Bug 23264

Summary: Cairo crashes in INT_cairo_set_operator()
Product: poppler Reporter: Mitch <mitch>
Component: cairo backendAssignee: Adrian Johnson <ajohnson>
Status: RESOLVED FIXED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: critical    
Priority: high    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Mitch 2009-08-12 01:21:07 UTC 
When viewing a doc in evince linked to cairo 1.9.3 and poppler 0.11.2 i get the following crash

$ !gd
gdb evince
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
(gdb) r /www/hasbox.com/htdocs/M2N-MX.pdf 
Starting program: /usr/bin/evince /www/hasbox.com/htdocs/M2N-MX.pdf
[Thread debugging using libthread_db enabled]
[New Thread 0xb704d920 (LWP 7432)]
Xlib:  extension "RANDR" missing on display ":0.0".
[New Thread 0xb5575b90 (LWP 8268)]
[New Thread 0xb4995b90 (LWP 8401)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb5575b90 (LWP 8268)]
0xb787c082 in *INT_cairo_set_operator (cr=0x0, op=CAIRO_OPERATOR_OVER) at cairo.c:695
695	    if (unlikely (cr->status))
(gdb) where
#0  0xb787c082 in *INT_cairo_set_operator (cr=0x0, op=CAIRO_OPERATOR_OVER) at cairo.c:695
#1  0xb4d3ab6e in CairoOutputDev::updateBlendMode (this=0x84f5ad0, state=0x85038f8) at CairoOutputDev.cc:480
#2  0xb4bbd38d in Gfx::opSetExtGState (this=0x85042e8, args=0xb5574e98, numArgs=1) at Gfx.cc:922
#3  0xb4bb592e in Gfx::execOp (this=0x85042e8, cmd=0xb5575038, args=0xb5574e98, numArgs=1) at Gfx.cc:781
#4  0xb4bb5ac1 in Gfx::go (this=0x85042e8, topLevel=1) at Gfx.cc:652
#5  0xb4bb60ca in Gfx::display (this=0x85042e8, obj=0xb55750d8, topLevel=1) at Gfx.cc:621
#6  0xb4c05ae6 in Page::display (this=0x846bb70, gfx=0x85042e8) at Page.cc:508
#7  0xb4d2d71f in poppler_page_get_image_output_dev (page=0x84cb4a0, imgDrawDeviceCbk=0, imgDrawCbkData=0x0) at poppler-page.cc:1274
#8  0xb4d2e4c8 in poppler_page_get_image_mapping (page=0x84cb4a0) at poppler-page.cc:1299
#9  0xb4d705c5 in ?? () from /usr/lib/evince/1/backends/libpdfdocument.so
#10 0xb7ed6f08 in ev_document_images_get_image_mapping (document_images=0x8472750, page=0) at ev-document-images.c:37
#11 0xb7ea614b in ev_job_render_run (job=0x84d28a8) at ev-jobs.c:563
#12 0xb7ea55d2 in ev_job_run (job=0x84d28a8) at ev-jobs.c:212
#13 0xb7ea8332 in ev_job_thread (job=0x84d28a8) at ev-job-scheduler.c:183
#14 0xb7ea843e in ev_job_thread_proxy (data=0x0) at ev-job-scheduler.c:213
#15 0xb7236a98 in g_thread_create_proxy (data=0x84a36d0) at gthread.c:635
#16 0xb735c17b in start_thread () from /lib/libpthread.so.0
#17 0xb7156bde in clone () from /lib/libc.so.6
(gdb) quit
The program is running.  Exit anyway? (y or n) y
home:/usr/src/sources/gnome/cairo$ git pull
Already up-to-date.
home:/usr/src/sources/gnome/cairo$
Comment 1 Adrian Johnson 2009-08-12 01:54:30 UTC 
This is a poppler bug (it is passing a NULL context to cairo).

It should be fixed with this commit:

http://cgit.freedesktop.org/poppler/poppler/commit/?id=15752b7cd5c94620e3ad3b6afd9c70ccc754c9b3

Please reopen the bug if the crash still occurs with poppler git master.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.