[pypy-issue] [issue1679] Segfault on 32bit pypy

wiredfool tracker at bugs.pypy.org
Wed Jan 22 20:54:06 CET 2014 

wiredfool <eric-pypy at soroos.net> added the comment:

Running under gdb, with symbols compiled into libfreetype, breaking in _imagingft.c when 
the font is created, and then just prior to the segfault. 


(vpypy)erics at builder-1310-x86:~/Pillow$ gdb python
GNU gdb (GDB) 7.6.1-ubuntu
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/erics/vpypy/bin/pypy...(no debugging symbols found)...done.
(gdb) b _imagingft.c:142
No symbol table is loaded.  Use the "file" command.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (_imagingft.c:142) pending.
(gdb) b _imagingft.c:221
No symbol table is loaded.  Use the "file" command.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 2 (_imagingft.c:221) pending.
(gdb) r Tests/test_imagefont.py --installed
Starting program: /home/erics/vpypy/bin/python Tests/test_imagefont.py --installed
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".

Breakpoint 1, getfont (self_=0x0, args=0xb7abb0f0, kw=0xb7abb0f8) at _imagingft.c:142
142	    if (!error)
(gdb) p ((TT_CMap)self->face->charmap)[0]
$1 = {cmap = {charmap = {face = 0xa4227a0, encoding = FT_ENCODING_UNICODE, platform_id = 
3, encoding_id = 10}, 
    clazz = 0xb6f972c0 <tt_cmap12_class_rec>}, data = 0xb6c97830 "", flags = 0}
(gdb) c
Continuing.

Breakpoint 2, font_getsize (self=0xb7ab8150, args=0xb7abb0f8) at _imagingft.c:221
221	        face = self->face;
(gdb) p ((TT_CMap)self->face->charmap)[0]
$2 = {cmap = {charmap = {face = 0xa4227a0, encoding = FT_ENCODING_UNICODE, platform_id = 
3, encoding_id = 10}, 
    clazz = 0xb6f972c0 <tt_cmap12_class_rec>}, data = 0xb6c97830 <Address 0xb6c97830 out 
of bounds>, flags = 0}



This corresponds to the python (where bp1 is in the first call, and bp2 is in the 
second): 
    ttf = ImageFont.truetype(font, font_size)
    w, h = ttf.getsize(txt)

The operative parts of ImageFont.truetype are:

           self.font_bytes = font.read()
           self.font = core.getfont("", size, index, encoding, self.font_bytes)

(at which point, it returns)

Breaking at the final line of getfont and the first line of font_getsize,  it looks like 
the data pointer is getting freed somewhere outside of the freetype library. There's 
precious little python in there either, as it's the last line of getfont, and getsize 
just calls out to the c extension.

________________________________________
PyPy bug tracker <tracker at bugs.pypy.org>
<https://bugs.pypy.org/issue1679>
________________________________________

More information about the pypy-issue mailing list