[Image-SIG] Segmentation fault in ImagingDestroyBlock

Konstantin Shaposhnikov k.shaposhnikov at gmail.com
Fri May 19 19:13:53 CEST 2006

Hello all,

I think that I found the reason of segmentation fault - incorrect
determination of size that will be used by text for true type fonts
and one more bug in font rendering code.

Text is drawn like this:
  ImageDraw.text calls font.getmask and draw bitmap returned by this
function on original bitmap
  FreeTypeFont.getmask created empty bitmap of size returned by
FreeTypeFont.getsize (i.e. _imagingft:font_getsize) and pass this
bitmap to _imagingft:font_render.

The problem is that for some fonts (with big slant) font_getsize
returns too small size and font_render writes somewhere outside image
memory that leads to segmentation fault during freeing memory.

Also for fonts with backward slant rendering should start not with 0
position, but with some positive coordinate x (see attached image).

I am not a font expert and unfortunately can not provide proper patch.
But I would very appreciate if based on my comments somebody fix all
these weird issues with fonts.

Best regards,

On 5/17/06, Konstantin Shaposhnikov <k.shaposhnikov at gmail.com> wrote:
> Hello all,
> I am developing script that should display character table using given
> true type font.
> Unfortunately my script fails with "Segmenation fault" message for some fonts.
> I have attached simplified script and font file that can be used to
> reproduce problem. It seems that bug occured only for certain
> characters (f.e. capital 'J').
> I am using freetype-2.1.9 and imaging-1.15, but I am not sure that bug
> is related to
> font handling, because error occured in free(), so I suppose some
> problems with memory [de]allocation.
> Additionally I've created core dump and extracted back trace:
> #0  0xb7cffd8f in mallopt () from /lib/libc.so.6
> #1  0xb7cfed29 in free () from /lib/libc.so.6
> #2  0xb7827e9d in ImagingDestroyBlock (im=0xc548d468)
>     at libImaging/Storage.c:307
> #3  0xb7827d45 in ImagingDelete (im=0xbd3d01b8) at libImaging/Storage.c:241
> #4  0xb78061d5 in _dealloc (imagep=0xb7c980a0) at _imaging.c:183
> #5  0xb7eeadd3 in PyFrame_Fini () from /usr/lib/libpython2.4.so.1.0
> #6  0xb7f3feee in PyEval_EvalCodeEx () from /usr/lib/libpython2.4.so.1.0
> #7  0xb7f41e22 in PyEval_GetFuncDesc () from /usr/lib/libpython2.4.so.1.0
> #8  0xb7f41994 in PyEval_GetFuncDesc () from /usr/lib/libpython2.4.so.1.0
> #9  0xb7f3ee77 in PyEval_EvalFrame () from /usr/lib/libpython2.4.so.1.0
> #10 0xb7f41f09 in PyEval_GetFuncDesc () from /usr/lib/libpython2.4.so.1.0
> #11 0xb7f41994 in PyEval_GetFuncDesc () from /usr/lib/libpython2.4.so.1.0
> #12 0xb7f3ee77 in PyEval_EvalFrame () from /usr/lib/libpython2.4.so.1.0
> #13 0xb7f3fec5 in PyEval_EvalCodeEx () from /usr/lib/libpython2.4.so.1.0
> #14 0xb7f3c975 in PyEval_EvalCode () from /usr/lib/libpython2.4.so.1.0
> #15 0xb7f76189 in PyRun_FileExFlags () from /usr/lib/libpython2.4.so.1.0
> #16 0xb7f755f3 in PyRun_SimpleFileExFlags () from /usr/lib/libpython2.4.so.1.0
> #17 0xb7f74fb8 in PyRun_AnyFileExFlags () from /usr/lib/libpython2.4.so.1.0
> #18 0xb7f7e2c1 in Py_Main () from /usr/lib/libpython2.4.so.1.0
> #19 0x080486b9 in main ()
> Any help and suggestions are highly appreciated.
> Regards,
> Konstantin
> --
> http://step-inside.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.png
Type: image/png
Size: 721 bytes
Desc: not available
Url : http://mail.python.org/pipermail/image-sig/attachments/20060519/30730c39/attachment.png 

More information about the Image-SIG mailing list