Bug 4124

Summary: cairo_hash_string crash
Product: cairo Reporter: Mitch <mitch>
Component: generalAssignee: Carl Worth <cworth>
Status: RESOLVED DUPLICATE QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: normal    
Priority: high    
Version: 0.9.3   
Hardware: All   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: Patch to check for NULL string

Description Mitch 2005-08-17 04:48:39 UTC
Evince viewer crashes due to cairo_hash_string not handling the case when c == NULL.

This is the crash i get

(gdb) r ~/test.pdf
Starting program: /usr/local/bin/evince ~/test.pdf
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 11075)]
[New Thread 32769 (LWP 11078)]
[New Thread 16386 (LWP 11079)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16386 (LWP 11079)]
0xb70f292e in _cairo_hash_string (c=0x0) at cairo-cache.c:516
516             hash = ((hash << 5) + hash) + *c++;
(gdb) p hash
$1 = 5381
(gdb) p c
$2 = 0x0
(gdb) where
#0  0xb70f292e in _cairo_hash_string (c=0x0) at cairo-cache.c:516
#1  0xb7105015 in _cairo_ft_unscaled_font_init_key (key=0x830fc88, filename=0x0,
id=0) at cairo-ft-font.c:260
#2  0xb7105077 in _cairo_ft_unscaled_font_init (unscaled=0x830fc88,
filename=0x0, id=137428104, face=0x830dd80) at cairo-ft-font.c:301
#3  0xb71083f3 in cairo_ft_font_face_create_for_ft_face (face=0x830fc88,
load_flags=10) at cairo-ft-font.c:426
#4  0xb7179b11 in CairoFont::CairoFont () from /usr/local/lib/libpoppler.so.0
#5  0xb717a2ea in CairoFontEngine::getFont () from /usr/local/lib/libpoppler.so.0
#6  0xb717ac34 in CairoOutputDev::updateFont () from /usr/local/lib/libpoppler.so.0
#7  0xb7193281 in Gfx::doShowText () from /usr/local/lib/libpoppler.so.0
#8  0xb7193408 in Gfx::opShowSpaceText () from /usr/local/lib/libpoppler.so.0
#9  0xb718c046 in Gfx::execOp () from /usr/local/lib/libpoppler.so.0
#10 0xb718c226 in Gfx::go () from /usr/local/lib/libpoppler.so.0
#11 0xb718c656 in Gfx::display () from /usr/local/lib/libpoppler.so.0
#12 0xb71cd816 in Page::displaySlice () from /usr/local/lib/libpoppler.so.0
#13 0xb734f0e1 in poppler_page_render_to_pixbuf () from
/usr/local/lib/libpoppler-glib.so.0
#14 0x0808c1ec in pdf_document_get_type ()
#15 0x0808a44d in ev_document_render_pixbuf ()
#16 0x08060aa5 in ev_job_render_run ()
#17 0x0805f15e in ev_document_types_add_filters ()
#18 0x0805f2b0 in ev_document_types_add_filters ()
#19 0xb6df11f9 in g_thread_create_proxy (data=0xb6e31188) at gthread.c:564
#20 0xb7359d03 in pthread_start_thread () from /lib/libpthread.so.0
#21 0xb7359d7f in pthread_start_thread_event () from /lib/libpthread.so.0
#22 0xb6b13767 in __clone () from /lib/libc.so.6
Comment 1 Mitch 2005-08-17 04:50:25 UTC
Created attachment 2904 [details] [review]
Patch to check for NULL string
Comment 2 Billy Biggs 2005-08-17 05:56:14 UTC
See bug 4110 and Carl's proposed patch.

*** This bug has been marked as a duplicate of 4110 ***
Comment 3 Carl Worth 2005-08-22 17:15:47 UTC
Move bugs against "cvs" version to "0.9.3" so we can remove the "cvs" version.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.