df in v_e_h (fontforge:x86_64+0x10026f6df)
#7 0x109e40a14 in _GWidget_Container_eh (fontforge:x86_64+0x1004cfa14)
#8 0x109e7e07c in _GGDKDraw_CallEHChecked (fontforge:x86_64+0x10050d07c)
#9 0x109e72b29 in _GGDKDraw_DispatchEvent (fontforge:x86_64+0x100501b29)
#10 0x10c3952a0 in _gdk_event_emit (libgdk-3.0.dylib:x86_64+0x152a0)
#11 0x10c3c2651 in gdk_event_dispatch (libgdk-3.0.dylib:x86_64+0x42651)
#12 0x10c75d955 in g_main_context_dispatch (libglib-2.0.0.dylib:x86_64+0x38955)
#13 0x10c75dc8c in g_main_context_iterate (libglib-2.0.0.dylib:x86_64+0x38c8c)
#14 0x10c75dd13 in g_main_context_iteration (libglib-2.0.0.dylib:x86_64+0x38d13)
#15 0x109e7a7fc in GGDKDrawEventLoop (fontforge:x86_64+0x1005097fc)
#16 0x109dd73ab in fontforge_main (fontforge:x86_64+0x1004663ab)
#17 0x7fff6f4e53d4 in start (libdyld.dylib:x86_64+0x163d4)
SUMMARY: AddressSanitizer: heap-buffer-overflow (fontforge:x86_64+0x10049c855) in u_WordlistEscapedInputStringToRealString_readGlyphName
Shadow bytes around the buggy address:
0x1c06000b3430: fa fa fd fd fd fa fa fa fd fd fd fd fa fa fd fd
0x1c06000b3440: fd fa fa fa fd fd fd fa fa fa fd fd fd fd fa fa
0x1c06000b3450: fd fd fd fd fa fa fd fd fd fa fa fa fd fd fd fd
0x1c06000b3460: fa fa fd fd fd fa fa fa 00 00 00 fa fa fa fd fd
0x1c06000b3470: fd fa fa fa fd fd fd fd fa fa fd fd fd fa fa fa
=>0x1c06000b3480: 00 00 00 00[fa]fa fd fd fd fd fa fa fd fd fd fd
0x1c06000b3490: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
0x1c06000b34a0: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
0x1c06000b34b0: fd fd fd fd fa fa fd fd fd fa fa fa fd fd fd fa
0x1c06000b34c0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
0x1c06000b34d0: fd fd fa fa fd fd fd fa fa fa fd fd fd fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==3710==ABORTING
abort() called
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x00007fff6f6202c6 __pthread_kill + 10
1 libsystem_pthread.dylib 0x00007fff6f6dbbf1 pthread_kill + 284
2 libsystem_c.dylib 0x00007fff6f58a6a6 abort + 127
3 libclang_rt.asan_osx_dynamic.dylib 0x000000010c8e5e96 __sanitizer::Abort() + 70
4 libclang_rt.asan_osx_dynamic.dylib 0x000000010c8e1188 __sanitizer::Die() + 120
5 libclang_rt.asan_osx_dynamic.dylib 0x000000010c8c76d1 __asan::ScopedInErrorReport::~ScopedInErrorReport() + 321
6 libclang_rt.asan_osx_dynamic.dylib 0x000000010c8c716a __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) + 410
7 libclang_rt.asan_osx_dynamic.dylib 0x000000010c8c7edb __asan_report_load4 + 43
8 fontforge 0x0000000109e0d856 u_WordlistEscapedInputStringToRealString_readGlyphName + 2534
9 fontforge 0x0000000109e0cb0f WordlistEscapedInputStringToParsedDataComplex + 735
The second crash
I didn't do much but open up some windows, honest!
I think I used the 'Holy' variant from https://fontlibrary.org/en/font/knots
Application Specific Information:
=================================================================
==3710==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300059a420 at pc 0x000109e0d856 bp 0x7ffee628b990 sp 0x7ffee628b988
READ of size 4 at 0x60300059a420 thread T0
#0 0x109e0d855 in u_WordlistEscapedInputStringToRealString_readGlyphName (fontforge:x86_64+0x10049c855)
#1 0x109e0cb0e in WordlistEscapedInputStringToParsedDataComplex (fontforge:x86_64+0x10049bb0e)
#2 0x1099fe9c9 in CV_OnCharSelectorTextChanged (fontforge:x86_64+0x10008d9c9)
#3 0x1099fb915 in CVChangeSC (fontforge:x86_64+0x10008a915)
#4 0x109be539d in FVMouse (fontforge:x86_64+0x10027439d)
#5 0x109be06df in v_e_h (fontforge:x86_64+0x10026f6df)
#6 0x109e40a14 in _GWidget_Container_eh (fontforge:x86_64+0x1004cfa14)
#7 0x109e7e07c in _GGDKDraw_CallEHChecked (fontforge:x86_64+0x10050d07c)
#8 0x109e72b29 in _GGDKDraw_DispatchEvent (fontforge:x86_64+0x100501b29)
#9 0x10c3952a0 in _gdk_event_emit (libgdk-3.0.dylib:x86_64+0x152a0)
#10 0x10c3c2651 in gdk_event_dispatch (libgdk-3.0.dylib:x86_64+0x42651)
#11 0x10c75d955 in g_main_context_dispatch (libglib-2.0.0.dylib:x86_64+0x38955)
#12 0x10c75dc8c in g_main_context_iterate (libglib-2.0.0.dylib:x86_64+0x38c8c)
#13 0x10c75dd13 in g_main_context_iteration (libglib-2.0.0.dylib:x86_64+0x38d13)
#14 0x109e7a7fc in GGDKDrawEventLoop (fontforge:x86_64+0x1005097fc)
#15 0x109dd73ab in fontforge_main (fontforge:x86_64+0x1004663ab)
#16 0x7fff6f4e53d4 in start (libdyld.dylib:x86_64+0x163d4)
0x60300059a420 is located 0 bytes to the right of 32-byte region [0x60300059a400,0x60300059a420)
allocated by thread T0 here:
#0 0x10c8c1e9c in wrap_malloc (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x58e9c)
#1 0x109e0d24f in u_WordlistEscapedInputStringToRealString_readGlyphName (fontforge:x86_64+0x10049c24f)
#2 0x109e0cb0e in WordlistEscapedInputStringToParsedDataComplex (fontforge:x86_64+0x10049bb0e)
#3 0x1099fe9c9 in CV_OnCharSelectorTextChanged (fontforge:x86_64+0x10008d9c9)
#4 0x1099fb915 in CVChangeSC (fontforge:x86_64+0x10008a915)
#5 0x109be539d in FVMouse (fontforge:x86_64+0x10027439d)
#6 0x109be06df in v_e_h (fontforge:x86_64+0x10026f6df)
#7 0x109e40a14 in _GWidget_Container_eh (fontforge:x86_64+0x1004cfa14)
#8 0x109e7e07c in _GGDKDraw_CallEHChecked (fontforge:x86_64+0x10050d07c)
#9 0x109e72b29 in _GGDKDraw_DispatchEvent (fontforge:x86_64+0x100501b29)
#10 0x10c3952a0 in _gdk_event_emit (libgdk-3.0.dylib:x86_64+0x152a0)
#11 0x10c3c2651 in gdk_event_dispatch (libgdk-3.0.dylib:x86_64+0x42651)
#12 0x10c75d955 in g_main_context_dispatch (libglib-2.0.0.dylib:x86_64+0x38955)
#13 0x10c75dc8c in g_main_context_iterate (libglib-2.0.0.dylib:x86_64+0x38c8c)
#14 0x10c75dd13 in g_main_context_iteration (libglib-2.0.0.dylib:x86_64+0x38d13)
#15 0x109e7a7fc in GGDKDrawEventLoop (fontforge:x86_64+0x1005097fc)
#16 0x109dd73ab in fontforge_main (fontforge:x86_64+0x1004663ab)
#17 0x7fff6f4e53d4 in start (libdyld.dylib:x86_64+0x163d4)
SUMMARY: AddressSanitizer: heap-buffer-overflow (fontforge:x86_64+0x10049c855) in u_WordlistEscapedInputStringToRealString_readGlyphName
Shadow bytes around the buggy address:
0x1c06000b3430: fa fa fd fd fd fa fa fa fd fd fd fd fa fa fd fd
0x1c06000b3440: fd fa fa fa fd fd fd fa fa fa fd fd fd fd fa fa
0x1c06000b3450: fd fd fd fd fa fa fd fd fd fa fa fa fd fd fd fd
0x1c06000b3460: fa fa fd fd fd fa fa fa 00 00 00 fa fa fa fd fd
0x1c06000b3470: fd fa fa fa fd fd fd fd fa fa fd fd fd fa fa fa
=>0x1c06000b3480: 00 00 00 00[fa]fa fd fd fd fd fa fa fd fd fd fd
0x1c06000b3490: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
0x1c06000b34a0: fd fa fa fa fd fd fd fa fa fa fd fd fd fa fa fa
0x1c06000b34b0: fd fd fd fd fa fa fd fd fd fa fa fa fd fd fd fa
0x1c06000b34c0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd
0x1c06000b34d0: fd fd fa fa fd fd fd fa fa fa fd fd fd fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==3710==ABORTING
abort() called
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x00007fff6f6202c6 __pthread_kill + 10
1 libsystem_pthread.dylib 0x00007fff6f6dbbf1 pthread_kill + 284
2 libsystem_c.dylib 0x00007fff6f58a6a6 abort + 127
3 libclang_rt.asan_osx_dynamic.dylib 0x000000010c8e5e96 __sanitizer::Abort() + 70
4 libclang_rt.asan_osx_dynamic.dylib 0x000000010c8e1188 __sanitizer::Die() + 120
5 libclang_rt.asan_osx_dynamic.dylib 0x000000010c8c76d1 __asan::ScopedInErrorReport::~ScopedInErrorReport() + 321
6 libclang_rt.asan_osx_dynamic.dylib 0x000000010c8c716a __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) + 410
7 libclang_rt.asan_osx_dynamic.dylib 0x000000010c8c7edb __asan_report_load4 + 43
8 fontforge 0x0000000109e0d856 u_WordlistEscapedInputStringToRealString_readGlyphName + 2534
9 fontforge 0x0000000109e0cb0f WordlistEscapedInputStringToParsedDataComplex + 735
10 fontforge 0x00000001099fe9ca CV_OnCharSelectorTextChanged + 938
11 fontforge 0x00000001099fb916 CVChangeSC + 3702
12 fontforge 0x0000000109be539e FVMouse + 4398
13 fontforge 0x0000000109be06e0 v_e_h + 528
14 fontforge 0x0000000109e40a15 _GWidget_Container_eh + 5077
15 fontforge 0x0000000109e7e07d _GGDKDraw_CallEHChecked + 77
16 fontforge 0x0000000109e72b2a _GGDKDraw_DispatchEvent + 8698
17 libgdk-3.0.dylib 0x000000010c3952a1 _gdk_event_emit + 49
18 libgdk-3.0.dylib 0x000000010c3c2652 gdk_event_dispatch + 50
19 libglib-2.0.0.dylib 0x000000010c75d956 g_main_context_dispatch + 310
20 libglib-2.0.0.dylib 0x000000010c75dc8d g_main_context_iterate + 429
21 libglib-2.0.0.dylib 0x000000010c75dd14 g_main_context_iteration + 100
22 fontforge 0x0000000109e7a7fd GGDKDrawEventLoop + 253
23 fontforge 0x0000000109dd73ac fontforge_main + 7484
24 libdyld.dylib 0x00007fff6f4e53d5 start + 1
|
|
This is probably the same as #3909. |
|
@MrBenGriffin if you'd like to try out the latest version to see if it fixes it for you: http://dl.bintray.com/fontforge/fontforge/:FontForge-2019-08-29-f8fc94c.app.dmg This is also the latest asan version: http://dl.bintray.com/fontforge/fontforge/:FontForge-2019-08-30-9d41a2c-asan.app.dmg |
|
Hey, that’s far more resilient! No crashes yet.
Still some mouse focus issues with overlapping windows -but that’s been there a while and is another thing ;-D
I will update you if a crash does arise, of course.
Thanks so much for your time. Kudos isn’t dollars - but I hope my thanks are worth something in your world!
…-B.
On 30 Aug 2019, at 10:34, Jeremy Tan ***@***.***> wrote:
@MrBenGriffin <https://github.com/MrBenGriffin> if you'd like to try out the latest version to see if it fixes it for you: http://dl.bintray.com/fontforge/fontforge/:FontForge-2019-08-29-f8fc94c.app.dmg <http://dl.bintray.com/fontforge/fontforge/:FontForge-2019-08-29-f8fc94c.app.dmg>
This is also the latest asan version: http://dl.bintray.com/fontforge/fontforge/:FontForge-2019-08-30-9d41a2c-asan.app.dmg <http://dl.bintray.com/fontforge/fontforge/:FontForge-2019-08-30-9d41a2c-asan.app.dmg>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub <#3877?email_source=notifications&email_token=AANTZ2CANSWFNJU4VKMZDALQHDSS3A5CNFSM4IL47FFKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5REP7Y#issuecomment-526534655>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AANTZ2AZ3NC4YR7U7A35OK3QHDSS3ANCNFSM4IL47FFA>.
|
|
Yep - found another, while attempting to edit a large table of GSUB.
Process: fontforge [2421]
Path: /Users/USER/*/FontForge.app/Contents/Resources/opt/local/bin/fontforge
Identifier: net.sourceforge.fontforge
Version: Version 20190801 (20190801)
Code Type: X86-64 (Native)
Parent Process: ??? [2411]
Responsible: fontforge [2421]
User ID: 501
Date/Time: 2019-08-30 18:46:58.433 +0100
OS Version: Mac OS X 10.14.6 (18G95)
Report Version: 12
Bridge OS Version: 3.6 (16P6571)
Anonymous UUID: 3D8C0BEB-B1EA-7750-6F46-81074672117A
Time Awake Since Boot: 20000 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
ID Vend/Dev
7030 67df1002
Seconds Ago ID Type
20000.0 7030 Attach
Application Specific Information:
=================================================================
==2421==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00010b219d50 at pc 0x00010b910c60 bp 0x7ffee50190a0 sp 0x7ffee5019098
READ of size 4 at 0x00010b219d50 thread T0
#0 0x10b910c5f in u_strlen (libfontforge.4.dylib:x86_64+0xdc5f)
#1 0x10b911405 in u_copy (libfontforge.4.dylib:x86_64+0xe405)
#2 0x10b0d3e81 in _GGadget_Create (fontforge:x86_64+0x1004f0e81)
#3 0x10b14f25a in _GCheckBoxCreate (fontforge:x86_64+0x10056c25a)
#4 0x10b0f723e in _GHVBoxCreate (fontforge:x86_64+0x10051423e)
#5 0x10b0f723e in _GHVBoxCreate (fontforge:x86_64+0x10051423e)
#6 0x10b0d749f in GGadgetsCreate (fontforge:x86_64+0x1004f449f)
#7 0x10aedbaa9 in PSTKernD (fontforge:x86_64+0x1002f8aa9)
#8 0x10aed171e in _LookupSubtableContents (fontforge:x86_64+0x1002ee71e)
#9 0x10ae163b1 in GFI_LookupEditSubtableContents (fontforge:x86_64+0x1002333b1)
#10 0x10b0a0c53 in GButtonInvoked (fontforge:x86_64+0x1004bdc53)
#11 0x10b09bce8 in gbutton_mouse (fontforge:x86_64+0x1004b8ce8)
#12 0x10b0b1f5c in _GWidget_Container_eh (fontforge:x86_64+0x1004cef5c)
#13 0x10b0f007c in _GGDKDraw_CallEHChecked (fontforge:x86_64+0x10050d07c)
#14 0x10b0e4b29 in _GGDKDraw_DispatchEvent (fontforge:x86_64+0x100501b29)
#15 0x10d5f92a0 in _gdk_event_emit (libgdk-3.0.dylib:x86_64+0x152a0)
#16 0x10d626651 in gdk_event_dispatch (libgdk-3.0.dylib:x86_64+0x42651)
#17 0x10d9c7955 in g_main_context_dispatch (libglib-2.0.0.dylib:x86_64+0x38955)
#18 0x10d9c7c8c in g_main_context_iterate (libglib-2.0.0.dylib:x86_64+0x38c8c)
#19 0x10d9c7d13 in g_main_context_iteration (libglib-2.0.0.dylib:x86_64+0x38d13)
#20 0x10b0ec7fc in GGDKDrawEventLoop (fontforge:x86_64+0x1005097fc)
#21 0x10b0493eb in fontforge_main (fontforge:x86_64+0x1004663eb)
#22 0x7fff793ba3d4 in start (libdyld.dylib:x86_64+0x163d4)
0x00010b219d50 is located 48 bytes to the left of global variable '<string literal>' defined in '../fontforgeexe/lookupui.c:4666:32' (0x10b219d80) of size 21
'<string literal>' is ascii string '_Hide Unused Columns'
0x00010b219d52 is located 0 bytes to the right of global variable '<string literal>' defined in '../fontforgeexe/lookupui.c:4649:41' (0x10b219ce0) of size 114
'<string literal>' is ascii string 'Sort first using the glyph's script.
Thus A and Z would sort together
while Alpha would sort with Omega and not A'
SUMMARY: AddressSanitizer: global-buffer-overflow (libfontforge.4.dylib:x86_64+0xdc5f) in u_strlen
Shadow bytes around the buggy address:
0x100021643350: f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 00 00 00 00
0x100021643360: 00 00 00 04 f9 f9 f9 f9 00 01 f9 f9 f9 f9 f9 f9
0x100021643370: 00 00 00 00 00 00 00 01 f9 f9 f9 f9 00 06 f9 f9
0x100021643380: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 f9 f9 f9
0x100021643390: f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 00 00 00 00
=>0x1000216433a0: 00 00 00 00 00 00 00 00 00 00[02]f9 f9 f9 f9 f9
0x1000216433b0: 00 00 05 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x1000216433c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 f9
0x1000216433d0: f9 f9 f9 f9 00 02 f9 f9 f9 f9 f9 f9 00 02 f9 f9
0x1000216433e0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x1000216433f0: 00 00 00 00 00 00 04 f9 f9 f9 f9 f9 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==2421==ABORTING
abort() called
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x00007fff794f52c6 __pthread_kill + 10
1 libsystem_pthread.dylib 0x00007fff795b0bf1 pthread_kill + 284
2 libsystem_c.dylib 0x00007fff7945f6a6 abort + 127
3 libclang_rt.asan_osx_dynamic.dylib 0x000000010db4de96 __sanitizer::Abort() + 70
4 libclang_rt.asan_osx_dynamic.dylib 0x000000010db49188 __sanitizer::Die() + 120
5 libclang_rt.asan_osx_dynamic.dylib 0x000000010db2f6d1 __asan::ScopedInErrorReport::~ScopedInErrorReport() + 321
6 libclang_rt.asan_osx_dynamic.dylib 0x000000010db2f16a __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) + 410
7 libclang_rt.asan_osx_dynamic.dylib 0x000000010db2fedb __asan_report_load4 + 43
8 libfontforge.4.dylib 0x000000010b910c60 u_strlen + 96
9 libfontforge.4.dylib 0x000000010b911406 u_copy + 22
10 fontforge 0x000000010b0d3e82 _GGadget_Create + 2322
11 fontforge 0x000000010b14f25b _GCheckBoxCreate + 107
12 fontforge 0x000000010b0f723f _GHVBoxCreate + 1103
13 fontforge 0x000000010b0f723f _GHVBoxCreate + 1103
14 fontforge 0x000000010b0d74a0 GGadgetsCreate + 96
15 fontforge 0x000000010aedbaaa PSTKernD + 14586
16 fontforge 0x000000010aed171f _LookupSubtableContents + 1839
17 fontforge 0x000000010ae163b2 GFI_LookupEditSubtableContents + 130
18 fontforge 0x000000010b0a0c54 GButtonInvoked + 1028
19 fontforge 0x000000010b09bce9 gbutton_mouse + 793
20 fontforge 0x000000010b0b1f5d _GWidget_Container_eh + 2333
21 fontforge 0x000000010b0f007d _GGDKDraw_CallEHChecked + 77
22 fontforge 0x000000010b0e4b2a _GGDKDraw_DispatchEvent + 8698
23 libgdk-3.0.dylib 0x000000010d5f92a1 _gdk_event_emit + 49
24 libgdk-3.0.dylib 0x000000010d626652 gdk_event_dispatch + 50
25 libglib-2.0.0.dylib 0x000000010d9c7956 g_main_context_dispatch + 310
26 libglib-2.0.0.dylib 0x000000010d9c7c8d g_main_context_iterate + 429
27 libglib-2.0.0.dylib 0x000000010d9c7d14 g_main_context_iteration + 100
28 fontforge 0x000000010b0ec7fd GGDKDrawEventLoop + 253
29 fontforge 0x000000010b0493ec fontforge_main + 7484
30 libdyld.dylib 0x00007fff793ba3d5 start + 1
|
|
Without more info on how to repro that gsub editing crash there's not much I can do. As always, try using the latest app bundle from http://dl.bintray.com/fontforge/fontforge/ and reopen it's still an issue. (Edit; It may be empty/not working at the moment, because we ran over the usage limits, so I've cleared it out and kicked off a new build to get some fresh builds) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've shared several console logs on fontforge-devel@lists.sourceforge.net
My initial thought was this was to do with libPango, but it looks like it may be to do with something else..
I notice that warning dialogs which are behind other windows are sometimes not rendering - and in many ways the window focus is not working properly.
I also notice that the crashes appear to only kick in with complex files - but when they crash, they crash pretty quickly. I'm willing to help resolve the issue - but I do not have the time to build the entire code-chain sorry.
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libglib-2.0.0.dylib 0x00000001068ca92c g_slice_alloc + 92
1 libpango-1.0.0.dylib 0x00000001063c7954 pango_font_description_copy_static + 24
2 libpangocairo-1.0.0.dylib 0x00000001063b0c80 pango_core_text_fontset_key_init + 354
3 libpangocairo-1.0.0.dylib 0x00000001063b09ca pango_core_text_font_map_load_fontset + 224
4 libpango-1.0.0.dylib 0x00000001063cd229 itemize_state_process_run + 440
But....
fontforge(21589,0x116efb5c0) malloc: Incorrect checksum for freed object 0x7fd03176fbf0: probably modified after being freed.
Corrupt value: 0xb00007fd00000026
2 libsystem_c.dylib 0x00007fff7dba96a6 abort + 127
3 libsystem_malloc.dylib 0x00007fff7dcb816b malloc_vreport + 545
4 libsystem_malloc.dylib 0x00007fff7dcd0f01 malloc_zone_error + 183
5 libsystem_malloc.dylib 0x00007fff7dcb4947 tiny_free_list_remove_ptr + 544
6 libsystem_malloc.dylib 0x00007fff7dcb2318 tiny_free_no_lock + 934
7 libsystem_malloc.dylib 0x00007fff7dcb1e75 free_tiny + 480
8 libfontforgeexe.3.dylib 0x000000010cc7ecb3 WordlistEscapedInputStringToParsedDataComplex + 1091
9 libfontforgeexe.3.dylib 0x000000010cc7f3f8 WordlistEscapedInputStringToParsedData + 40
10 libfontforgeexe.3.dylib 0x000000010ca59d1a CV_OnCharSelectorTextChanged + 602
11 libfontforgeexe.3.dylib 0x000000010ca58ad6 CVChangeSC + 2822
12 libfontforgeexe.3.dylib 0x000000010cb5528e FVMouse + 846
13 libfontforgeexe.3.dylib 0x000000010cb5317e v_e_h + 398
14 libgdraw.6.dylib 0x000000010ce646f8 _GWidget_Container_eh + 3048
And...
Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [21643]
0 libobjc.A.dylib 0x00007fff7c32869d objc_msgSend + 29
1 com.apple.AppKit 0x00007fff4f4f5033 -[NSApplication(NSWindowCache) _removeWindowFromCache:] + 176
2 com.apple.AppKit 0x00007fff4f4f4eb4 -[NSApplication _removeWindow:] + 453
3 com.apple.AppKit 0x00007fff4fb40a7e -[NSWindow _finishClosingWindow] + 602
4 com.apple.AppKit 0x00007fff4f5d9671 -[NSWindow _close] + 364
5 libgdk-3.0.dylib 0x000000010598b021 gdk_quartz_window_destroy + 369
6 libgdk-3.0.dylib 0x0000000105966e78 _gdk_window_destroy_hierarchy + 1112
7 libgdk-3.0.dylib 0x0000000105966f64 gdk_window_destroy + 20
8 libgdraw.6.dylib 0x0000000104b81348 _GGDKDraw_OnWindowDestroyed + 312
9 libglib-2.0.0.dylib 0x0000000105f102b8 g_timeout_dispatch + 24
10 libglib-2.0.0.dylib 0x0000000105f13956 g_main_context_dispatch + 310
And...
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.CoreGraphics 0x00007fff52000a50 RIPLayerRelease + 13
1 com.apple.CoreGraphics 0x00007fff51ff6bcb ripc_GetClipState + 399
2 com.apple.CoreGraphics 0x00007fff51ff6662 ripc_GetRenderingState + 150
3 com.apple.CoreGraphics 0x00007fff51ff648d ripc_DrawRects + 80
4 com.apple.AppKit 0x00007fff4f4650d1 __backing_store_DrawRects_block_invoke + 39
5 com.apple.AppKit 0x00007fff4f464460 backing_store_delegate + 893
6 com.apple.AppKit 0x00007fff4f78031a backing_store_DrawRects.llvm.1485844590212887067 + 907
7 com.apple.CoreGraphics 0x00007fff51ff63ae CGContextFillRects + 96
8 com.apple.CoreGraphics 0x00007fff51ff6347 CGContextFillRect + 105
9 com.apple.AppKit 0x00007fff4f384768 NSRectFill + 237
10 com.apple.AppKit 0x00007fff4f463e98 -[NSThemeFrame _drawTransparentTitlebarInRect:] + 78
11 com.apple.AppKit 0x00007fff4f463da9 -[NSThemeFrame _drawUnifiedToolbar:] + 154
12 com.apple.AppKit 0x00007fff4f463baa -[NSThemeFrame _drawTitleBar:] + 83
13 com.apple.AppKit 0x00007fff4f463b4c -[NSThemeFrame _drawFrameInterior:clip:] + 66
14 com.apple.AppKit 0x00007fff4f463ab8 -[NSThemeFrame drawFrame:] + 806
15 com.apple.AppKit 0x00007fff4f463670 -[NSFrameView drawRect:] + 703
16 com.apple.AppKit 0x00007fff4f4633af -[NSThemeFrame drawRect:] + 203
17 com.apple.AppKit 0x00007fff4f38441e _NSViewDrawRect + 66
18 com.apple.AppKit 0x00007fff4f36f25e -[NSView _drawRect:clip:] + 1752
19 com.apple.AppKit 0x00007fff4f36d1e1 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 5165
20 com.apple.AppKit 0x00007fff4f36bd8e -[NSThemeFrame _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 65
21 com.apple.AppKit 0x00007fff4f369690 -[NSView _oldDisplayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] + 1893
22 com.apple.AppKit 0x00007fff4f368cc9 -[NSView _displayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] + 253
23 com.apple.AppKit 0x00007fff4f3658be -[NSView displayIfNeeded] + 1302
24 com.apple.AppKit 0x00007fff4f3625ff -[NSWindow displayIfNeeded] + 280
25 com.apple.AppKit 0x00007fff4f362440 __NSWindowGetDisplayCycleObserverForDisplay_block_invoke + 684
26 com.apple.AppKit 0x00007fff4f35d534 NSDisplayCycleObserverInvoke + 162
27 com.apple.AppKit 0x00007fff4f35d0b4 NSDisplayCycleFlush + 1030
28 com.apple.QuartzCore 0x00007fff5c643003 CA::Transaction::run_commit_handlers(CATransactionPhase) + 49
29 com.apple.QuartzCore 0x00007fff5c64274b CA::Transaction::commit() + 213
30 com.apple.AppKit 0x00007fff4f35ca4d __65+[CATransaction(NSCATransaction) NS_setFlushesWithDisplayRefresh]_block_invoke + 274
31 com.apple.CoreFoundation 0x00007fff51c33928 CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION + 23
32 com.apple.CoreFoundation 0x00007fff51c3385d __CFRunLoopDoObservers + 451
33 com.apple.CoreFoundation 0x00007fff51bd5f80 __CFRunLoopRun + 1136
34 com.apple.CoreFoundation 0x00007fff51bd58be CFRunLoopRunSpecific + 455
35 com.apple.HIToolbox 0x00007fff50ec196b RunCurrentEventLoopInMode + 292
36 com.apple.HIToolbox 0x00007fff50ec15ad ReceiveNextEventCommon + 355
37 com.apple.HIToolbox 0x00007fff50ec1436 _BlockUntilNextEventMatchingListInModeWithFilter + 64
38 com.apple.AppKit 0x00007fff4f25b987 _DPSNextEvent + 965
39 com.apple.AppKit 0x00007fff4f25a71f -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1361
40 libgdk-3.0.dylib 0x000000010cf9fffc poll_func + 172
41 libglib-2.0.0.dylib 0x000000010d53ac37 g_main_context_iterate + 343
42 libglib-2.0.0.dylib 0x000000010d53ad14 g_main_context_iteration + 100
And...
0 com.apple.CoreGraphics 0x00007fff2d27ef88 CGFontStrikeGetValue + 88
1 com.apple.CoreGraphics 0x00007fff2d27ebf0 CGGlyphBuilder::lock_glyph_bitmaps(CGGlyphIdentifier const*, unsigned long, CGGlyphBitmap const**) + 118
2 com.apple.CoreGraphics 0x00007fff2d27ea40 render_glyphs + 184
3 com.apple.CoreGraphics 0x00007fff2d27e243 draw_glyph_bitmaps + 1093
4 com.apple.CoreGraphics 0x00007fff2d27dd70 ripc_DrawGlyphs + 1451
5 com.apple.CoreGraphics 0x00007fff2d27d42f CGContextDelegateDrawGlyphs + 906
6 com.apple.CoreGraphics 0x00007fff2d2ae530 dle_ExecuteDisplayList + 4204
7 com.apple.CoreGraphics 0x00007fff2d2acf7d dle_Execute + 328
8 com.apple.CoreGraphics 0x00007fff2d2acb44 CGDisplayListDrawInContextDelegate + 489
9 com.apple.AppKit 0x00007fff2a581569 -[NSTextLayer drawLayer:inContext:] + 330
10 com.apple.QuartzCore 0x00007fff378b1577 -[CALayer drawInContext:] + 281
11 com.apple.QuartzCore 0x00007fff3789de02 CABackingStoreUpdate_ + 577
12 com.apple.QuartzCore 0x00007fff378ffa0d invocation function for block in CA::Layer::display_() + 53
13 com.apple.QuartzCore 0x00007fff3789db75 x_blame_allocations + 81
14 com.apple.QuartzCore 0x00007fff3789d020 -[CALayer _display] + 1830
15 com.apple.AppKit 0x00007fff2a53d74e _NSBackingLayerDisplay + 528
16 com.apple.QuartzCore 0x00007fff3789c551 CA::Layer::display_if_needed(CA::Transaction*) + 627
17 com.apple.QuartzCore 0x00007fff3788a7c6 CA::Context::commit_transaction(CA::Transaction*) + 342
18 com.apple.QuartzCore 0x00007fff37889ea6 CA::Transaction::commit() + 596
19 com.apple.AppKit 0x00007fff2a51884d __65+[CATransaction(NSCATransaction) NS_setFlushesWithDisplayRefresh]_block_invoke + 274
20 com.apple.CoreFoundation 0x00007fff2ce7df28 CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION + 23
21 com.apple.CoreFoundation 0x00007fff2ce7de5d __CFRunLoopDoObservers + 451
22 com.apple.CoreFoundation 0x00007fff2ce20580 __CFRunLoopRun + 1136
23 com.apple.CoreFoundation 0x00007fff2ce1febe CFRunLoopRunSpecific + 455
24 com.apple.HIToolbox 0x00007fff2c07f1ab RunCurrentEventLoopInMode + 292
25 com.apple.HIToolbox 0x00007fff2c07eded ReceiveNextEventCommon + 355
26 com.apple.HIToolbox 0x00007fff2c07ec76 _BlockUntilNextEventMatchingListInModeWithFilter + 64
27 com.apple.AppKit 0x00007fff2a41779d _DPSNextEvent + 1135
28 com.apple.AppKit 0x00007fff2a41648b -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1361
29 libgdk-3.0.dylib 0x000000010d351ffc poll_func + 172
30 libglib-2.0.0.dylib 0x000000010d8e4c37 g_main_context_iterate + 343
31 libglib-2.0.0.dylib 0x000000010d8e4d14 g_main_context_iteration + 100
*..and..
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libobjc.A.dylib 0x00007fff5759a69d objc_msgSend + 29
1 com.apple.CoreGraphics 0x00007fff2d23abdf assert_check_region + 30
2 com.apple.CoreGraphics 0x00007fff2d2596e3 CGRegionCreateUnionWithRegion + 28
3 com.apple.CoreGraphics 0x00007fff2d2596bb CGSUnionRegion + 14
4 com.apple.AppKit 0x00007fff2a620f25 -[_NSCGSWindowBackingStore dirtyBackBufferInRegion:] + 64
5 com.apple.AppKit 0x00007fff2a6202aa backing_store_delegate + 967
6 com.apple.AppKit 0x00007fff2a93c1e2 backing_store_DrawRects.llvm.2329424099933660171 + 907
7 com.apple.CoreGraphics 0x00007fff2d2411f2 CGContextFillRects + 96
8 com.apple.CoreGraphics 0x00007fff2d24118b CGContextFillRect + 105
9 com.apple.AppKit 0x00007fff2a540568 NSRectFill + 237
10 com.apple.AppKit 0x00007fff2a61fc98 -[NSThemeFrame _drawTransparentTitlebarInRect:] + 78
11 com.apple.AppKit 0x00007fff2a61fba9 -[NSThemeFrame _drawUnifiedToolbar:] + 154
12 com.apple.AppKit 0x00007fff2a61f9aa -[NSThemeFrame _drawTitleBar:] + 83
13 com.apple.AppKit 0x00007fff2a61f94c -[NSThemeFrame _drawFrameInterior:clip:] + 66
14 com.apple.AppKit 0x00007fff2a61f8b8 -[NSThemeFrame drawFrame:] + 806
15 com.apple.AppKit 0x00007fff2a61f470 -[NSFrameView drawRect:] + 703
16 com.apple.AppKit 0x00007fff2a61f1af -[NSThemeFrame drawRect:] + 203
17 com.apple.AppKit 0x00007fff2a54021e _NSViewDrawRect + 66
18 com.apple.AppKit 0x00007fff2a52b05e -[NSView _drawRect:clip:] + 1752
19 com.apple.AppKit 0x00007fff2a528fe1 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 5165
20 com.apple.AppKit 0x00007fff2a527b8e -[NSThemeFrame _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 65
21 com.apple.AppKit 0x00007fff2a525490 -[NSView _oldDisplayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] + 1893
22 com.apple.AppKit 0x00007fff2a524ac9 -[NSView _displayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] + 253
23 com.apple.AppKit 0x00007fff2a5216be -[NSView displayIfNeeded] + 1302
24 com.apple.AppKit 0x00007fff2a51e3ff -[NSWindow displayIfNeeded] + 280
25 com.apple.AppKit 0x00007fff2a51e240 __NSWindowGetDisplayCycleObserverForDisplay_block_invoke + 684
26 com.apple.AppKit 0x00007fff2a519334 NSDisplayCycleObserverInvoke + 162
27 com.apple.AppKit 0x00007fff2a518eb4 NSDisplayCycleFlush + 1030
28 com.apple.QuartzCore 0x00007fff3788a54d CA::Transaction::run_commit_handlers(CATransactionPhase) + 49
29 com.apple.QuartzCore 0x00007fff37889d26 CA::Transaction::commit() + 212
30 com.apple.AppKit 0x00007fff2a51884d __65+[CATransaction(NSCATransaction) NS_setFlushesWithDisplayRefresh]_block_invoke + 274
31 com.apple.CoreFoundation 0x00007fff2ce7df28 CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION + 23
32 com.apple.CoreFoundation 0x00007fff2ce7de5d __CFRunLoopDoObservers + 451
33 com.apple.CoreFoundation 0x00007fff2ce20580 __CFRunLoopRun + 1136
34 com.apple.CoreFoundation 0x00007fff2ce1febe CFRunLoopRunSpecific + 455
35 com.apple.HIToolbox 0x00007fff2c07f1ab RunCurrentEventLoopInMode + 292
36 com.apple.HIToolbox 0x00007fff2c07eded ReceiveNextEventCommon + 355
37 com.apple.HIToolbox 0x00007fff2c07ec76 _BlockUntilNextEventMatchingListInModeWithFilter + 64
38 com.apple.AppKit 0x00007fff2a41779d _DPSNextEvent + 1135
39 com.apple.AppKit 0x00007fff2a41648b -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1361
40 libgdk-3.0.dylib 0x0000000104c34ffc poll_func + 172
41 libglib-2.0.0.dylib 0x00000001051d5c37 g_main_context_iterate + 343
Important
Mark with [x] to select. Leave as [ ] to unselect.
When reporting a bug/issue:
When you open an issue for a change/improvement/feature request:
The text was updated successfully, but these errors were encountered: