Ubuntu
graphviz package

dot crashed with SIGSEGV in cairo_set_dash()

Bug #503503 reported by René Brandenburger
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
graphviz (Ubuntu)
Invalid
Medium
Unassigned

Bug Description

Binary package hint: graphviz

an out of memory occurred. this should be handled gracefully and not lead to a segmentation fault

ProblemType: Crash
Architecture: i386
Date: Tue Jan 5 20:26:35 2010
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/bin/dot
NonfreeKernelModules: nvidia
Package: graphviz 2.20.2-3ubuntu5
ProcCmdline: dot -Tpng -o ttt.png flse.dot.gv
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, user)
 LANG=de_LU.UTF-8
ProcVersionSignature: Ubuntu 2.6.31-17.54-generic
SegvAnalysis:
 Segfault happened at: 0xb44f83 <cairo_set_dash+19>: mov 0x4(%esi),%ecx
 PC (0x00b44f83) ok
 source "0x4(%esi)" (0x00000004) not located in a known VMA region (needed readable region)!
 destination "%ecx" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: graphviz
StacktraceTop:
 cairo_set_dash () from /usr/lib/libcairo.so.2
 ?? () from /usr/lib/graphviz/libgvplugin_pango.so.5
 ?? () from /usr/lib/graphviz/libgvplugin_pango.so.5
 gvrender_polygon () from /usr/lib/libgvc.so.4
 gvrender_box () from /usr/lib/libgvc.so.4
Title: dot crashed with SIGSEGV in cairo_set_dash()
Uname: Linux 2.6.31-17-generic i686
UserGroups: adm admin cdrom dialout fuse lpadmin netdev plugdev sambashare video

Revision history for this message
René Brandenburger (rene-brandenburger) wrote :
Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt (retraced)

StacktraceTop:cairo_set_dash (cr=0x0, dashes=0x1631a0, num_dashes=0, offset=0)
cairogen_set_penstyle (job=<value optimized out>, cr=0x0)
cairogen_polygon (job=0x90945d0, A=0xbf9f5640, n=4,
gvrender_polygon (job=0x90945d0, af=0xbf9f5640, n=4,
gvrender_box (job=0x90945d0, B=

Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt (retraced)
Changed in graphviz (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Emmet Hikory (persia)
visibility: private → public
Revision history for this message
Emmet Hikory (persia) wrote :

Two issues in graphviz here: firstly when the cr is extracted from a job in plugin/pango/gvrender_pango.c:cairogen_polygon(), it should be checked to ensure that it is valid before being used; secondly, the error state set with _cairo_set_error should be checked after the call to cairo_set_dash() plugin/pango/gvrender_pango.c:cairogen_set_penstyle(). There may also be an issue with cairo (the API docs should be checked), in that when an invalid pointer is passed to cairo.c:cairo_set_dash(), the SIGSEGV should be trapped, and an appropriate error set with _cairo_set_error(), rather than crashing. If this is not an issue in cairo, then graphviz must trap any expected signals as well as checking the error return code.

Changed in graphviz (Ubuntu):
status: New → Confirmed
Revision history for this message
dino99 (9d9) wrote :

This version is outdated and no more supported

Changed in graphviz (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.