Bug#708120: cairo-polygon-intersect.c: SIGSEGV in active_edges

Vlad Orlov monsta at inbox.ru
Sun Jun 14 13:02:04 UTC 2015 

Control: found -1 1.14.2-2
Control: tags -1 wheezy jessie stretch
Control: affects -1 evince atril


Still happens in current Debian Testing. Atril (MATE document viewer,
Evince fork) crashes with similar backtrace on a certain PDF [1]:


(gdb) bt
#0  0x00007ffff2bc3258 in _cairo_polygon_intersect 
(polygon=0x7fffdcb02c70, top=19456, left=0x7fff84263450)
     at ../../../../src/cairo-polygon-intersect.c:1235
#1  0x00007ffff2bc3258 in _cairo_polygon_intersect 
(polygon=0x7fffdcb02c70, num_events=<optimized out>, 
start_events=<optimized out>)
     at ../../../../src/cairo-polygon-intersect.c:1271
#2  0x00007ffff2bc3258 in _cairo_polygon_intersect 
(a=a at entry=0x7fffdcb02c70, winding_a=winding_a at entry=0, 
b=b at entry=0x7fffdcb02820, winding_b=<optimized out>) at 
../../../../src/cairo-polygon-intersect.c:1466
#3  0x00007ffff2bd50fa in clip_and_composite_polygon 
(compositor=compositor at entry=0x7ffff2e7e180 <spans>, 
extents=extents at entry=0x7fffdcb030c0, 
polygon=polygon at entry=0x7fffdcb02c70, fill_rule=CAIRO_FILL_RULE_WINDING, 
antialias=antialias at entry=CAIRO_ANTIALIAS_DEFAULT)
     at ../../../../src/cairo-spans-compositor.c:946
#4  0x00007ffff2bd5caa in _cairo_spans_compositor_stroke 
(_compositor=0x7ffff2e7e180 <spans>, extents=0x7fffdcb030c0, 
path=<optimized out>, style=0x7fffdcb034d0, ctm=0x7fffdcb03500, 
ctm_inverse=0x7fffdcb03530, tolerance=0.10000000000000001, 
antialias=CAIRO_ANTIALIAS_DEFAULT)
     at ../../../../src/cairo-spans-compositor.c:1083
#5  0x00007ffff2b90ddf in _cairo_compositor_stroke 
(compositor=0x7ffff2e7e180 <spans>, surface=0x1d3c, op=4294967295, 
source=0x1, path=0x998da8, style=0x7fffdcb034d0, ctm=0x7fffdcb03500, 
ctm_inverse=0x7fffdcb03530, tolerance=0.10000000000000001, 
antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0x98a180)
     at ../../../../src/cairo-compositor.c:157
#6  0x00007ffff2ba2122 in _cairo_image_surface_stroke 
(abstract_surface=<optimized out>, op=<optimized out>, source=<optimized 
out>, path=<optimized out>, style=<optimized out>, ctm=<optimized out>, 
ctm_inverse=0x7fffdcb03530, tolerance=<optimized out>, 
antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0x98a180)
     at ../../../../src/cairo-image-surface.c:964
#7  0x00007ffff2bd9046 in _cairo_surface_stroke (surface=0x7fff840fd950, 
op=CAIRO_OPERATOR_OVER, source=0x7fffdcb03560, path=0x998da8, 
stroke_style=0x7fffdcb034d0, ctm=0x7fffdcb03500, 
ctm_inverse=0x7fffdcb03530, tolerance=0.10000000000000001, 
antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0x98a180)
     at ../../../../src/cairo-surface.c:2296
#8  0x00007ffff2b98c62 in _cairo_gstate_stroke (gstate=0x7fff84245ce0, 
path=path at entry=0x998da8) at ../../../../src/cairo-gstate.c:1194
#9  0x00007ffff2b92749 in _cairo_default_context_stroke 
(abstract_cr=0x998a40) at ../../../../src/cairo-default-context.c:1010
#10 0x00007ffff2b8b765 in INT_cairo_stroke (cr=0x1ac4) at 
../../../../src/cairo.c:2150
#11 0x00007fff93ddd1c5 in CairoOutputDev::stroke(GfxState*) 
(this=0x7fff84044570, state=0x7fff840ee720) at CairoOutputDev.cc:776
#12 0x00007fff93a26848 in Gfx::opStroke(Object*, int) 
(this=0x7fff841d5790, args=<optimized out>, numArgs=<optimized out>) at 
Gfx.cc:1852
#13 0x00007fff93a22d98 in Gfx::go(bool) (this=this at entry=0x7fff841d5790, 
topLevel=topLevel at entry=true) at Gfx.cc:762
#14 0x00007fff93a23298 in Gfx::display(Object*, bool) 
(this=this at entry=0x7fff841d5790, obj=obj at entry=0x7fffdcb03aa0, 
topLevel=topLevel at entry=true)
     at Gfx.cc:728
#15 0x00007fff93a6b165 in Page::displaySlice(OutputDev*, double, double, 
int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool 
(*)(Annot*, void*), void*, bool) (this=0x7fff84058790, 
out=out at entry=0x7fff84044570, hDPI=hDPI at entry=72, vDPI=vDPI at entry=72, 
rotate=rotate at entry=0, useMediaBox=useMediaBox at entry=false, 
crop=crop at entry=true, sliceX=sliceX at entry=-1, sliceY=-1, sliceW=-1, 
sliceH=-1, printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0, 
annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, 
copyXRef=false) at Page.cc:585
#16 0x00007fff93dc9e3e in _poppler_page_render(PopplerPage*, cairo_t*, 
GBool, PopplerPrintFlags) (page=0x7fff84045780 [PopplerPage], 
cairo=0x998a40, printing=<optimized out>, print_flags=<optimized out>) 
at poppler-page.cc:362
#17 0x00007fffdc0fc070 in pdf_page_render(PopplerPage*, gint, gint, 
EvRenderContext*) (page=page at entry=0x7fff84045780 [PopplerPage], 
width=width at entry=100, height=height at entry=132, 
rc=rc at entry=0x7fff840016f0 [EvRenderContext]) at ev-poppler.cc:367
#18 0x00007fffdc0fed18 in 
pdf_document_thumbnails_get_thumbnail(EvDocumentThumbnails*, 
EvRenderContext*, gboolean) (height=132, width=100, rc=0x7fff840016f0 
[EvRenderContext], poppler_page=0x7fff84045780 [PopplerPage]) at 
ev-poppler.cc:1423
#19 0x00007fffdc0fed18 in 
pdf_document_thumbnails_get_thumbnail(EvDocumentThumbnails*, 
EvRenderContext*, gboolean) (document_thumbnails=<optimized out>, 
rc=0x7fff840016f0 [EvRenderContext], border=1) at ev-poppler.cc:1474
#20 0x00007ffff75564f0 in ev_job_thumbnail_run (job=0x791240 
[EvJobThumbnail]) at ev-jobs.c:1007
#21 0x00007ffff755796a in ev_job_thread_proxy (job=0x791240 
[EvJobThumbnail]) at ev-job-scheduler.c:184
#22 0x00007ffff755796a in ev_job_thread_proxy (data=<optimized out>) at 
ev-job-scheduler.c:217
#23 0x00007ffff0fea955 in g_thread_proxy (data=0x925540) at 
/build/glib2.0-NiYzoW/glib2.0-2.44.1/./glib/gthread.c:764
#24 0x00007ffff08490a4 in start_thread (arg=0x7fffdcb04700) at 
pthread_create.c:309
#25 0x00007ffff057e04d in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:111


[1] http://users.sisna.com/cebula/woodsmith_vol_37_no_217_page_7.pdf

More information about the pkg-gnome-maintainers mailing list