FreeType CRASH in Preferences Dialog when change a path using Native File Dialog on archlinux (x86+armv7a)

• Feb 25, 2016 - 04:55
Priority
P3 - Low
Type
Functional
Severity
S4 - Minor
Status
closed
Regression
No
Workaround
No
Project
MuseScore

I've tested this on latest master https://github.com/musescore/musescore/commit/e666061 and it happens on both my i686 machine and ARMv7A machine, both running latest archlinux. In the Preferences Dialogue, when I try to change the path for any of the {Scores,Styles,Templates,Plugins,Soundfonts,Images} folders or starting score, then I the windows starts to show up, but all grey, and there is a segfault. When running latest ArchLinux {i686 or ARMv7A} using the FreeType version included with MuseScore.git (ver *2.6.1*), then the segfault occurs in af_autofitter_load_glyph() line 332 of afmodule.c:

FT_Memory  memory = module->root.library->memory;

since library is NULL, and gets deferenced. The next level up is in FT_Load_Glyph() at line 722 of ftobjs.c:

        error   = hinting->load_glyph( (FT_AutoHinter)hinter,
                                       slot, face->size,
                                       glyph_index, load_flags );

When running on ArchLinuxARMv7 using the latest FreeType *2.6.3*, then the segfault occurs in af_autofitter_loadglyph() in afmodule.c with the debugger error pointing to the af_property_set (line 332) here:

  FT_DEFINE_SERVICE_PROPERTIESREC(
    af_service_properties,
    (FT_Properties_SetFunc)af_property_set,        /* set_property */
    (FT_Properties_GetFunc)af_property_get )       /* get_property */

and specifically inside next level at af_Load_Glypth() in ftobjs.c with arrow pointing at line 772:

        FT_Face_Internal  internal        = face->internal;

and if I go to next level in disassembler, the debug arrow is pointing at this final line of:

0xaa305398                   10 30 8d e5  str	r3, [sp, #16]
0xaa30539c                   08 30 9d e5  ldr	r3, [sp, #8]
0xaa3053a0                   05 20 a0 e1  mov	r2, r5
0xaa3053a4                   00 10 93 e5  ldr	r1, [r3]
0xaa3053a8                   48 58 fd eb  bl	0xaa25b4d0 
0xaa3053ac                   40 00 50 e3  cmp	r0, #64	; 0x40

MScore outputted the following error to console:

(mscore:20989): Pango-WARNING **: failed to create cairo scaled font, expect ugly output. the offending font is 'FreeSans Bold 10'

(mscore:20989): Pango-WARNING **: font_face status is: file not found

(mscore:20989): Pango-WARNING **: scaled_font status is: file not found

(mscore:20989): Pango-WARNING **: shaping failure, expect ugly output. shape-engine='PangoFcShapeEngine', font='FreeSans Bold 10', text='Scores'

It seems something to do with FreeType. As I mentioned in https://github.com/musescore/MuseScore/pull/2400 I can bypass this error if I use the QFileDialog::DontUseNativeDialog flag for all those file explorer popups. So that tells me error is only when using Native Dialogs.

NOTE: this error does not occur on my Windows 8.1 x86-64 machine when compile that latest master, apparently because Native File Dialogs are different in different Desktop Environments.

Comments

Feb 25, 2016 - 05:12

2 things to consider.

1/ Native/Non native dialogs for Open file and Save file are controlled by a preference. We could (should?) use this preference for the "Choose directory" dialog.

2/ The freetype issue could be due to the fact that MuseScore ships a freetype version and Qt another one... However my understanding is that Native Dialog being Native, they are out of control of Qt drawing (at least it's the case for Qt on Mac and Windows)

Reply

Feb 25, 2016 - 05:28

Re (1), I can go ahead and make a pull request that will do just that: make all the preferences->choose folder dialogus use what comes Native boolean from the .ini file. EDIT: here is the issue I made: #99626: Make Preferences Choose Folder dialog obey the MuseScore.ini "nativeDialogs" boolean.

Re (2), I'm experimenting now with downloading different version of FreeType, replacing the files in muscore thridparty freetype dir, and recompiling to determine how error varies with verions. So far I tried the latest 2.6.3 and still get the error, in addition to the version currently in master.

Reply

Feb 25, 2016 - 10:15

Re (1), I've submitted PR 2406, which upon acceptance, will mean that won't have to encounter this bug when nativeDialogs=false (which is the factory reset state).

Reply

Feb 27, 2016 - 09:04

I just built latest 2.0.3 on my i686, and I ran it with nativeDialogs=true, and I can see the native file dialog open and run without issue. So I'm thinking this bug might be related to some commit that is in master but not in 2.0.3.

ADDENDUM: nativeDialogs=true also works fine in official arch linux 2.0.2, so clearly this is due to some commit in master that isn't in 2.0.3 or 2.0.2, since I'm doing this all on same machine. If anyone knows how to let me know here... (I asked in IRC, but I might not look at IRC).

Reply

Feb 27, 2016 - 09:24

I made it happen again on i686 git master arch linux, and this time I've attached the full backtrace:
core.mscore.1000.b6cf7d5e8a5a4e57b50.gdb-backtrace.txt
Note: crash happens on the main thread (thread 1), but after quite a few calls to a bunch of libraries (although note those stack levels #0 and #1 are in the MuseScore.git thirdparty repo "FreeType"):

Thread 1 (Thread 0xaefbc780 (LWP 16427)):
#0  0x089e59f1 in af_autofitter_load_glyph ()
#1  0x0898c778 in FT_Load_Glyph ()
#2  0xadbed47f in ?? () from /usr/lib/libcairo.so.2
#3  0xadb857bf in ?? () from /usr/lib/libcairo.so.2
#4  0xadbbb4ef in ?? () from /usr/lib/libcairo.so.2
#5  0xadb9f7b2 in ?? () from /usr/lib/libcairo.so.2
#6  0xadba1125 in ?? () from /usr/lib/libcairo.so.2
#7  0xadba1303 in ?? () from /usr/lib/libcairo.so.2
#8  0xadb3d97b in ?? () from /usr/lib/libcairo.so.2
#9  0xadbbf677 in ?? () from /usr/lib/libcairo.so.2
#10 0xadb8e952 in ?? () from /usr/lib/libcairo.so.2
#11 0xadb48440 in ?? () from /usr/lib/libcairo.so.2
#12 0xadb38131 in cairo_show_glyphs () from /usr/lib/libcairo.so.2
#13 0xadca53d3 in ?? () from /usr/lib/libpangocairo-1.0.so.0
#14 0xadca577b in ?? () from /usr/lib/libpangocairo-1.0.so.0
#15 0xadcd1c28 in pango_renderer_draw_glyphs () from /usr/lib/libpango-1.0.so.0
#16 0xadca59ba in pango_cairo_show_glyph_string () from /usr/lib/libpangocairo-1.0.so.0
#17 0xadd1fab0 in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#18 0xadcd1c28 in pango_renderer_draw_glyphs () from /usr/lib/libpango-1.0.so.0
#19 0xadcd1cec in pango_renderer_draw_glyph_item () from /usr/lib/libpango-1.0.so.0
#20 0xadcd2a19 in pango_renderer_draw_layout_line () from /usr/lib/libpango-1.0.so.0
#21 0xadcd2be7 in pango_renderer_draw_layout () from /usr/lib/libpango-1.0.so.0
#22 0xadd20a95 in gdk_draw_layout_with_colors () from /usr/lib/libgdk-x11-2.0.so.0
#23 0xadd20d1f in gdk_draw_layout () from /usr/lib/libgdk-x11-2.0.so.0
#24 0xadf586c9 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#25 0xadf650ad in gtk_paint_layout () from /usr/lib/libgtk-x11-2.0.so.0
#26 0xaded0f18 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#27 0xadedce2b in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#28 0xb199e424 in ?? () from /usr/lib/libgobject-2.0.so.0
#29 0xb199fae5 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#30 0xb19b25d4 in ?? () from /usr/lib/libgobject-2.0.so.0
#31 0xb19ba88c in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#32 0xb19bafc5 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#33 0xadffc9a4 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#34 0xade5daf6 in gtk_container_propagate_expose () from /usr/lib/libgtk-x11-2.0.so.0
#35 0xade5db15 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#36 0xade246aa in ?? () from /usr/lib/libgtk-x11-2.0.so.0
---Type  to continue, or q  to quit---
#37 0xade5c1c8 in gtk_container_forall () from /usr/lib/libgtk-x11-2.0.so.0
#38 0xade5c401 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#39 0xadedce2b in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#40 0xb199e424 in ?? () from /usr/lib/libgobject-2.0.so.0
#41 0xb199fae5 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#42 0xb19b25d4 in ?? () from /usr/lib/libgobject-2.0.so.0
#43 0xb19ba88c in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#44 0xb19bafc5 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#45 0xadffc9a4 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#46 0xade5daf6 in gtk_container_propagate_expose () from /usr/lib/libgtk-x11-2.0.so.0
#47 0xade5db15 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#48 0xade27178 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#49 0xade5c1c8 in gtk_container_forall () from /usr/lib/libgtk-x11-2.0.so.0
#50 0xade5c401 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#51 0xadedce2b in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#52 0xb199e424 in ?? () from /usr/lib/libgobject-2.0.so.0
#53 0xb199fae5 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#54 0xb19b25d4 in ?? () from /usr/lib/libgobject-2.0.so.0
#55 0xb19ba88c in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#56 0xb19bafc5 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#57 0xadffc9a4 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#58 0xade5daf6 in gtk_container_propagate_expose () from /usr/lib/libgtk-x11-2.0.so.0
#59 0xade5db15 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#60 0xade246aa in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#61 0xade5c1c8 in gtk_container_forall () from /usr/lib/libgtk-x11-2.0.so.0
#62 0xade5c401 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#63 0xade30a9d in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#64 0xadedce2b in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#65 0xb199e424 in ?? () from /usr/lib/libgobject-2.0.so.0
#66 0xb199fae5 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#67 0xb19b25d4 in ?? () from /usr/lib/libgobject-2.0.so.0
#68 0xb19ba88c in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#69 0xb19bafc5 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#70 0xadffc9a4 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#71 0xade5daf6 in gtk_container_propagate_expose () from /usr/lib/libgtk-x11-2.0.so.0
#72 0xadfd969f in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#73 0xadedce2b in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#74 0xb199e424 in ?? () from /usr/lib/libgobject-2.0.so.0
#75 0xb199fb8b in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#76 0xb19b25d4 in ?? () from /usr/lib/libgobject-2.0.so.0
#77 0xb19ba88c in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#78 0xb19bafc5 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#79 0xadffc9a4 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#80 0xadedb8f9 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0
#81 0xadd368ba in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#82 0xadd36901 in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#83 0xadd36901 in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#84 0xadd66e3c in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#85 0xadd331fe in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#86 0xadd33b5f in gdk_window_process_all_updates () from /usr/lib/libgdk-x11-2.0.so.0
#87 0xade5bff3 in ?? () from /usr/lib/libgtk-x11-2.0.so.0
#88 0xadd118b0 in ?? () from /usr/lib/libgdk-x11-2.0.so.0
#89 0xb1a321d0 in ?? () from /usr/lib/libglib-2.0.so.0
#90 0xb1a3595b in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#91 0xb1a35d49 in ?? () from /usr/lib/libglib-2.0.so.0
#92 0xb1a360f9 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
---Type  to continue, or q  to quit---
#93 0xade5f402 in gtk_dialog_run () from /usr/lib/libgtk-x11-2.0.so.0
#94 0xae2b6bf1 in ?? () from /usr/lib/qt/plugins/platformthemes/libqgtk2.so
#95 0xb334bfa0 in QDialog::exec() () from /usr/lib/libQt5Widgets.so.5
#96 0xb3360570 in QFileDialog::getExistingDirectoryUrl(QWidget*, QString const&, QUrl const&, QFlags, QStringList const&) ()
   from /usr/lib/libQt5Widgets.so.5
#97 0xb336075f in QFileDialog::getExistingDirectory(QWidget*, QString const&, QString const&, QFlags) () from /usr/lib/libQt5Widgets.so.5
#98 0x0839ae06 in Ms::PreferenceDialog::selectScoresDirectory (this=0xb6df328) at /home/e/MuseScore/mscore/preferences.cpp:1617
#99 0x0864e183 in Ms::PreferenceDialog::qt_static_metacall (_o=0xb6df328, _c=QMetaObject::InvokeMetaMethod, _id=22, _a=0xbf956fe4)
    at /home/e/MuseScore/build.release/mscore/moc_prefsdialog.cpp:209
#100 0xb287d893 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQt5Core.so.5
#101 0xb287dd9d in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQt5Core.so.5
#102 0xb3504a09 in QAbstractButton::clicked(bool) () from /usr/lib/libQt5Widgets.so.5
#103 0xb3236211 in ?? () from /usr/lib/libQt5Widgets.so.5
#104 0xb32379cd in ?? () from /usr/lib/libQt5Widgets.so.5
#105 0xb3237b7f in QAbstractButton::mouseReleaseEvent(QMouseEvent*) () from /usr/lib/libQt5Widgets.so.5
#106 0xb330f701 in QToolButton::mouseReleaseEvent(QMouseEvent*) () from /usr/lib/libQt5Widgets.so.5
#107 0xb31762fa in QWidget::event(QEvent*) () from /usr/lib/libQt5Widgets.so.5
#108 0xb3238a70 in QAbstractButton::event(QEvent*) () from /usr/lib/libQt5Widgets.so.5
#109 0xb330f855 in QToolButton::event(QEvent*) () from /usr/lib/libQt5Widgets.so.5
#110 0xb312e26a in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#111 0xb3133fe2 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#112 0xb284e38f in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5
#113 0xb3132f98 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer&, bool) ()
   from /usr/lib/libQt5Widgets.so.5
#114 0xb31931d8 in ?? () from /usr/lib/libQt5Widgets.so.5
#115 0xb3195f0a in ?? () from /usr/lib/libQt5Widgets.so.5
#116 0xb312e26a in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#117 0xb3133930 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#118 0xb284e38f in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5
#119 0xb2b786cf in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) () from /usr/lib/libQt5Gui.so.5
#120 0xb2b7a519 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) () from /usr/lib/libQt5Gui.so.5
#121 0xb2b5d547 in QWindowSystemInterface::sendWindowSystemEvents(QFlags) () from /usr/lib/libQt5Gui.so.5
#122 0xaee09eae in ?? () from /usr/lib/libQt5XcbQpa.so.5
#123 0xb1a35aa9 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#124 0xb1a35d49 in ?? () from /usr/lib/libglib-2.0.so.0
#125 0xb1a35e14 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#126 0xb28a6483 in QEventDispatcherGlib::processEvents(QFlags) () from /usr/lib/libQt5Core.so.5
#127 0xaee0a081 in ?? () from /usr/lib/libQt5XcbQpa.so.5
#128 0xb284b733 in QEventLoop::processEvents(QFlags) () from /usr/lib/libQt5Core.so.5
#129 0xb284bb8a in QEventLoop::exec(QFlags) () from /usr/lib/libQt5Core.so.5
#130 0xb2854035 in QCoreApplication::exec() () from /usr/lib/libQt5Core.so.5
#131 0xb2b6f701 in QGuiApplication::exec() () from /usr/lib/libQt5Gui.so.5
#132 0xb312a274 in QApplication::exec() () from /usr/lib/libQt5Widgets.so.5
#133 0x0825f9df in main (argc=1, av=0xbf9582d4) at /home/e/MuseScore/mscore/musescore.cpp:5162

Reply

Feb 27, 2016 - 10:13

just noting that I just redid the crash on arch linux armv7 using latest git master, but the strack trace is:

1	FT_Render_Glyph_Internal	ftobjs.c	4138	0x100a224   renderer->render( renderer, slot, render_mode, NULL );
2	FT_Render_Glyph	ftobjs.c	4217	0x100a2f8	
3	??			0xaa3058cc

which while still in FreeType, is in a different line. I'm wondering if there is some unintentional memory overwritting going on, which is

Reply

Nov 13, 2018 - 13:55
Severity S3 - Major S4 - Minor
Status active needs info
Priority P3 - Low
Regression No
Workaround No

Do you have precise steps to reproduce the issue?

Reply