Bug 87588

Summary: Crash in bits_image_fetch_separable_convolution_affine
Product: libspectre Reporter: Riccardo Magliocchetti <riccardo.magliocchetti>
Component: generalAssignee: Søren Sandmann Pedersen <soren.sandmann>
Status: RESOLVED DUPLICATE QA Contact: Søren Sandmann Pedersen <soren.sandmann>
Severity: normal    
Priority: medium CC: kreckel, siarhei.siamashka
Version: unspecified   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: stacktrace
reproducer
original pdf where the ps has been created from printing to file from evince

Description Riccardo Magliocchetti 2014-12-22 10:40:09 UTC
Created attachment 111175 [details]
stacktrace

Pixman is 0.32.6 on 32 bit. Opening a postscript with evince gives me the attached stacktrace.
Please note on the first frame:
        row = 0xefe1f188 <error: Cannot access memory at address 0xefe1f188>
Comment 1 Siarhei Siamashka 2014-12-26 00:01:48 UTC
Thanks for reporting.

But the stacktrace alone can't help much. In order to fix the problem, ideally we need a reliable way to reporoduce it. Does this happen with every postscript file or only some special one? Knowing more details about the system and versions of all the libraries involved might help too.

Also pixman has its own test suite. It might make sense to run './configure && make check' for pixman on this system in order to rule out compiler bugs and other build environment related issues. The maintainers of linux distributions are generally expected to run 'make check' when building packages, but we can't really rely on this.
Comment 2 Riccardo Magliocchetti 2015-01-01 15:30:15 UTC
Created attachment 111610 [details]
reproducer

Here's a ps reproducing the issue for me.
Comment 3 Riccardo Magliocchetti 2015-01-01 15:46:55 UTC
(In reply to Siarhei Siamashka from comment #1)
> But the stacktrace alone can't help much. In order to fix the problem,
> ideally we need a reliable way to reporoduce it. Does this happen with every
> postscript file or only some special one? Knowing more details about the
> system and versions of all the libraries involved might help too.

I've attached a postscript that crashes when opened with evince 3.14.1, other libraries involved are cairo 1.14.0, poppler 0.26.5, ghostscript 9.06, gtk 3.14.5. Distribution is debian sid 32 bit.

Please note this have been created printing a pdf to file from evince so it well may be something in the gtk print creating dodgy files.

> Also pixman has its own test suite. It might make sense to run './configure
> && make check' for pixman on this system in order to rule out compiler bugs
> and other build environment related issues. The maintainers of linux
> distributions are generally expected to run 'make check' when building
> packages, but we can't really rely on this.

apt-get source pixman, ./configure && make check worked for me. 

============================================================================
Testsuite summary for pixman 0.32.6
============================================================================
# TOTAL: 27
# PASS:  27
Comment 4 Riccardo Magliocchetti 2015-01-01 15:48:37 UTC
Created attachment 111612 [details]
original pdf where the ps has been created from printing to file from evince
Comment 5 Siarhei Siamashka 2015-10-03 01:11:52 UTC
*** Bug 92210 has been marked as a duplicate of this bug. ***
Comment 6 Siarhei Siamashka 2015-10-03 01:17:58 UTC
Looks like this is not our bug: https://bugzilla.gnome.org/show_bug.cgi?id=755810#c11

But we can always reopen it if something still needs to be fixed in pixman.
Comment 7 Jose Aliste 2015-10-03 09:16:03 UTC
Reopening and changing product to libspectre, the library that does the rendering of ps documents for evince.
Comment 8 Richard B. Kreckel 2015-10-08 20:08:41 UTC
It seems like libspectre confuses width and height for PostScript files in orientation landscape. Later, this leads to a crash inside pixman. Here is a minimal Gnuplot file to create such a file:

set terminal postscript landscape
set output 'segfault.ps'
plot x notitle
Comment 9 Richard B. Kreckel 2015-10-09 18:49:08 UTC

*** This bug has been marked as a duplicate of bug 76450 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.