Ubuntu
librsvg package

eog crashed with SIGSEGV in rsvg_filter_primitive_image_render_in()

Bug #812426 reported by smpahlman on 2011-07-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	librsvg (Ubuntu)	Incomplete	Medium	Unassigned

Bug Description

evince crashes with the following backtrace and glibc error when opening the attached svg.

(gdb) r koo.svg
Starting program: /usr/bin/eog koo.svg
[Thread debugging using libthread_db enabled]
[New Thread 0xb7ddcb70 (LWP 14739)]
[New Thread 0xb75dbb70 (LWP 14740)]
[New Thread 0xb6ddab70 (LWP 14741)]
*** glibc detected *** /usr/bin/eog: munmap_chunk(): invalid pointer: 0x082bc130 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x6b961)[0x1076961]
/lib/i386-linux-gnu/libc.so.6(+0x6c10e)[0x107710e]
/lib/i386-linux-gnu/libglib-2.0.so.0(g_free+0x36)[0xd02c86]
/lib/i386-linux-gnu/libglib-2.0.so.0(g_string_free+0x5c)[0xd1fb5c]
/usr/lib/librsvg-2.so.2(+0xcd47)[0xa4dd47]
/usr/lib/librsvg-2.so.2(+0x82de)[0xa492de]
/usr/lib/librsvg-2.so.2(+0x2b178)[0xa6c178]
/usr/lib/i386-linux-gnu/libgobject-2.0.so.0(g_object_unref+0x103)[0xc788c3]
/usr/lib/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so(+0xa24)[0x190ba24]
/usr/lib/libgdk_pixbuf-2.0.so.0(gdk_pixbuf_loader_close+0xc9)[0xb804f9]
/usr/bin/eog(eog_image_load+0x9e2)[0x807c652]
/usr/bin/eog[0x80891a0]
/usr/bin/eog(eog_job_run+0x84)[0x808a384]
/usr/bin/eog[0x8087e27]
/lib/i386-linux-gnu/libglib-2.0.so.0(+0x6a2df)[0xd252df]
/lib/i386-linux-gnu/libpthread.so.0(+0x5e99)[0xa2de99]
/lib/i386-linux-gnu/libc.so.6(clone+0x5e)[0x10db73e]
======= Memory map: ========
00110000-0012c000 r-xp 00000000 08:01 1966800 /lib/i386-linux-gnu/ld-2.13.so
0012c000-0012d000 r--p 0001b000 08:01 1966800 /lib/i386-linux-gnu/ld-2.13.so
0012d000-0012e000 rw-p 0001c000 08:01 1966800 /lib/i386-linux-gnu/ld-2.13.so
0012e000-0012f000 r-xp 00000000 00:00 0 [vdso]
0012f000-00367000 r-xp 00000000 08:01 1838913 /usr/lib/libpython2.7.so.1.0
00367000-00368000 ---p 00238000 08:01 1838913 /usr/lib/libpython2.7.so.1.0
00368000-00369000 r--p 00238000 08:01 1838913 /usr/lib/libpython2.7.so.1.0
00369000-003be000 rw-p 00239000 08:01 1838913 /usr/lib/libpython2.7.so.1.0
003be000-003ca000 rw-p 00000000 00:00 0
003ca000-003ee000 r-xp 00000000 08:01 1837260 /usr/lib/libgnome-desktop-2.so.17.1.5
003ee000-003ef000 r--p 00023000 08:01 1837260 /usr/lib/libgnome-desktop-2.so.17.1.5
003ef000-003f0000 rw-p 00024000 08:01 1837260 /usr/lib/libgnome-desktop-2.so.17.1.5
003f0000-003f3000 r-xp 00000000 08:01 1839269 /usr/lib/liblaunchpad-integration.so.1.0.0
003f3000-003f4000 r--p 00002000 08:01 1839269 /usr/lib/liblaunchpad-integration.so.1.0.0
003f4000-003f5000 rw-p 00003000 08:01 1839269 /usr/lib/liblaunchpad-integration.so.1.0.0
003f5000-00423000 r-xp 00000000 08:01 1837722 /usr/lib/libgconf-2.so.4.1.5
00423000-00424000 ---p 0002e000 08:01 1837722 /usr/lib/libgconf-2.so.4.1.5
00424000-00425000 r--p 0002e000 08:01 1837722 /usr/lib/libgconf-2.so.4.1.5
00425000-00427000 rw-p 0002f000 08:01 1837722 /usr/lib/libgconf-2.so.4.1.5
00427000-007f8000 r-xp 00000000 08:01 1838008 /usr/lib/libgtk-x11-2.0.so.0.2400.4
007f8000-007fc000 r--p 003d0000 08:01 1838008 /usr/lib/libgtk-x11-2.0.so.0.2400.4
007fc000-007fe000 rw-p 003d4000 08:01 1838008 /usr/lib/libgtk-x11-2.0.so.0.2400.4
007fe000-00800000 rw-p 00000000 00:00 0
00800000-00895000 r-xp 00000000 08:01 1838026 /usr/lib/libgdk-x11-2.0.so.0.2400.4
00895000-00896000 ---p 00095000 08:01 1838026 /usr/lib/libgdk-x11-2.0.so.0.2400.4
00896000-00898000 r--p 00095000 08:01 1838026 /usr/lib/libgdk-x11-2.0.so.0.2400.4
00898000-00899000 rw-p 00097000 08:01 1838026 /usr/lib/libgdk-x11-2.0.so.0.2400.4
00899000-008b2000 r-xp 00000000 08:01 1836303 /usr/lib/i386-linux-gnu/libatk-1.0.so.0.9.1
008b2000-008b3000 ---p 00019000 08:01 1836303 /usr/lib/i386-linux-gnu/libatk-1.0.so.0.9.1
008b3000-008b4000 r--p 00019000 08:01 1836303 /usr/lib/i386-linux-gnu/libatk-1.0.so.0.9.1
008b4000-008b5000 rw-p 0001a000 08:01 1836303 /usr/lib/i386-linux-gnu/libatk-1.0.so.0.9.1
008b5000-008de000 r-xp 00000000 08:01 1835487 /usr/lib/libexif.so.12.3.2
008de000-008ea000 r--p 00029000 08:01 1835487 /usr/lib/libexif.so.12.3.2
008ea000-008eb000 rw-p 00035000 08:01 1835487 /usr/lib/libexif.so.12.3.2
008eb000-00918000 r-xp 00000000 08:01 1839273 /usr/lib/liblcms.so.1.0.18
00918000-00919000 r--p 0002c000 08:01 1839273 /usr/lib/liblcms.so.1.0.18
00919000-0091a000 rw-p 0002d000 08:01 1839273 /usr/lib/liblcms.so.1.0.18
0091a000-0091c000 rw-p 00000000 00:00 0
0091c000-00a01000 r-xp 00000000 08:01 1838936 /usr/lib/libexempi.so.3.2.1
00a01000-00a02000 ---p 000e5000 08:01 1838936 /usr/lib/libexempi.so.3.2.1
00a02000-00a05000 r--p 000e5000 08:01 1838936 /usr/lib/libexempi.so.3.2.1
00a05000-00a07000 rw-p 000e8000 08:01 1838936 /usr/lib/libexempi.so.3.2.1
00a07000-00a26000 r-xp 00000000 08:01 1838873 /usr/lib/libdbus-glib-1.so.2.1.0
00a26000-00a27000 r--p 0001e000 08:01 1838873 /usr/lib/libdbus-glib-1.so.2.1.0
00a27000-00a28000 rw-p 0001f000 08:01 1838873 /usr/lib/libdbus-glib-1.so.2.1.0
00a28000-00a3d000 r-xp 00000000 08:01 1966794 /lib/i386-linux-gnu/libpthread-2.13.so
00a3d000-00a3e000 r--p 00015000 08:01 1966794 /lib/i386-linux-gnu/libpthread-2.13.so
00a3e000-00a3f000 rw-p 00016000 08:01 1966794 /lib/i386-linux-gnu/libpthread-2.13.so
00a3f000-00a41000 rw-p 00000000 00:00 0
00a41000-00a70000 r-xp 00000000 08:01 1835465 /usr/lib/librsvg-2.so.2.32.1
00a70000-00a71000 r--p 0002e000 08:01 1835465 /usr/lib/librsvg-2.so.2.32.1
00a71000-00a72000 rw-p 0002f000 08:01 1835465 /usr/lib/librsvg-2.so.2.32.1
00a72000-00b70000 r-xp 00000000 08:01 1836068 /usr/lib/i386-linux-gnu/libgio-2.0.so.0.2800.6
00b70000-00b71000 ---p 000fe000 08:01 1836068 /usr/lib/i386-linux-gnu/libgio-2.0.so.0.2800.6
00b71000-00b73000 r--p 000fe000 08:01 1836068 /usr/lib/i386-linux-gnu/libgio-2.0.so.0.2800.6
00b73000-00b74000 rw-p 00100000 08:01 1836068 /usr/lib/i386-linux-gnu/libgio-2.0.so.0.2800.6
00b74000-00b75000 rw-p 00000000 00:00 0
00b75000-00b90000 r-xp 00000000 08:01 1837998 /usr/lib/libgdk_pixbuf-2.0.so.0.2300.3
00b90000-00b91000 r--p 0001a000 08:01 1837998 /usr/lib/libgdk_pixbuf-2.0.so.0.2300.3
00b91000-00b92000 rw-p 0001b000 08:01 1837998 /usr/lib/libgdk_pixbuf-2.0.so.0.2300.3
00b92000-00bb6000 r-xp 00000000 08:01 1966799 /lib/i386-linux-gnu/libm-2.13.so
00bb6000-00bb7000 r--p 00023000 08:01 1966799 /lib/i386-linux-gnu/libm-2.13.so
00bb7000-00bb8000 rw-p 00024000 08:01 1966799 /lib/i386-linux-gnu/libm-2.13.so
00bb8000-00c66000 r-xp 00000000 08:01 1836706 /usr/lib/libcairo.so.2.11000.2
00c66000-00c67000 ---p 000ae000 08:01 1836706 /usr/lib/libcairo.so.2.11000.2
00c67000-00c68000 r--p 000ae000 08:01 1836706 /usr/lib/libcairo.so.2.11000.2
00c68000-00c69000 rw-p 000af000 08:01 1836706 /usr/lib/libcairo.so.2.11000.2
00c69000-00c6b000 rw-p 00000000 00:00 0
00c6b000-00cb0000 r-xp 00000000 08:01 1835674 /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.2800.6
00cb0000-00cb1000 r--p 00044000 08:01 1835674 /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.2800.6
00cb1000-00cb2000 rw-p 00045000 08:01 1835674 /usr/lib/i386-linux-gnu/libgobject-2.0.so.0.2800.6
00cb2000-00cb4000 r-xp 00000000 08:01 1835698 /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.2800.6
00cb4000-00cb5000 r--p 00002000 08:01 1835698 /usr/lib/i386-linux-gnu/libgmodule-2.0.so.0.2800.6
Program received signal SIGABRT, Aborted.
[Switching to Thread 0xb75dbb70 (LWP 14740)]
0x0012e416 in __kernel_vsyscall ()
(gdb) bt
#0 0x0012e416 in __kernel_vsyscall ()
#1 0x01035e71 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2 0x0103934e in abort () at abort.c:92
#3 0x0106c577 in __libc_message (do_abort=2,
    fmt=0x11458ac "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#4 0x01076961 in malloc_printerr (action=<value optimized out>,
    str=<value optimized out>, ptr=0x82bc130) at malloc.c:6283
#5 0x0107710e in munmap_chunk (p=0x82bc128) at malloc.c:3540
#6 0x00d02c86 in g_free () from /lib/i386-linux-gnu/libglib-2.0.so.0
#7 0x00d1fb5c in g_string_free () from /lib/i386-linux-gnu/libglib-2.0.so.0
#8 0x00a4dd47 in rsvg_filter_primitive_image_free (self=0x8251b80)
    at rsvg-filter.c:3472
#9 0x00a492de in rsvg_defs_free (defs=0x8260e18) at rsvg-defs.c:168
#10 0x00a6c178 in instance_dispose (instance=0x8234400) at rsvg-gobject.c:122
#11 0x00c788c3 in g_object_unref ()
   from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#12 0x0190ba24 in gdk_pixbuf__svg_image_stop_load (data=0x8227bb8,
    error=0xb75db02c) at io-svg.c:165
#13 0x00b804f9 in gdk_pixbuf_loader_close ()
   from /usr/lib/libgdk_pixbuf-2.0.so.0
#14 0x0807c652 in eog_image_load ()
#15 0x080891a0 in ?? ()

ProblemType: Crash
DistroRelease: Ubuntu 11.04
Package: eog 2.32.1-0ubuntu2
ProcVersionSignature: Ubuntu 2.6.38-5.32-generic 2.6.38-rc6
Uname: Linux 2.6.38-5-generic i686
Architecture: i386
Date: Mon Jul 18 20:16:22 2011
ExecutablePath: /usr/bin/eog
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha i386 (20110302)
ProcCmdline: eog koo.svg
ProcEnviron:
SHELL=/bin/bash
LANG=en_US.UTF-8
LANGUAGE=en_US:en
SegvAnalysis:
Segfault happened at: 0xb11811 <rsvg_filter_primitive_image_render+177>: mov (%eax),%eax
PC (0x00b11811) ok
source "(%eax)" (0x000033ab) not located in a known VMA region (needed readable region)!
destination "%eax" ok
Stack memory exhausted (SP below stack segment)
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: eog
StacktraceTop:
rsvg_filter_primitive_image_render_in (self=0x8bf4428, ctx=0x8c42400) at rsvg-filter.c:3339
rsvg_filter_primitive_image_render (self=0x8bf4428, ctx=0x8c42400) at rsvg-filter.c:3435
rsvg_filter_primitive_render (self=0x8bd9630, source=0x8bfc370, context=0x8c1f130, bounds=0x8bc9d90, channelmap=0xb2951f "2103") at rsvg-filter.c:85
rsvg_filter_render (self=0x8bd9630, source=0x8bfc370, context=0x8c1f130, bounds=0x8bc9d90, channelmap=0xb2951f "2103") at rsvg-filter.c:499
rsvg_cairo_pop_render_stack (ctx=0x8c1f130) at rsvg-cairo-draw.c:965
Title: eog crashed with SIGSEGV in rsvg_filter_primitive_image_render_in()
UpgradeStatus: Upgraded to natty on 2011-03-21 (119 days ago)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
XsessionErrors:
Error: No Symbols named "mac" in the include file "macintosh_vndr/fi"
(nautilus:1231): GConf-CRITICAL **: gconf_value_free: assertion `value != NULL' failed
(nautilus:1231): GStreamer-CRITICAL **: gst_debug_add_log_function: assertion `func != NULL' failed

Tags: