evince crashed with SIGSEGV
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cairo |
Fix Released
|
Critical
|
|||
cairo (Debian) |
Fix Released
|
Unknown
|
|||
cairo (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
While browsing http://
ProblemType: Crash
DistroRelease: Ubuntu 14.10
Package: evince 3.14.1-0ubuntu1
ProcVersionSign
Uname: Linux 3.16.0-29-generic x86_64
ApportVersion: 2.14.7-0ubuntu8
Architecture: amd64
CrashCounter: 1
CurrentDesktop: Unity
Date: Sun Dec 21 20:35:56 2014
ExecutablePath: /usr/bin/evince
ExecutableTimes
InstallationDate: Installed on 2014-12-09 (11 days ago)
InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1)
KernLog:
ProcCmdline: evince /tmp/eurail_
ProcCwd: /home/mathieu
ProcEnviron:
XDG_RUNTIME_
SHELL=/bin/bash
LANGUAGE=fr_FR
PATH=(custom, no user)
LANG=fr_FR.UTF-8
SegvAnalysis:
Segfault happened at: 0x7f679b821fd5: cmpq $0x0,0x30(%r13)
PC (0x7f679b821fd5) ok
source "$0x0" ok
destination "0x30(%r13)" (0x00000030) not located in a known VMA region (needed writable region)!
Stack memory exhausted (SP below stack segment)
SegvReason: writing NULL VMA
Signal: 11
SourcePackage: evince
StacktraceTop:
?? () from /usr/lib/
?? () from /usr/lib/
?? () from /usr/lib/
?? () from /usr/lib/
?? () from /usr/lib/
Title: evince crashed with SIGSEGV
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
tags: | added: trusty |
Changed in cairo (Debian): | |
status: | Unknown → New |
Changed in cairo: | |
importance: | Unknown → Critical |
status: | Unknown → Confirmed |
tags: | added: vivid |
Changed in cairo: | |
status: | Confirmed → Fix Released |
Changed in cairo (Ubuntu): | |
status: | Triaged → Fix Committed |
Changed in cairo (Debian): | |
status: | New → Confirmed |
Changed in cairo (Debian): | |
status: | Confirmed → Fix Released |
Created attachment 93749
Code to reproduce the crash
When a sufficiently complex path, consisting of multiple subpaths, is used both for clip and for stroke, cairo sometimes crashes in a segmentation fault. The crash seems to happen in the function active_edges, where in the innermost do...while loop the "right" variable for some reason gets a NULL value:
Program received signal SIGSEGV, Segmentation fault. 0x7fffffffd440, top=32768, left=0x6b9a80) at /build/ buildd/ cairo-1. 12.16/src/ cairo-polygon- intersect. c:1235 buildd/ cairo-1. 12.16/src/ cairo-polygon- intersect. c: No such file or directory. 0x7fffffffd440, top=32768, left=0x6b9a80) at /build/ buildd/ cairo-1. 12.16/src/ cairo-polygon- intersect. c:1235 0x7fffffffd440, num_events= <optimized out>, start_events= <optimized out>) buildd/ cairo-1. 12.16/src/ cairo-polygon- intersect. c:1271 polygon_ intersect (a=a@entry= 0x7fffffffd440, winding_ a=winding_ a@entry= 0, b=b@entry= 0x7fffffffcff0, winding_ b=<optimized out>) buildd/ cairo-1. 12.16/src/ cairo-polygon- intersect. c:1466 composite_ polygon (compositor= compositor@ entry=0x7ffff7d d8000 <spans.11982>, extents= extents@ entry=0x7ffffff fd880, polygon@ entry=0x7ffffff fd440, fill_rule= CAIRO_FILL_ RULE_WINDING, antialias= antialias@ entry=CAIRO_ ANTIALIAS_ DEFAULT) buildd/ cairo-1. 12.16/src/ cairo-spans- compositor. c:937 spans_composito r_stroke (_compositor= 0x7ffff7dd8000 <spans.11982>, extents= 0x7fffffffd880, path=<optimized out>, style=0x7ffffff fdc70, 0x604ca0, tolerance= 0,1000000000000 0001, antialias= CAIRO_ANTIALIAS _DEFAULT) buildd/ cairo-1. 12.16/src/ cairo-spans- compositor. c:1074 compositor_ stroke (compositor= 0x7ffff7dd8000 <spans.11982>, surface=0x6049c0, op=CAIRO_ OPERATOR_ OVER, source= 0x7fffffffdca0, fdc70, ctm=0x604c70, ctm_inverse= ctm_inverse@ entry=0x604ca0, tolerance= 0,1000000000000 0001, antialias@ entry=CAIRO_ ANTIALIAS_ DEFAULT, clip=clip@ entry=0x6089f0) at /build/ buildd/ cairo-1. 12.16/src/ cairo-composito r.c:157 image_surface_ stroke (abstract_ surface= <optimized out>, op=<optimized out>, source=<optimized out>, path=<optimized out>, <optimized out>, ctm=<optimized out>, ctm_inverse= 0x604ca0, tolerance= <optimized out>, antialias= CAIRO_ANTIALIAS _DEFAULT, clip=0x6089f0) buildd/ cairo-1. 12.16/src/ cairo-image- surface. c:961 surface_ stroke (surface=0x6049c0, op=CAIRO_ OPERATOR_ OVER, source= 0x7fffffffdca0, path=0x604eb8, stroke_ style=0x7ffffff fdc70, 0x604ca0, tolerance= 0,1000000000000 0001, antialias= CAIRO_ANTIALIAS _DEFAULT, clip=0x6089f0) buildd/ cairo-1. 12.16/src/ cairo-surface. c:2210 gstate_ stroke (gstate=0x604b80, path=path@ entry=0x604eb8) at /build/ buildd/ cairo-1. 12.16/src/ cairo-gstate. c:1185 default_ context_ stroke (abstract_cr=...
active_edges (polygon=
1235 /build/
(gdb) where
#0 active_edges (polygon=
#1 intersection_sweep (polygon=
at /build/
#2 _cairo_
at /build/
#3 0x00007ffff7b3812a in clip_and_
polygon=
at /build/
#4 0x00007ffff7b38c77 in _cairo_
ctm=0x604c70, ctm_inverse=
at /build/
#5 0x00007ffff7af7974 in _cairo_
path=0x604eb8, style=0x7ffffff
antialias=
#6 0x00007ffff7b07953 in _cairo_
style=
at /build/
#7 0x00007ffff7b3bd42 in _cairo_
ctm=0x604c70, ctm_inverse=
at /build/
#8 0x00007ffff7aff05f in _cairo_
#9 0x00007ffff7af9079 in _cairo_