Bug 63203

Summary: cairo_line_to segfaults when used from pdf2svg from homebrew on macosx
Product: cairo Reporter: Perry Wagle <wagle>
Component: svg backendAssignee: Emmanuel Pacaud <emmanuel.pacaud>
Status: RESOLVED MOVED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: normal    
Priority: medium CC: wagle
Version: 1.12.14   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 68382    
Attachments: sample_pdf_file

Description Perry Wagle 2013-04-06 09:00:28 UTC 
Created attachment 77513 [details]
sample_pdf_file

When running sample_pdf_file (see attached) through pdf2svg, the first indirect call in cairo_line_to() segfaults when trying to call address zero.

This happens on macosx 10.8.2 with cairo 1.12.14 via homebrew.  Installing older versions of cairo (for example 1.12.8) fixes the segfault.

Here's a session with gdb (so, oh, its also going through poppler):

#0  0x0000000000000000 in ?? ()
#1  0x0000000100e53d2c in cairo_line_to ()
#2  0x00000001009988e6 in CairoOutputDev::doPath ()
#3  0x00000001009999e8 in CairoOutputDev::clip ()
#4  0x0000000100c9d693 in Gfx::drawForm ()
#5  0x0000000100ca6427 in Gfx::doForm ()
#6  0x0000000100c97cf6 in Gfx::opXObject ()
#7  0x0000000100c9cbf6 in Gfx::go ()
#8  0x0000000100c9c940 in Gfx::display ()
#9  0x0000000100cd7721 in Page::displaySlice ()
#10 0x000000010099015a in _poppler_page_render ()
#11 0x0000000100001a48 in convertPage ()
#12 0x0000000100001b5f in main ()
(gdb) list   
No symbol table is loaded.  Use the "file" command.
(gdb) up
#1  0x0000000100e53d2c in cairo_line_to ()
(gdb) list
No symbol table is loaded.  Use the "file" command.
(gdb) disasm
Undefined command: "disasm".  Try "help".
(gdb) disas
Dump of assembler code for function cairo_line_to:
0x0000000100e53d10 <cairo_line_to+0>:   push   %rbp
0x0000000100e53d11 <cairo_line_to+1>:   mov    %rsp,%rbp
0x0000000100e53d14 <cairo_line_to+4>:   push   %rbx
0x0000000100e53d15 <cairo_line_to+5>:   push   %rax
0x0000000100e53d16 <cairo_line_to+6>:   mov    %rdi,%rbx
0x0000000100e53d19 <cairo_line_to+9>:   cmpl   $0x0,0x4(%rbx)
0x0000000100e53d1d <cairo_line_to+13>:  jne    0x100e53d30 <cairo_line_to+32>
0x0000000100e53d1f <cairo_line_to+15>:  mov    0x20(%rbx),%rax
0x0000000100e53d23 <cairo_line_to+19>:  mov    %rbx,%rdi
0x0000000100e53d26 <cairo_line_to+22>:  callq  *0x198(%rax)
0x0000000100e53d2c <cairo_line_to+28>:  test   %eax,%eax
0x0000000100e53d2e <cairo_line_to+30>:  jne    0x100e53d37 <cairo_line_to+39>
0x0000000100e53d30 <cairo_line_to+32>:  add    $0x8,%rsp
0x0000000100e53d34 <cairo_line_to+36>:  pop    %rbx
0x0000000100e53d35 <cairo_line_to+37>:  pop    %rbp
0x0000000100e53d36 <cairo_line_to+38>:  retq   
0x0000000100e53d37 <cairo_line_to+39>:  mov    %rbx,%rdi
0x0000000100e53d3a <cairo_line_to+42>:  mov    %eax,%esi
0x0000000100e53d3c <cairo_line_to+44>:  add    $0x8,%rsp
0x0000000100e53d40 <cairo_line_to+48>:  pop    %rbx
0x0000000100e53d41 <cairo_line_to+49>:  pop    %rbp
0x0000000100e53d42 <cairo_line_to+50>:  jmpq   0x100e5363a <_cairo_set_error>
Comment 1 Perry Wagle 2013-04-07 00:39:32 UTC 
I was wrong about 1.12.8..  But 1.12.2 does work.
Comment 2 Perry Wagle 2013-09-07 05:24:26 UTC 
1.12.16 gets a segfault in the same place, do you need more details?
Comment 3 GitLab Migration User 2018-08-25 13:45:39 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/cairo/cairo/issues/181.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.