Summary: | Segfault when loading a PDF with a transformed image (1.14.0) | ||
---|---|---|---|
Product: | cairo | Reporter: | Matthew Leach <bugzilla-freedesktop> |
Component: | xlib backend | Assignee: | Chris Wilson <chris> |
Status: | RESOLVED FIXED | QA Contact: | cairo-bugs mailing list <cairo-bugs> |
Severity: | normal | ||
Priority: | medium | CC: | guittet.thibault |
Version: | unspecified | ||
Hardware: | x86-64 (AMD64) | ||
OS: | Linux (All) | ||
Whiteboard: | |||
i915 platform: | i915 features: | ||
Attachments: |
problematic PDF file.
Backtrace problematic PDF file, 2. proposed patch |
Created attachment 107996 [details]
Backtrace
Full backtrace of the segmentation fault.
Created attachment 108004 [details]
problematic PDF file, 2.
After doing some experimenting, I've found that rotating vector graphics also seems to provoke the bug. Further, this bug seems to cause evince to crash sooner; I have to do less zooming in and out before evince crashes.
Created attachment 108052 [details] [review] proposed patch I reproduced the crash with test2.pdf and an evince built from git sources $git --git-dir=evince/.git describe HEAD --long 3.14.1-0-gf1cda92 $git --git-dir=poppler/.git describe HEAD --long poppler-0.26.4-59-g745f124 $git --git-dir=cairo/.git describe HEAD --long 1.14.0-7-g51892e9 at 50% zoom. Comparing my alternative solution to bug 84396 with that in master I recall that I noticed that full_row should be used only when there is no intersection in the current row and in the top half of the successive subrow, otherwise redundant (negative) spans are possibly generated when sub_row is called for the next row and I observed a similar crash and backtrace. The attached patch fixes the crash with test2.pdf, but I did not reproduce it with test.pdf. I can confirm that the proposed patch does fix the issue that I was having. commit 2de69581c28bf115852037ca41eba13cb7335976 Author: Massimo Valentini <mvalentini@src.gnome.org> Date: Sun Oct 19 09:19:10 2014 +0200 tor-scan-converter: can't do_fullrow when intersection in row + 0.5subrow the active edges list must be left sorted at the next possible use and since full_row does not deal with intersections it is not usable when there is an intersection in the top half of the next row first subrow Reported-and-tested-by: Matthew Leach Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=85151 Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk> |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Created attachment 107995 [details] problematic PDF file. Hello, When opening a PDF file with evince that contains a transformed image file a segmentation fault occurs. A back trace seems to indicate the problem is in cairo. I've attached the PDF file that is causing the issue. It was generated with pdflatex, I can attach the TeX source if people require too. This bug occurs with cairo 1.14.0