Bug#948876: kodi: FTBFS: something segfaults

2020-01-25 Thread Bernhard Übelacker 
Dear Maintainer,
a short addition. I got some help that AddressSanitizer
and Valgrind could be squeezed to delay returning previously
free'd addresses from the allocator.

Then both tools point to the mentioned first allocation directly.

Kind regards,
Bernhard


AddressSanitizer: export ASAN_OPTIONS=quarantine_size_mb=1000


Valgrind: --freelist-vol=100
Result with unmodified Debian binaries:
valgrind --tool=memcheck --track-origins=yes --num-callers=100 
--freelist-vol=100 fontforge -script 
/home/benutzer/source/kodi/try1/kodi-17.6+dfsg1/debian/mergefonts.ff 
/usr/share/fonts/truetype/droid/DroidSansFallbackFull.ttf 
/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf 
/home/benutzer/source/kodi/try1/kodi-17.6+dfsg1/media/Fonts/arial.ttf
The glyph named Omega is mapped to U+03A9.
  But its name indicates it should be mapped to U+2126.
==74312== Invalid read of size 8
==74312==at 0x55F6B69: gv_len (tottfgpos.c:3838)
==74312==by 0x5601DC9: ttf_math_dump_glyphvariant (tottfgpos.c:3979)
==74312==by 0x5601DC9: otf_dump_math (tottfgpos.c:4139)
==74312==by 0x56134C9: initATTables (tottf.c:5316)
==74312==by 0x5615006: initTables (tottf.c:5792)
==74312==by 0x561552A: _WriteTTFFont (tottf.c:6143)
==74312==by 0x5615A49: WriteTTFFont (tottf.c:6171)
==74312==by 0x54F5413: _DoSave (savefont.c:845)
==74312==by 0x54F7DCF: GenerateScript (savefont.c:1269)
==74312==by 0x55103FB: bGenerate (scripting.c:2061)
==74312==by 0x5512F0A: docall (scripting.c:9632)
==74312==by 0x551359D: handlename (scripting.c:9745)
==74312==by 0x55147B2: term (scripting.c:9983)
==74312==by 0x5514B37: mul (scripting.c:10128)
==74312==by 0x5514D4D: add (scripting.c:10174)
==74312==by 0x55150B8: comp (scripting.c:10249)
==74312==by 0x5515340: _and (scripting.c:10293)
==74312==by 0x55154E2: _or (scripting.c:10325)
==74312==by 0x55154E2: assign (scripting.c:10358)
==74312==by 0x55122FC: expr (scripting.c:10436)
==74312==by 0x55122FC: ff_statement (scripting.c:10649)
==74312==by 0x5516110: ProcessNativeScript (scripting.c:10796)
==74312==by 0x5516744: _CheckIsScript (scripting.c:10890)
==74312==by 0x5516744: CheckIsScript (scripting.c:10927)
==74312==by 0x4A165B8: fontforge_main (startui.c:1099)
==74312==by 0x4C13BBA: (below main) (libc-start.c:308)
==74312==  Address 0x8f6e3600 is 0 bytes inside a block of size 40 free'd
==74312==at 0x48379AB: free (vg_replace_malloc.c:540)
==74312==by 0x55C7B19: SplineCharFreeContents (splineutil.c:5963)
==74312==by 0x55C7B7D: SplineCharFree (splineutil.c:5974)
==74312==by 0x55C7B7D: SplineCharFree (splineutil.c:5970)
==74312==by 0x55CA66D: SplineFontFree (splineutil.c:6535)
==74312==by 0x55CA66D: SplineFontFree (splineutil.c:6491)
==74312==by 0x542E147: _MergeFont (fvfonts.c:1161)
==74312==by 0x542E147: __MergeFont (fvfonts.c:1179)
==74312==by 0x542E147: MergeFont (fvfonts.c:1261)
==74312==by 0x5512F0A: docall (scripting.c:9632)
==74312==by 0x551359D: handlename (scripting.c:9745)
==74312==by 0x55147B2: term (scripting.c:9983)
==74312==by 0x5514B37: mul (scripting.c:10128)
==74312==by 0x5514D4D: add (scripting.c:10174)
==74312==by 0x55150B8: comp (scripting.c:10249)
==74312==by 0x5515340: _and (scripting.c:10293)
==74312==by 0x55154E2: _or (scripting.c:10325)
==74312==by 0x55154E2: assign (scripting.c:10358)
==74312==by 0x55122FC: expr (scripting.c:10436)
==74312==by 0x55122FC: ff_statement (scripting.c:10649)
==74312==by 0x5516110: ProcessNativeScript (scripting.c:10796)
==74312==by 0x5516744: _CheckIsScript (scripting.c:10890)
==74312==by 0x5516744: CheckIsScript (scripting.c:10927)
==74312==by 0x4A165B8: fontforge_main (startui.c:1099)
==74312==by 0x4C13BBA: (below main) (libc-start.c:308)
==74312==  Block was alloc'd at
==74312==at 0x4838B65: calloc (vg_replace_malloc.c:762)
==74312==by 0x5486A1B: ttf_math_read_gvtable (parsettfatt.c:5317)
==74312==by 0x5491113: ttf_math_read_variants (parsettfatt.c:5473)
==74312==by 0x5491113: _otf_read_math (parsettfatt.c:5515)
==74312==by 0x5491113: _otf_read_math (parsettfatt.c:5493)
==74312==by 0x54A87D4: readttf (parsettf.c:5673)
==74312==by 0x54A87D4: _SFReadTTF (parsettf.c:6327)
==74312==by 0x556808E: _ReadSplineFont (splinefont.c:1141)
==74312==by 0x5569238: LoadSplineFont (splinefont.c:1379)
==74312==by 0x550B0E2: bMergeFonts (scripting.c:5600)
==74312==by 0x5512F0A: docall (scripting.c:9632)
==74312==by 0x551359D: handlename (scripting.c:9745)
==74312==by 0x55147B2: term (scripting.c:9983)
==74312==by 0x5514B37: mul (scripting.c:10128)
==74312==by 0x5514D4D: add (scripting.c:10174)
==74312==by 0x55150B8: comp (scripting.c:10249)
==74312==by 0x5515340: _and (scripting.c:10293)
==74312==by 0x55154E2: _or (scripting.c:10325)
==74312==by 0x55154E2: assign (scripting.c:10358)
==74312==

Bug#948876: kodi: FTBFS: something segfaults

2020-01-22 Thread Bernhard Übelacker 
Dear Maintainer,
I tried to look into this issue without being involved
in packaging fontforge.
I found it most reproducible when building with
"-fsanitize=address", and then always failing on accessing
the same address. [1]


As far as I see this is what happens:

- Address 0x6048a210 gets returned by the allocator [2],
  and stored in "sf->glyphs[49391]->vert_variants".

- Memory gets freed below SplineFontFree while still
  stored below "sf->..." [3].


- Address 0x6048a210 gets returned a second time.
  This is returned as the previous allocation by AddressSanitizer [1].

- And freed again.


- The first pointer gets further copied around (See attached file.)

- Now in gv_len this address is again accessed and causes the crash. [1]


(Is there a way to force AddressSanitizer to return unique memory addresses?)
The line numbers of the AddressSanitizer outputs do not
completely match because of some added fprintf's.


A temporary workaround could be to disable the call to
SplineFontFree in _MergeFont. Then no crash happens.


Kind regards,
Bernhard




[1]
==111281==ERROR: AddressSanitizer: heap-use-after-free on address 
0x6048a210 at pc 0x7fc246fb1ea9 bp 0x7fff40ed9800 sp 0x7fff40ed97f8
READ of size 8 at 0x6048a210 thread T0
#0 0x7fc246fb1ea8 in gv_len ./fontforge/tottfgpos.c:3838
#1 0x7fc246fcce1f in ttf_math_dump_glyphvariant ./fontforge/tottfgpos.c:3979
#2 0x7fc246fcce1f in otf_dump_math ./fontforge/tottfgpos.c:4139
#3 0x7fc246fff7f0 in initATTables ./fontforge/tottf.c:5316
#4 0x7fc24700297e in initTables ./fontforge/tottf.c:5792
#5 0x7fc247003737 in _WriteTTFFont ./fontforge/tottf.c:6143
#6 0x7fc2470040b1 in WriteTTFFont ./fontforge/tottf.c:6171
#7 0x7fc246d09d1b in _DoSave ./fontforge/savefont.c:845
#8 0x7fc246d0ec2b in GenerateScript ./fontforge/savefont.c:1269
#9 0x7fc246d5d592 in bGenerate ./fontforge/scripting.c:2061
#10 0x7fc246d63b7d in docall ./fontforge/scripting.c:9632
#11 0x7fc246d64be1 in handlename ./fontforge/scripting.c:9745
#12 0x7fc246d67aa1 in term ./fontforge/scripting.c:9983
#13 0x7fc246d684fb in mul ./fontforge/scripting.c:10128
#14 0x7fc246d68a0b in add ./fontforge/scripting.c:10174
#15 0x7fc246d6943c in comp ./fontforge/scripting.c:10249
#16 0x7fc246d69b10 in _and ./fontforge/scripting.c:10293
#17 0x7fc246d6a04a in _or ./fontforge/scripting.c:10325
#18 0x7fc246d6a04a in assign ./fontforge/scripting.c:10358
#19 0x7fc246d620d9 in expr ./fontforge/scripting.c:10436
#20 0x7fc246d620d9 in ff_statement ./fontforge/scripting.c:10649
#21 0x7fc246d6bddd in ProcessNativeScript ./fontforge/scripting.c:10796
#22 0x7fc246d6c944 in _CheckIsScript ./fontforge/scripting.c:10890
#23 0x7fc246d6c944 in CheckIsScript ./fontforge/scripting.c:10927
#24 0x7fc2477c8643 in fontforge_main ./fontforgeexe/startnoui.c:122
#25 0x7fc24762cbba in __libc_start_main ../csu/libc-start.c:308
#26 0x5568a79b80c9 in _start 
(/home/benutzer/source/libfontforge3/try2/fontforge-20190801~dfsg/debian/fontforge-nox/usr/bin/fontforge+0x10c9)

0x6048a210 is located 0 bytes inside of 35-byte region 
[0x6048a210,0x6048a233)
freed by thread T0 here:
#0 0x7fc2478d4277 in __interceptor_free 
(/lib/x86_64-linux-gnu/libasan.so.5+0x107277)
#1 0x7fc246fe6564 in dumpglyph ./fontforge/tottf.c:1331

previously allocated by thread T0 here:
#0 0x7fc2478d4628 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x107628)
#1 0x7fc246fe6336 in dumpglyph ./fontforge/tottf.c:1316




[2]
# Alloction 1
(gdb) print gv
$1 = (struct glyphvariants *) 0x6048a210
(gdb) bt
#0  0x769adb01 in ttf_math_read_gvtable (ttf=ttf@entry=0x6160002bfb80, 
info=info@entry=0x7fffc3c0, start=, 
justinuse=justinuse@entry=git_normal, basesc=basesc@entry=0x613002af2800, 
isv=isv@entry=1) at ././fontforge/parsettfatt.c:5318
#1  0x769c7653 in ttf_math_read_variants (justinuse=git_normal, 
start=47440, info=0x7fffc3c0, ttf=0x6160002bfb80) at 
././fontforge/parsettfatt.c:5474
#2  0x769c7653 in _otf_read_math (justinuse=git_normal, info=, ttf=0x6160002bfb80) at ././fontforge/parsettfatt.c:5518
#3  0x769c7653 in _otf_read_math (ttf=0x6160002bfb80, info=, justinuse=git_normal) at ././fontforge/parsettfatt.c:5496
#4  0x76a08515 in readttf (filename=, info=, ttf=0x6020004fd210) at ././fontforge/parsettf.c:5673
#5  0x76a08515 in _SFReadTTF (ttf=ttf@entry=0x6160002bfb80, 
flags=flags@entry=0, openflags=openflags@entry=(unknown: 0), 
filename=filename@entry=0x60470690 
"/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf", 
chosenname=chosenname@entry=0x0, fd=fd@entry=0x0) at 
././fontforge/parsettf.c:6327
#6  0x76c08d80 in _ReadSplineFont (file=, 
file@entry=0x0, filename=filename@entry=0x60470650 
"/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf", 
openflags=openflags@entry=(unknown: 0)) at ././fontforge/splinefont.c:1141
#7  0x76c0a3ac in ReadSplineFont

Bug#948876: kodi: FTBFS: something segfaults

2020-01-17 Thread Bálint Réczey 
Control: reassign -1 fontforge 1:20190801~dfsg-2
Control: affects -1 kodi

Hi Mattia,

Mattia Rizzolo  ezt írta (időpont: 2020. jan. 14., K, 12:29):
>
> Source: kodi
> Version: 2:17.6+dfsg1-4
> Severity: serious
> Tags: ftbfs
>
> Dear maintainer,
> your package failed to rebuild in a standard sid chroot.
> If this is caused by a dependency, please reassign and sent an
> approriate "affects".
>
>debian/rules override_dh_auto_configure
> make[1]: Entering directory '/build/1st/kodi-17.6+dfsg1'
> cp -r /build/1st/kodi-17.6+dfsg1/webinterface-default 
> /build/1st/kodi-17.6+dfsg1/addons/webinterface.default
> sed -i 's/DEB_VERSION/"'2:17.6+dfsg1-4'"/' xbmc/Application.cpp 
> xbmc/utils/SystemInfo.cpp
> fontforge -script /build/1st/kodi-17.6+dfsg1/debian/mergefonts.ff \
> /usr/share/fonts/truetype/droid/DroidSansFallbackFull.ttf \
> /usr/share/fonts/truetype/dejavu/DejaVuSans.ttf \
> /build/1st/kodi-17.6+dfsg1/media/Fonts/arial.ttf
> Copyright (c) 2000-2019. See AUTHORS for Contributors.
>  License GPLv3+: GNU GPL version 3 or later 
>  with many parts BSD . Please read LICENSE.
>  Version: 20190801
>  Based on sources from 12:20 UTC 13-Nov-2019-ML-D-GDK3.
> Cannot find your hotkey definition file!
> This font contains both a 'kern' table and a 'GPOS' table.
>   The 'kern' table will only be read if there is no 'kern' feature in 'GPOS'.
> Use-my-metrics flag set on at least two components in glyph 685
> The glyph named Omega is mapped to U+03A9.
>   But its name indicates it should be mapped to U+2126.
> Attempt to output 233084170 into a 16-bit field. It will be truncated and the 
> file may not be useful.make[1]: *** [debian/rules:112: 
> override_dh_auto_configure] Segmentation fault
> make[1]: Leaving directory '/build/1st/kodi-17.6+dfsg1'
> make: *** [debian/rules:87: build] Error 2
> dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2

Thanks, this is a bug in fontforge.

Cheers,
Balint

Bug#948876: kodi: FTBFS: something segfaults

2020-01-14 Thread Mattia Rizzolo 
Source: kodi
Version: 2:17.6+dfsg1-4
Severity: serious
Tags: ftbfs

Dear maintainer,
your package failed to rebuild in a standard sid chroot.
If this is caused by a dependency, please reassign and sent an
approriate "affects".

   debian/rules override_dh_auto_configure
make[1]: Entering directory '/build/1st/kodi-17.6+dfsg1'
cp -r /build/1st/kodi-17.6+dfsg1/webinterface-default 
/build/1st/kodi-17.6+dfsg1/addons/webinterface.default
sed -i 's/DEB_VERSION/"'2:17.6+dfsg1-4'"/' xbmc/Application.cpp 
xbmc/utils/SystemInfo.cpp
fontforge -script /build/1st/kodi-17.6+dfsg1/debian/mergefonts.ff \
/usr/share/fonts/truetype/droid/DroidSansFallbackFull.ttf \
/usr/share/fonts/truetype/dejavu/DejaVuSans.ttf \
/build/1st/kodi-17.6+dfsg1/media/Fonts/arial.ttf
Copyright (c) 2000-2019. See AUTHORS for Contributors.
 License GPLv3+: GNU GPL version 3 or later 
 with many parts BSD . Please read LICENSE.
 Version: 20190801
 Based on sources from 12:20 UTC 13-Nov-2019-ML-D-GDK3.
Cannot find your hotkey definition file!
This font contains both a 'kern' table and a 'GPOS' table.
  The 'kern' table will only be read if there is no 'kern' feature in 'GPOS'.
Use-my-metrics flag set on at least two components in glyph 685
The glyph named Omega is mapped to U+03A9.
  But its name indicates it should be mapped to U+2126.
Attempt to output 233084170 into a 16-bit field. It will be truncated and the 
file may not be useful.make[1]: *** [debian/rules:112: 
override_dh_auto_configure] Segmentation fault
make[1]: Leaving directory '/build/1st/kodi-17.6+dfsg1'
make: *** [debian/rules:87: build] Error 2
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2


-- 
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540  .''`.
More about me:  https://mapreri.org : :'  :
Launchpad user: https://launchpad.net/~mapreri  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-


signature.asc
Description: PGP signature