151039 – Crash when exporting to PDF

Bug 151039 - Crash when exporting to PDF

Summary: Crash when exporting to PDF

Status:	RESOLVED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	Printing and PDF export (show other bugs)
Version: (earliest affected)	7.4.1.2 release
Hardware:	x86-64 (AMD64) Linux (All)

Importance:	medium normal
Assignee:	Mike Kaganski

URL:
Whiteboard:	target:7.5.0 target:7.4.2
Keywords:

Duplicates (1):	151852 (view as bug list)
Depends on:
Blocks:

Reported:	2022-09-18 10:51 UTC by Yves Roggeman
Modified:	2022-11-02 22:10 UTC (History)
CC List:	3 users (show)

See Also:
Crash report or crash signature:

Attachments
Source file (24.00 KB, application/vnd.oasis.opendocument.text) 2022-09-18 10:53 UTC, Yves Roggeman	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yves Roggeman 2022-09-18 10:51:12 UTC

Description:
Writer and unoconv crash when exporting to PDF with new unifont.otf is used.
But when using old unifont.ttf format, it is OK.

Steps to Reproduce:
Console mode: unoconv Unifont_Test.odt 
Or in graphical UI: open doc in Writer and export it to PDF

Actual Results:
Signal 6 crash

Expected Results:
Unifont_Test.pdf file created


Reproducible: Always


User Profile Reset: No



Additional Info:
Log output:
atal exception: Signal 6
Stack:
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x41ad3)[0x7f9ea6ad6ad3]
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x41c94)[0x7f9ea6ad6c94]
/lib/x86_64-linux-gnu/libc.so.6(+0x3bd30)[0x7f9ea1b08d30]
/lib/x86_64-linux-gnu/libc.so.6(pthread_kill+0x11b)[0x7f9ea1b5f14b]
/lib/x86_64-linux-gnu/libc.so.6(gsignal+0x16)[0x7f9ea1b08c86]
/lib/x86_64-linux-gnu/libc.so.6(abort+0xd7)[0x7f9ea1aef7fc]
/usr/lib/libreoffice/program/libmergedlo.so(+0x117c130)[0x7f9ea2e79130]
/usr/lib/libreoffice/program/libmergedlo.so(+0x2376df6)[0x7f9ea4073df6]
/usr/lib/libreoffice/program/libmergedlo.so(+0x353e4c7)[0x7f9ea523b4c7]
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x19852)[0x7f9ea6aae852]
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x41bd7)[0x7f9ea6ad6bd7]
/lib/x86_64-linux-gnu/libc.so.6(+0x3bd30)[0x7f9ea1b08d30]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN14FontSubsetInfo23CreateFontSubsetFromCffEPi+0x1149)[0x7f9ea52ecd89]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN3psp16PrintFontManager16createFontSubsetER14FontSubsetInfoiRKN3rtl8OUStringEPKtPKhPii+0x36d)[0x7f9ea53cb4fd]
/usr/lib/libreoffice/program/libmergedlo.so(+0x341b53d)[0x7f9ea511853d]
/usr/lib/libreoffice/program/libmergedlo.so(+0x341ceac)[0x7f9ea5119eac]
/usr/lib/libreoffice/program/libmergedlo.so(+0x3421be6)[0x7f9ea511ebe6]
/usr/lib/libreoffice/program/libmergedlo.so(+0x3429998)[0x7f9ea5126998]
/usr/lib/libreoffice/program/libpdffilterlo.so(+0x2d8ea)[0x7f9e7fbbb8ea]
/usr/lib/libreoffice/program/libpdffilterlo.so(+0x33176)[0x7f9e7fbc1176]
/usr/lib/libreoffice/program/libpdffilterlo.so(+0x3475e)[0x7f9e7fbc275e]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN14SfxObjectShell8ExportToER9SfxMedium+0x8ea)[0x7f9ea3f5e5da]
/usr/lib/libreoffice/program/libmergedlo.so(+0x2269d0f)[0x7f9ea3f66d0f]
/usr/lib/libreoffice/program/libmergedlo.so(+0x226b8e9)[0x7f9ea3f688e9]
/usr/lib/libreoffice/program/libmergedlo.so(+0x226ccc8)[0x7f9ea3f69cc8]
/usr/lib/libreoffice/program/libmergedlo.so(+0x224d0e2)[0x7f9ea3f4a0e2]
/usr/lib/libreoffice/program/libmergedlo.so(+0x229c55e)[0x7f9ea3f9955e]
/usr/lib/libreoffice/program/libmergedlo.so(_ZN12SfxBaseModel10storeToURLERKN3rtl8OUStringERKN3com3sun4star3uno8SequenceINS6_5beans13PropertyValueEEE+0x25d)[0x7f9ea3f9b18d]
/usr/lib/libreoffice/program/libgcc3_uno.so(+0x9a4a)[0x7f9ea1ceca4a]
/usr/lib/libreoffice/program/libgcc3_uno.so(+0x8b76)[0x7f9ea1cebb76]
/usr/lib/libreoffice/program/libgcc3_uno.so(+0x92c6)[0x7f9ea1cec2c6]
/usr/lib/libreoffice/program/libbinaryurplo.so(+0x1801a)[0x7f9e9b83301a]
/usr/lib/libreoffice/program/libbinaryurplo.so(+0x187fb)[0x7f9e9b8337fb]
/usr/lib/libreoffice/program/libbinaryurplo.so(+0x1c7a3)[0x7f9e9b8377a3]
/usr/lib/libreoffice/program/libuno_cppu.so.3(+0x8407)[0x7f9e9fbd4407]
/usr/lib/libreoffice/program/libuno_cppu.so.3(+0x8ba0)[0x7f9e9fbd4ba0]
/usr/lib/libreoffice/program/libuno_cppu.so.3(+0x98a4)[0x7f9e9fbd58a4]
/usr/lib/libreoffice/program/libuno_sal.so.3(+0x447a8)[0x7f9ea6ad97a8]
/lib/x86_64-linux-gnu/libc.so.6(+0x902e2)[0x7f9ea1b5d2e2]
/lib/x86_64-linux-gnu/libc.so.6(+0x11f240)[0x7f9ea1bec240]
unoconv: RuntimeException during export phase:
Office probably died. Binary URP bridge disposed during call at ./binaryurp/source/bridge.cxx:615
Traceback (most recent call last):
  File "/usr/bin/unoconv", line 1285, in <module>
    die(exitcode)
  File "/usr/bin/unoconv", line 1138, in die
    if convertor.desktop.getCurrentFrame():
uno.com.sun.star.lang.DisposedException: Binary URP bridge already disposed at ./binaryurp/source/bridge.cxx:1048

Comment 1 Yves Roggeman 2022-09-18 10:53:31 UTC

Created attachment 182530 [details]
Source file

Comment 2 Mike Kaganski 2022-09-18 11:34:55 UTC

Repro.

Call stack on master:

> vcllo.dll!`anonymous namespace'::CffSubsetterContext::emitAsType1(`anonymous-namespace'::Type1Emitter & rEmitter, const unsigned int * pReqGlyphIds, const unsigned char * pReqEncoding, int nGlyphCount, FontSubsetInfo & rFSInfo) Line 2052	C++
> vcllo.dll!FontSubsetInfo::CreateFontSubsetFromCff() Line 2081	C++
> vcllo.dll!FontSubsetInfo::CreateFontSubset(FontType nReqFontTypeMask, _iobuf * pOutFile, const char * pReqFontName, const unsigned int * pReqGlyphIds, const unsigned char * pReqEncodedIds, int nReqGlyphCount) Line 94	C++
> vcllo.dll!vcl::CreateCFFfontSubset(const unsigned char * pFontBytes, int nByteLength, const rtl::OString & rSysPath, const unsigned int * pGlyphIds, const unsigned char * pEncoding, int nGlyphCount, FontSubsetInfo & rInfo) Line 1923	C++
> vcllo.dll!vcl::font::PhysicalFontFace::CreateFontSubset(const rtl::OUString & rToFile, const unsigned int * pGlyphIds, const unsigned char * pEncoding, const int nGlyphCount, FontSubsetInfo & rInfo) Line 301	C++
> vcllo.dll!vcl::PDFWriterImpl::emitFonts() Line 2686	C++
> vcllo.dll!vcl::PDFWriterImpl::emitResources() Line 2918	C++
> vcllo.dll!vcl::PDFWriterImpl::emitCatalog() Line 4597	C++
> vcllo.dll!vcl::PDFWriterImpl::emit() Line 5737	C++
> vcllo.dll!vcl::PDFWriter::Emit() Line 54	C++
> pdffilterlo.dll!PDFExport::Export(const rtl::OUString & rFile, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> & rFilterData) Line 1012	C++
> pdffilterlo.dll!PDFFilter::implExport(const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> & rDescriptor) Line 185	C++
> pdffilterlo.dll!PDFFilter::filter(const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> & rDescriptor) Line 248	C++
> sfxlo.dll!SfxObjectShell::ExportTo(SfxMedium & rMedium) Line 2492	C++
> sfxlo.dll!SfxObjectShell::SaveTo_Impl(SfxMedium & rMedium, const SfxItemSet * pSet) Line 1560	C++
> sfxlo.dll!SfxObjectShell::PreDoSaveAs_Impl(const rtl::OUString & rFileName, const rtl::OUString & aFilterName, const SfxItemSet & rItemSet, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> & rArgs) Line 2979	C++
> sfxlo.dll!SfxObjectShell::CommonSaveAs_Impl(const INetURLObject & aURL, const rtl::OUString & aFilterName, SfxItemSet & rItemSet, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> & rArgs) Line 2769	C++
> sfxlo.dll!SfxObjectShell::APISaveAs_Impl(std::basic_string_view<char16_t,std::char_traits<char16_t>> aFileName, SfxItemSet & rItemSet, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> & rArgs) Line 318	C++
> sfxlo.dll!SfxBaseModel::impl_store(const rtl::OUString & sURL, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> & seqArguments, bool bSaveTo) Line 3146	C++
> sfxlo.dll!SfxBaseModel::storeToURL(const rtl::OUString & rURL, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> & rArgs) Line 1782	C++
> ...

Khaled: do you have an idea how to handle this?

Comment 3 ⁨خالد حسني⁩ 2022-09-18 11:51:31 UTC

My local build is unusable right now, but from the traceback it seems to be this line https://git.libreoffice.org/core/+/refs/heads/master/vcl/source/fontsubset/cff.cxx#2052, so may be something wen wrong around maFontBBox.

I checked the PDF file and the CFF table has an all 0’s bbox, so may be that is what is tripping this code.

Comment 4 Mike Kaganski 2022-09-18 12:19:11 UTC

(In reply to خالد حسني from comment #3)

Yes, and maFontBBox is empty, with the code above (line 475) never executed when preparing. My question is rather what would be the correct way to calculate the bounding box when it's absent in the font - should it be generated from the exported subset, and how?

For now, I'm going to use the same approach that was used in line 1835 - i.e., use a default set when the size of the matrix is not 4.

Comment 5 ⁨خالد حسني⁩ 2022-09-18 12:25:33 UTC

(In reply to Mike Kaganski from comment #4)
> (In reply to خالد حسني from comment #3)
> 
> Yes, and maFontBBox is empty, with the code above (line 475) never executed
> when preparing. My question is rather what would be the correct way to
> calculate the bounding box when it's absent in the font - should it be
> generated from the exported subset, and how?
> 
> For now, I'm going to use the same approach that was used in line 1835 -
> i.e., use a default set when the size of the matrix is not 4.

I’d do the simple thing and output an all 0's one, garbage in, garbage out.

A slightly better fix is to use the equivalent font extents from head table, but this particular code has access to the CFF table only and not the rest of the font tables, so that is not easy to pull (CFF table was shoehorned to OpenType, it is a standalone font format and duplicate some data available elsewhere in OpenType and the code here is written on the assumption accessing CFF table is enough, which is generally true).

Calculating extents from the glyphs is slow, so I wouldn’t do this.

The issue should be reported to the font developers as well.

Comment 6 Mike Kaganski 2022-09-18 14:51:45 UTC

https://gerrit.libreoffice.org/c/core/+/140121

Comment 7 Commit Notification 2022-09-18 16:05:58 UTC

Mike Kaganski committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/1f985cb4779b581a77d419605ceb084707d408b8

tdf#151039: use the same defaults also for FontSubsetInfo::m_aFontBBox

It will be available in 7.5.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 8 Yves Roggeman 2022-09-19 12:49:28 UTC

Thank you for your prompt reaction and correction.
I have test it with daily build of 7.5.0 and it works.

May I recall bug 138325, not yet addressed.
It seems to be a similar bad analysis or use of OTF tables when there are not duplicated in old TTF ones.
Thanks.

Comment 9 Commit Notification 2022-09-19 19:19:00 UTC

Mike Kaganski committed a patch related to this issue.
It has been pushed to "libreoffice-7-4":

https://git.libreoffice.org/core/commit/3890b65ffa04c2cb9b4956ac65409d64b5c7f11c

tdf#151039: use the same defaults also for FontSubsetInfo::m_aFontBBox

It will be available in 7.4.2.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 10 ⁨خالد حسني⁩ 2022-11-02 22:10:41 UTC

*** Bug 151852 has been marked as a duplicate of this bug. ***