Ubuntu
libcairo package

evince crash: _cairo_pen_find_active_cw_vertex_index: Assertion `i < pen->num_vertices' failed

Bug #124547 reported by Tormod Volden
4
Affects Status Importance Assigned to Milestone
libcairo
Fix Released
Critical
libcairo (Ubuntu)
Fix Released
High
Unassigned

Bug Description

The crash can be reproduced with the file http://www.linux-usb-daq.co.uk/dev2/usbdux_diagram.pdf

See original description
Revision history for this message
In , mjc (mjc-avtechpulse) wrote :

Created an attachment (id=9555)
SVG file that causes the crash

Revision history for this message
In , Christian Kirbach (christian-kirbach-e) wrote :
Download full text (5.5 KiB)

see also http://bugzilla.gnome.org/show_bug.cgi?id=452601#stacktrace

nautilus: cairo-pen.c:323: _cairo_pen_find_active_cw_vertex_index: Assertion `i
< pen->num_vertices' failed.

could this be a bug in librsvg?

#7 0x4732338b in *__GI___assert_fail (
    assertion=0x47ecc070 "i < pen->num_vertices",
    file=0x47ecc064 "cairo-pen.c", line=323,
    function=0x47ecc0a0 "_cairo_pen_find_active_cw_vertex_index")
    at assert.c:78
        buf = 0x93b6ec0 "ØØè?<<<<<<ì?"
        errstr = "Unexpected error.\n"
#8 0x47e8716f in _cairo_pen_find_active_cw_vertex_index (pen=0xb5dfd834,
    slope=0xb5dfd760, active=0xb5dfd768) at cairo-pen.c:323
        i = 4
        __PRETTY_FUNCTION__ = "_cairo_pen_find_active_cw_vertex_index"
#9 0x47e859f4 in _cairo_stroker_add_cap (stroker=0xb5dfd81c, f=0xb5dfd790)
    at cairo-path-stroke.c:385
        i = <value optimized out>
        stop = <value optimized out>
        slope = {dx = 37079, dy = -37273}
        tri = {{x = 5311777, y = 2414207}, {x = 37079, y = 37274}, {
    x = -88568302, y = 1072078999}}
        pen = (cairo_pen_t *) 0xb5dfd834
        start = <value optimized out>
        status = <value optimized out>
#10 0x47e85c65 in _cairo_stroker_add_leading_cap (stroker=0x0,
    face=<value optimized out>) at cairo-path-stroke.c:456
        reversed = {ccw = {x = 5348856, y = 2376934}, point = {x = 5348856,
    y = 2376934}, cw = {x = 5348856, y = 2376934}, dev_vector = {dx = 37079,
    dy = -37273}, usr_vector = {x = 0.70711320477456541,
    y = -0.70710035754017508}}
#11 0x47e85c95 in _cairo_stroker_add_caps (stroker=0xb5dfd81c)
    at cairo-path-stroke.c:488
        status = <value optimized out>
#12 0x47e85f1a in _cairo_path_fixed_stroke_to_traps (path=0x91986c8,
    stroke_style=0x93b6990, ctm=0x93b6a2c, ctm_inverse=0x93b6a5c,
    tolerance=0.10000000000000001, traps=0xb5dfd914)
    at cairo-path-stroke.c:1005
        status = CAIRO_STATUS_SUCCESS
        stroker = {style = 0x93b6990, ctm = 0x93b6a2c,
  ctm_inverse = 0x93b6a5c, tolerance = 0.10000000000000001,
  traps = 0xb5dfd914, pen = {radius = -0, tolerance = 0.10000000000000001,
    vertices = 0x93b5bd8, num_vertices = 4}, current_point = {x = 5348856,
    y = 2451481}, first_point = {x = 5348856, y = 2376934}, has_sub_path = 1,
  has_current_face = 1, current_face = {ccw = {x = 5348856, y = 2451481},
    point = {x = 5348856, y = 2451481}, cw = {x = 5348856, y = 2451481},
    dev_vector = {dx = 37079, dy = 37274}, usr_vector = {
      x = 0.70710371941499006, y = 0.70710984294484758}}, has_first_face = 1,
  first_face = {ccw = {x = 5348856, y = 2376934}, point = {x = 5348856,
      y = 2376934}, cw = {x = 5348856, y = 2376934}, dev_vector = {
      dx = -37079, dy = 37273}, usr_vector = {x = -0.70711320477456541,
      y = 0.70710035754017508}}, dashed = 0, dash_index = 3226480967,
  dash_on = 1195614196, dash_remain = 7.9165322551249684e-265}
#13 0x47e7fdb7 in _cairo_gstate_stroke_extents (gstate=0x93b6980,
    path=0x91986c8, x1=0xb5dfda08, y1=0xb5dfda10, x2=0xb5dfda18,
    y2=0xb5dfda20) at cairo-gstate.c:1056
        status = 3051346236
        traps = {traps = 0x93b8000, num_traps = 2, traps_size = 32,
  extents...

Read more...

Revision history for this message
Tormod Volden (tormodvolden) wrote :

The crash can be reproduced with the file http://www.linux-usb-daq.co.uk/dev2/usbdux_diagram.pdf

Revision history for this message
Tormod Volden (tormodvolden) wrote :
Bug Watch Updater (bug-watch-updater)
Changed in libcairo:
status: Unknown → Confirmed
Revision history for this message
Matti Lindell (mlind) wrote :

I can confirm this on gutsy, libcairo 1.4.10-1ubuntu3. There's a related post in cairo mailinglists: http://lists.cairographics.org/archives/cairo/2007-August/011283.html. The fix didn't seem to work for me, and I couldn't find related commits from their master git either.

Changed in libcairo:
importance: Undecided → High
status: New → Confirmed
Revision history for this message
In , Chris Wilson (ickle) wrote :

*** Bug 11493 has been marked as a duplicate of this bug. ***

Revision history for this message
In , Chris Wilson (ickle) wrote :

This was fixed by Carl Worth in commit 448c9314252bba779194d2b01950b8738b26fd13.

Revision history for this message
Tormod Volden (tormodvolden) wrote :

Possibly fixed upstream now: http://lists.cairographics.org/archives/cairo-commit/2007-October/008521.html

Revision history for this message
Tormod Volden (tormodvolden) wrote :

The above commit is included in 1.4.12 AFAICS.

Bug Watch Updater (bug-watch-updater)
Changed in libcairo:
status: Unknown → Fix Released
Revision history for this message
Sebastien Bacher (seb128) wrote :

That is fixed in the hardy version, closing. Feel free to reopen if you still get the issue though

Changed in libcairo:
status: Confirmed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in libcairo:
importance: Unknown → Critical
Bug Watch Updater (bug-watch-updater)
Changed in libcairo:
importance: Critical → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in libcairo:
importance: Unknown → Critical
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.