[Bug 408] SIGSEGV: JavaThread "Java2D Disposer" crashes JVM
bugzilla-daemon at icedtea.classpath.org
bugzilla-daemon at icedtea.classpath.org
Tue Nov 17 08:51:21 PST 2009
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=408
------- Comment #3 from gbenson at redhat.com 2009-11-17 16:51 -------
I don't know anything about freetype, but I had a quick look and re
openjdk-ecj/jdk/src/share/native/sun/font/freetypeScaler.c:
static void freeNativeResources(JNIEnv *env, FTScalerInfo* scalerInfo) {
if (scalerInfo == NULL)
return;
=> FT_Done_Face(scalerInfo->face);
FT_Done_FreeType(scalerInfo->library);
if (scalerInfo->directBuffer != NULL) {
(*env)->DeleteGlobalRef(env, scalerInfo->directBuffer);
}
if (scalerInfo->fontData != NULL) {
free(scalerInfo->fontData);
}
free(scalerInfo);
}
freetype-2.2.1/src/base/ftobjs.c, from freetype-2.2.1-21.el5_3.src.rpm:
FT_EXPORT_DEF( FT_Error )
FT_Done_Face( FT_Face face )
{
FT_Error error;
FT_Driver driver;
FT_Memory memory;
FT_ListNode node;
error = FT_Err_Invalid_Face_Handle;
if ( face && face->driver )
{
driver = face->driver;
memory = driver->root.memory;
/* find face in driver's list */
node = FT_List_Find( &driver->faces_list, face );
if ( node )
{
/* remove face object from the driver's list */
FT_List_Remove( &driver->faces_list, node );
FT_FREE( node );
/* now destroy the object proper */
=> destroy_face( memory, face, driver );
error = FT_Err_Ok;
}
}
return error;
}
Note that it has checked that face != NULL.
static void
destroy_face( FT_Memory memory,
FT_Face face,
FT_Driver driver )
{
FT_Driver_Class clazz = driver->clazz;
/* discard auto-hinting data */
if ( face->autohint.finalizer )
face->autohint.finalizer( face->autohint.data );
/* Discard glyph slots for this face. */
/* Beware! FT_Done_GlyphSlot() changes the field `face->glyph' */
while ( face->glyph )
FT_Done_GlyphSlot( face->glyph );
/* discard all sizes for this face */
FT_List_Finalize( &face->sizes_list,
(FT_List_Destructor)destroy_size,
memory,
driver );
face->size = 0;
/* now discard client data */
if ( face->generic.finalizer )
face->generic.finalizer( face );
/* discard charmaps */
destroy_charmaps( face, memory );
/* finalize format-specific stuff */
if ( clazz->done_face )
clazz->done_face( face );
/* close the stream for this face if needed */
=> FT_Stream_Free(
face->stream,
( face->face_flags & FT_FACE_FLAG_EXTERNAL_STREAM ) != 0 );
face->stream = 0;
/* get rid of it */
if ( face->internal )
{
FT_FREE( face->internal );
}
FT_FREE( face );
}
...
FT_BASE_DEF( void )
FT_Stream_Free( FT_Stream stream,
FT_Int external )
{
if ( stream )
{
FT_Memory memory = stream->memory;
=> FT_Stream_Close( stream );
if ( !external )
FT_FREE( stream );
}
}
Note that it has checked that stream != NULL.
src/base/ftstream.c:
FT_BASE_DEF( void )
FT_Stream_Close( FT_Stream stream )
{
if ( stream && stream->close )
=> stream->close( stream );
}
The segfault is occurring in whatever function stream->close is referencing.
It could be that stream->close is junk, it could be that stream itself is junk,
or it could be that some other member of stream that stream->close references
is junk. stream->close is pointing somewhere in libfontmanager.so, but I don't
know what rpm that comes from.
--
Configure bugmail: http://icedtea.classpath.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the distro-pkg-dev
mailing list