Bug 56698

Summary: Crash in libcairo when opening a (corrupted?) svg file with gdk_pixbuf_new_from_file_at_scale
Product: cairo Reporter: Matthieu Baerts <matttbe>
Component: generalAssignee: Chris Wilson <chris>
Status: RESOLVED DUPLICATE QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: normal    
Priority: medium    
Version: 1.12.2   
Hardware: Other   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: With this svg file, it crashes.
A full backtrace of this crash

Description Matthieu Baerts 2012-11-02 21:16:39 UTC 
Created attachment 69464 [details]
With this svg file, it crashes.

Hello,

When I try to load the attached file with 'gdk_pixbuf_new_from_file_at_scale', there is a crash in libcairo.

I only have this crash with this file which is very big for a SVG file (maybe this file is corrupted but there is no problem to open it with Firefox, Nautilus, eog, GThumb, or Inkscape)

I'll join a full backtrace of this crash when using Cairo 1.12.2 and RSVG 2.36.4.

Thank you for your help and all this great work ;)
Comment 1 Matthieu Baerts 2012-11-02 21:17:48 UTC 
Created attachment 69465 [details]
A full backtrace of this crash
Comment 2 Matthieu Baerts 2012-11-02 21:27:35 UTC 
A few more details about this crash in 'full_row' function (src/cairo-tor-scan-converter.c:1361):

  (gdb) p right
  $1 = (struct edge *) 0x38dd4e0
  (gdb) p right->next
  $2 = (struct edge *) 0x0
  (gdb) p right->x.quo
  $3 = 2147483647

I hope it will help :)
Comment 3 Emmanuel Pacaud 2012-11-02 22:15:20 UTC 
This crash is not related to the SVG backend (this backend generates SVG, does not render it).

I was not able to reproduce the crash with librsvg and cairo master using rsvg-view.
Comment 4 Chris Wilson 2012-11-02 22:17:16 UTC 

*** This bug has been marked as a duplicate of bug 54822 ***
Comment 5 Matthieu Baerts 2012-11-02 22:44:53 UTC 
Thank you for this quick answer!

I was not able to reproduce this crash with rsvg-view too.
But I can reproduce it with this tiny code:

===========

#include <stdio.h>
#include <gtk/gtk.h>

int main (int argc, char **argv)
{
	gtk_init (&argc, &argv);
	GdkPixbuf *pixbuf = gdk_pixbuf_new_from_file_at_size ("geany.svg", 64, 64, NULL);
}

===========

Compiled with:
  $ gcc -ggdb test.c -o test `pkg-config --libs --cflags gtk+-3.0`

And launched from the same dir of the 'geany.svg' file (https://bugs.freedesktop.org/attachment.cgi?id=69464)

I have the same crash as before: 
   0x00007ffff5cad02c in full_row (mask=1, coverages=0x797b28, active=0x797aa0) at /build/buildd/cairo-1.12.2/src/cairo-tor-scan-converter.c:1361


Is it a bug in Gdk Pixbuf? But should it crash in libcairo?
Comment 6 Chris Wilson 2012-11-03 09:38:24 UTC 
It's a cairo bug that should be fixed in cairo-1.12.4 or later package.
Comment 7 Matthieu Baerts 2012-11-03 12:09:47 UTC 
@Chris Wilson: Thank you!
I confirm that this patch (linked to the bug #54822) fixes this bug too! (and sorry for the duplicated bug)
  http://cgit.freedesktop.org/cairo/commit/?id=797441093a8346003552e0cf89aef2a644ff53ab

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.