Bug 10585

Summary: crash trying to open svg file with epiphany
Product: cairo Reporter: Jens Granseuer <jensgr>
Component: generalAssignee: Carl Worth <cworth>
Status: RESOLVED FIXED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: critical    
Priority: medium    
Version: 1.4.2   
Hardware: x86 (IA32)   
OS: Linux (All)   
URL: http://bugzilla.gnome.org/attachment.cgi?id=85963&action=view
Whiteboard:
i915 platform: i915 features:

Description Jens Granseuer 2007-04-09 14:00:49 UTC 
When opening the URL above with epiphany, it crashes in cairo code with the following stack trace:

#0  0x40ca342c in _cairo_stroker_start_dash (stroker=0xbfffd4a4) at cairo-path-stroke.c:126
#1  0x40ca3626 in _cairo_stroker_init (stroker=0xbfffd4a4, stroke_style=0x891d228,
    ctm=0xbfffd5b0, ctm_inverse=0x891d228, tolerance=2.158804529898396e-267,
    traps=0xbfffd664) at cairo-path-stroke.c:174
#2  0x40ca507c in _cairo_path_fixed_stroke_to_traps (path=0x891d1f8,
    stroke_style=0x891d228, ctm=0xbfffd5b0, ctm_inverse=0x891d228,
    tolerance=2.158804529898396e-267, traps=0xbfffd664) at cairo-path-stroke.c:970
#3  0x41fa2a11 in _cairo_gstate_stroke_extents ()
   from /opt/gnome2/lib/firefox-2.0.0.3/components/libgklayout.so


(gdb) bt full
#0  0x40ca342c in _cairo_stroker_start_dash (stroker=0xbfffd4a4) at cairo-path-stroke.c:126
        offset = 4
        on = 1
        i = 0
#1  0x40ca3626 in _cairo_stroker_init (stroker=0xbfffd4a4, stroke_style=0x891d228,
    ctm=0xbfffd5b0, ctm_inverse=0x891d228, tolerance=2.158804529898396e-267,
    traps=0xbfffd664) at cairo-path-stroke.c:174
No locals.
#2  0x40ca507c in _cairo_path_fixed_stroke_to_traps (path=0x891d1f8,
    stroke_style=0x891d228, ctm=0xbfffd5b0, ctm_inverse=0x891d228,
    tolerance=2.158804529898396e-267, traps=0xbfffd664) at cairo-path-stroke.c:970
        status = 1001
        stroker = {style = 0x891d228, ctm = 0xbfffd5b0, ctm_inverse = 0x891d228,
  tolerance = 2.158804529898396e-267, traps = 0xbfffd664, pen = {
    radius = -1.1767189646838646e-185, tolerance = 2.158804529898396e-267,
    vertices = 0x891d670, num_vertices = 4}, current_point = {x = 141891352,
    y = 70730883}, first_point = {x = 141890944, y = -1073752752},
  has_initial_sub_path = 0, has_current_face = 0, current_face = {ccw = {x = 1086863088,
      y = 1086849024}, point = {x = -1073752764, y = 1073795011}, cw = {x = 1086863216,
      y = 1086849024}, dev_vector = {dx = -1073752748, dy = 1073795011}, usr_vector = {
      x = 1.4924074177245811e-313, y = 2.1010398864746094}}, has_first_face = 0,
  first_face = {ccw = {x = 143774248, y = -1073752656}, point = {x = 1073794798,
      y = 1108027228}, cw = {x = 143774248, y = -1073752656}, dev_vector = {dx = 282,
      dy = 1101244883}, usr_vector = {x = 14584940569.026825, y = 164950656.00000864}},
  dashed = 1086863216, dash_index = 3221214668, dash_on = 1073795440,
  dash_starts_on = -1073752656, dash_remain = 13472.125}
#3  0x41fa2a11 in _cairo_gstate_stroke_extents ()
   from /opt/gnome2/lib/firefox-2.0.0.3/components/libgklayout.so
No symbol table info available.

And this looks odd:

(gdb) p stroker->style->dash[i]
Cannot access memory at address 0x1
(gdb) p stroker->style->dash
$1 = (double *) 0x1

Trying to show the file with rsvg-view works fine.

epiphany is 2.18.1, firefox 2.0.0.3, gtk+ 2.10.11 in case it matters.
Comment 1 Chris Wilson 2008-10-10 05:46:46 UTC 
Looking at the very small tolerance and pen radius immediately suggests a couple of bug fixes that could explain why epiphany now handles the svg fine (aside from a bug in epiphany's handling of svg that avoids the issue). My best guess was that this was the degenerate-pen bug...

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.