Bug#1039491: fontconfig: Segfault in libfontconfig.so caused by custom fonts.conf

R Guo firemeteor.guo at ustc.edu
Mon Jun 26 17:28:30 BST 2023 

Package: fontconfig
Version: 2.14.1-4
Severity: normal
X-Debbugs-Cc: firemeteor.guo at ustc.edu

I suffered the issue when I upgraded to Debian 12. 
It's unfortunate that I can't remember the version of the last known good fontconfig.
Because I do not stick to the stable release of Debian as a home desktop user. 
It could be the Debian 11 version or some random version snapped from the rolling release.
I had an old fonts.conf that I shaped years ago without any issue until this recent system upgrade.

So far I can find two applications suffered from this issue -- gnome-font-viewer and libreoffice.
Both of them are not useable and crash upon start up.
Here is a callstack I captured from gnome-font-viewer in a GDB session.
0x00007ffff6fa8c79 in ?? () from /lib/x86_64-linux-gnu/libfontconfig.so.1
(gdb) bt
#0  0x00007ffff6fa8c79 in  () at /lib/x86_64-linux-gnu/libfontconfig.so.1
#1  0x00007ffff6f9c27c in  () at /lib/x86_64-linux-gnu/libfontconfig.so.1
#2  0x00007ffff6f8f429 in FcConfigSubstituteWithPat () at /lib/x86_64-linux-gnu/libfontconfig.so.1
#3  0x00007ffff6fa1131 in FcFontRenderPrepare () at /lib/x86_64-linux-gnu/libfontconfig.so.1
#4  0x00007ffff6fa180a in FcFontSetMatch () at /lib/x86_64-linux-gnu/libfontconfig.so.1
#5  0x00007ffff6869f93 in  () at /lib/x86_64-linux-gnu/libpangoft2-1.0.so.0
#6  0x00007ffff7ee7cfd in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#7  0x00007ffff6d3ffd4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#8  0x00007ffff6dc05bc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

And a callstack from libreoffice:
Thread 1 "soffice.bin" received signal SIGSEGV, Segmentation fault.
0x00007ffff19c4c79 in ?? () from /lib/x86_64-linux-gnu/libfontconfig.so.1
(gdb) bt
#0  0x00007ffff19c4c79 in  () at /lib/x86_64-linux-gnu/libfontconfig.so.1
#1  0x00007ffff19b827c in  () at /lib/x86_64-linux-gnu/libfontconfig.so.1
#2  0x00007ffff19ab429 in FcConfigSubstituteWithPat () at /lib/x86_64-linux-gnu/libfontconfig.so.1
#3  0x00007ffff19bd131 in FcFontRenderPrepare () at /lib/x86_64-linux-gnu/libfontconfig.so.1
#4  0x00007ffff19bd80a in FcFontSetMatch () at /lib/x86_64-linux-gnu/libfontconfig.so.1
#5  0x00007ffff6ac073c in psp::PrintFontManager::getFontOptions(FontAttributes const&, int) () at /usr/lib/libreoffice/program/libmergedlo.so
#6  0x00007ffff6ac10e4 in FreetypeFont::GetFontOptions() const () at /usr/lib/libreoffice/program/libmergedlo.so
#7  0x00007ffff6ac17a9 in CairoTextRender::DrawTextLayout(GenericSalLayout const&, SalGraphics const&) () at /usr/lib/libreoffice/program/libmergedlo.so
#8  0x00007ffff67865c7 in  () at /usr/lib/libreoffice/program/libmergedlo.so
#9  0x00007ffff67b1b35 in OutputDevice::DrawText(Point const&, rtl::OUString const&, int, int, std::vector<tools::Rectangle, std::allocator<tools::Rectangle> >*, rtl::OUString*, SalLayoutGlyphs const*) () at /usr/lib/libreoffice/program/libmergedlo.so
#10 0x00007ffff5c30e44 in  () at /usr/lib/libreoffice/program/libmergedlo.so
#11 0x00007ffff5c31ec7 in FontNameBox::CachePreview(unsigned long, Point*) () at /usr/lib/libreoffice/program/libmergedlo.so
#12 0x00007ffff5c320c7 in  () at /usr/lib/libreoffice/program/libmergedlo.so
#13 0x00007ffff694f843 in Scheduler::CallbackTaskScheduling() () at /usr/lib/libreoffice/program/libmergedlo.so

This issue appears to be related to my customization in fonts.conf. 
Switching to a different user account or disable my customization can temporally workaround this issue.
I attempted to hunt for any offending piece inside my fonts.conf but couldn't find anything conclusion.
During this clue hunting session I even run into a situation that the entire gnome session crashes, repeatedly.
I mean, new gnome session crashes also. Here is a dmesg snippet I grabbed from the gnome session crash:

[46809.303875] evolution-alarm[68584]: segfault at 555600000064 ip 00007f6899e84c79 sp 00007ffe8e3d7660 error 4 in libfontconfig.so.1.12.0[7f6899e64000+29000]
[46809.303882] Code: 00 48 8b 0c 24 83 c0 20 48 89 d7 8d 14 dd 00 00 00 00 c1 eb 03 0f b6 c0 31 d3 31 c3 48 85 c9 75 50 48 8d 57 01 48 89 54 24 08 <0f> b6 07 89 c1 83 e1 c0 80 f9 c0 74 5a 8d 48 bf 80 f9 19 76 c2 84
[46809.324430] remmina[68636]: segfault at 7f7600000064 ip 00007f768b041c79 sp 00007f7675128350 error 4 in libfontconfig.so.1.12.0[7f768b021000+29000]
[46809.324438] Code: 00 48 8b 0c 24 83 c0 20 48 89 d7 8d 14 dd 00 00 00 00 c1 eb 03 0f b6 c0 31 d3 31 c3 48 85 c9 75 50 48 8d 57 01 48 89 54 24 08 <0f> b6 07 89 c1 83 e1 c0 80 f9 c0 74 5a 8d 48 bf 80 f9 19 76 c2 84
[46809.648499] blueman-tray[68672]: segfault at 7fe500000064 ip 00007fe5ec258c79 sp 00007fe5dbffead0 error 4 in libfontconfig.so.1.12.0[7fe5ec238000+29000]
[46809.648505] Code: 00 48 8b 0c 24 83 c0 20 48 89 d7 8d 14 dd 00 00 00 00 c1 eb 03 0f b6 c0 31 d3 31 c3 48 85 c9 75 50 48 8d 57 01 48 89 54 24 08 <0f> b6 07 89 c1 83 e1 c0 80 f9 c0 74 5a 8d 48 bf 80 f9 19 76 c2 84
[46809.978944] gnome-shell[68684]: segfault at 7fe500000064 ip 00007fe5a5664c79 sp 00007fe561535450 error 4 in libfontconfig.so.1.12.0[7fe5a5644000+29000]
[46809.978950] Code: 00 48 8b 0c 24 83 c0 20 48 89 d7 8d 14 dd 00 00 00 00 c1 eb 03 0f b6 c0 31 d3 31 c3 48 85 c9 75 50 48 8d 57 01 48 89 54 24 08 <0f> b6 07 89 c1 83 e1 c0 80 f9 c0 74 5a 8d 48 bf 80 f9 19 76 c2 84
[46811.639881] gnome-shell[68837]: segfault at 7f1d00000064 ip 00007f1e3d7a1c79 sp 00007f1df566f450 error 4 in libfontconfig.so.1.12.0[7f1e3d781000+29000]
[46811.639887] Code: 00 48 8b 0c 24 83 c0 20 48 89 d7 8d 14 dd 00 00 00 00 c1 eb 03 0f b6 c0 31 d3 31 c3 48 85 c9 75 50 48 8d 57 01 48 89 54 24 08 <0f> b6 07 89 c1 83 e1 c0 80 f9 c0 74 5a 8d 48 bf 80 f9 19 76 c2 84
[46811.749263] gnome-session-f[68849]: segfault at 7f2300000064 ip 00007f23e89f3c79 sp 00007f23e4fd47d0 error 4 in libfontconfig.so.1.12.0[7f23e89d3000+29000]
[46811.749268] Code: 00 48 8b 0c 24 83 c0 20 48 89 d7 8d 14 dd 00 00 00 00 c1 eb 03 0f b6 c0 31 d3 31 c3 48 85 c9 75 50 48 8d 57 01 48 89 54 24 08 <0f> b6 07 89 c1 83 e1 c0 80 f9 c0 74 5a 8d 48 bf 80 f9 19 76 c2 84

Maybe I have something bad (or deprecated in new version) in my customized config, but I really hope it can fail more gracefully...

Thanks,
R. G.


-- System Information:
Debian Release: 12.0
  APT prefers stable
  APT policy: (700, 'stable'), (100, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.84.hasim.74 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_CRAP, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fontconfig depends on:
ii  fontconfig-config  2.14.1-4
ii  libc6              2.36-9
ii  libfontconfig1     2.14.1-4
ii  libfreetype6       2.12.1+dfsg-5

fontconfig recommends no packages.

fontconfig suggests no packages.

-- no debconf information

More information about the Pkg-freedesktop-maintainers mailing list