Bug 10598 - crash when viewing svg file
crash when viewing svg file
Status: RESOLVED FIXED
Product: cairo
Classification: Unclassified
Component: svg backend
1.2.6
Other Linux (All)
: medium critical
Assigned To: Emmanuel Pacaud
cairo-bugs mailing list
http://bugzilla.gnome.org/show_bug.cg...
:
: 11493 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-04-10 04:53 UTC by Michael Chudobiak
Modified: 2008-01-11 08:31 UTC (History)
4 users (show)

See Also:


Attachments
SVG file that causes the crash (17.89 KB, image/svg+xml)
2007-04-10 04:54 UTC, Michael Chudobiak
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Chudobiak 2007-04-10 04:53:34 UTC
gThumb crashes when viewing an svg file, due to a crash in cairo svg rendering.

The original bug reports are here:

http://bugzilla.gnome.org/show_bug.cgi?id=424199 (has svg file)
http://bugzilla.gnome.org/show_bug.cgi?id=428208 (best stacktrace)

The backtrace:

Distribution: Fedora Core release 6 (Zod)
Gnome Release: 2.16.3 2007-01-31 (Red Hat, Inc)
BugBuddy Version: 2.16.0

System: Linux 2.6.19-1.2911.fc6 #1 SMP Sat Feb 10 15:51:47 EST 2007 i686
X Vendor: The XFree86 Project, Inc
X Vendor Release: 40300000
Selinux: No
Accessibility: Disabled

Memory status: size: 133980160 vsize: 0 resident: 133980160 share: 0 rss:
44367872 rss_rlim: 0
CPU usage: start_time: 1176205406 rtime: 0 utime: 260 stime: 0 cutime:233
cstime: 0 timeout: 27 it_real_value: 0 frequency: 0

Backtrace was generated from '/usr/bin/gthumb'

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1208346912 (LWP 9727)]
[New Thread -1318589552 (LWP 9745)]
[New Thread -1318061168 (LWP 9744)]
[New Thread -1316156528 (LWP 9743)]
[New Thread -1252689008 (LWP 9735)]
[New Thread -1252160624 (LWP 9734)]
0x00c79402 in __kernel_vsyscall ()
#0  0x00c79402 in __kernel_vsyscall ()
#1  0x00da398e in __lll_mutex_lock_wait () from /lib/libpthread.so.0
#2  0x00d9f7fc in _L_mutex_lock_85 () from /lib/libpthread.so.0
#3  0x00d9f33d in __pthread_mutex_lock (mutex=0x9a19778) at
pthread_mutex_lock.c:81
#4  0x00e30cef in check_thread (data=0x9a19a50) at image-loader.c:731
#5  0x037fca16 in g_timeout_dispatch (source=0x9b1c500, callback=0,
user_data=0x9a19a50) at gmain.c:3422
#6  0x037fc442 in IA__g_main_context_dispatch (context=0x991d660) at
gmain.c:2045
#7  0x037ff41f in g_main_context_iterate (context=0x991d660, block=1,
dispatch=1, self=0x9900f50)
    at gmain.c:2677
#8  0x037ff7c9 in IA__g_main_loop_run (loop=0x9c4b240) at gmain.c:2881
#9  0x0212d4b4 in IA__gtk_main () at gtkmain.c:1148
#10 0x080a65b5 in main (argc=) at main.c:834

Thread 6 (Thread -1252160624 (LWP 9734)):
#0  0x00c79402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00da4cbb in waitpid () from /lib/libpthread.so.0
No symbol table info available.
#2  0x02459cf6 in libgnomeui_segv_handle (signum=6) at gnome-ui-init.c:870
        estatus = 29156194
        sa = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, sa_mask
= {__val = {3042796064, 
      0, 0, 42233907, 29156194, 42239212, 29321448, 42242476, 29487233,
42243675, 29653524, 3042795880, 
      79228173, 1869, 0, 0, 0, 0, 42211898, 28662052, 42221258, 28826218,
42228603, 28990940, 42233907, 
      29156194, 0, 0, 0, 0, 3042796328, 2491416576}}, sa_flags = 1074222420,
sa_restorer = 0x2847033}
        pid = 0
        in_segv = 1
#3  <signal handler called>
No symbol table info available.
#4  0x00c79402 in __kernel_vsyscall ()
No symbol table info available.
#5  0x00151d40 in *__GI_raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
        resultvar = <value optimized out>
        pid = 2498548
        selftid = 9734
#6  0x00153591 in *__GI_abort () at abort.c:88
        act = {__sigaction_handler = {sa_handler = 0x263120 <main_arena>, 
    sa_sigaction = 0x263120 <main_arena>}, sa_mask = {__val = {162726616,
2498548, 2502944, 163952328, 
      162726608, 1642190, 2502944, 108, 2498548, 108, 163952328, 3042797000,
1598317, 162726616, 
      162726616, 107, 163952328, 0, 107, 4222451712, 162726616, 162726717,
162726616, 162726616, 
      162726723, 1632417, 162726616, 162726916, 0, 0, 0, 0}}, sa_flags = 0,
sa_restorer = 0x73256020}
        sigs = {__val = {32, 0 <repeats 31 times>}}
#7  0x0014b38b in *__GI___assert_fail (assertion=0x4bd1070 "i <
pen->num_vertices", 
    file=0x4bd1064 "cairo-pen.c", line=323, function=0x4bd10a0
"_cairo_pen_find_active_cw_vertex_index")
    at assert.c:78
        buf = 0x9c5b6c8 ""
        errstr = "Unexpected error.\n"
#8  0x04b8c16f in _cairo_pen_find_active_cw_vertex_index (pen=0xb55d67a4,
slope=0xb55d66d0, 
    active=0xb55d66d8) at cairo-pen.c:323
        i = 4
        __PRETTY_FUNCTION__ = "_cairo_pen_find_active_cw_vertex_index"
#9  0x04b8a9f4 in _cairo_stroker_add_cap (stroker=0xb55d678c, f=0xb55d6700) at
cairo-path-stroke.c:385
        i = <value optimized out>
        stop = <value optimized out>
        slope = {dx = 20, dy = -10642879}
        tri = {{x = 0, y = 0}, {x = 0, y = 0}, {x = 0, y = 0}}
        pen = (cairo_pen_t *) 0xb55d67a4
        start = <value optimized out>
        status = <value optimized out>
#10 0x04b8ac65 in _cairo_stroker_add_leading_cap (stroker=0x0, face=<value
optimized out>)
    at cairo-path-stroke.c:456
        reversed = {ccw = {x = 42244184, y = 29794954}, point = {x = 42244184,
y = 29794954}, cw = {
    x = 42244184, y = 29794954}, dev_vector = {dx = 20, dy = -10642879},
usr_vector = {
    x = 1.9109012527931071e-06, y = -0.99999999999817424}}
#11 0x04b8ac95 in _cairo_stroker_add_caps (stroker=0xb55d678c) at
cairo-path-stroke.c:488
        status = <value optimized out>
#12 0x04b8af1a in _cairo_path_fixed_stroke_to_traps (path=0x9c67a68,
stroke_style=0x9d09758, 
    ctm=0x9d097f4, ctm_inverse=0x9d09824, tolerance=0.10000000000000001,
traps=0xb55d6884)
    at cairo-path-stroke.c:1005
        status = CAIRO_STATUS_SUCCESS
        stroker = {style = 0x9d09758, ctm = 0x9d097f4, ctm_inverse = 0x9d09824, 
  tolerance = 0.10000000000000001, traps = 0xb55d6884, pen = {radius = 0, 
    tolerance = 0.10000000000000001, vertices = 0x9b2d460, num_vertices = 4},
current_point = {
    x = 42243675, y = 29653524}, first_point = {x = 42244184, y = 29794954},
has_sub_path = 0, 
  has_current_face = 1, current_face = {ccw = {x = 42243675, y = 29653524},
point = {x = 42243675, 
      y = 29653524}, cw = {x = 42243675, y = 29653524}, dev_vector = {dx =
76695, dy = 10642593}, 
    usr_vector = {x = 0.0073278287515938199, y = 0.99997315110246199}},
has_first_face = 1, 
  first_face = {ccw = {x = 42244184, y = 29794954}, point = {x = 42244184, y =
29794954}, cw = {
      x = 42244184, y = 29794954}, dev_vector = {dx = -20, dy = 10642879},
usr_vector = {
      x = -1.9109012527931071e-06, y = 0.99999999999817424}}, dashed = 0,
dash_index = 0, 
  dash_on = -1345029298, dash_remain = 5.2995795623450048e-315}
#13 0x04b84db7 in _cairo_gstate_stroke_extents (gstate=0x9d09748,
path=0x9c67a68, x1=0xb55d6978, 
    y1=0xb55d6980, x2=0xb55d6988, y2=0xb55d6990) at cairo-gstate.c:1056
        status = 79146852
        traps = {traps = 0x0, num_traps = 0, traps_size = 0, extents = {p1 = {x
= 2147418112, 
      y = 2147418112}, p2 = {x = -2147483648, y = -2147483648}}}
        extents = {p1 = {x = 164682544, y = 0}, p2 = {x = 1, y = 1}}
#14 0x04b7ffb2 in cairo_stroke_extents (cr=0x9c67a60, x1=0xb55d6978, y1=0x2606,
x2=0x6, y2=0xb55d6990)
    at cairo.c:2021
No locals.
#15 0x009c6b14 in rsvg_cairo_render_path (ctx=0x9b1d768, bpath_def=0x9b302c0)
at rsvg-cairo-draw.c:546
        sb = {x = 71.980259794366702, y = -1.3969901333541941, w =
575.82484947592877, 
  h = 575.82195093494511, virgin = 1, affine = {1.005657, 0, 0, 1.022627,
-6.8746500000000026, 
    161.63940000000002}}
        state = (RsvgState *) 0x9d29868
        cr = (cairo_t *) 0x9c67a60
        bpath = <value optimized out>
        i = 6
        need_tmpbuf = 0
        bbox = {x = 71.980259794366702, y = -1.3969901333541992, w =
575.82484947592877, 
  h = 575.82195093494511, virgin = 0, affine = {1.005657, 0, 0, 1.022627,
-6.8746500000000026, 
    161.63940000000002}}
#16 0x009c19ce in rsvg_render_path (ctx=0x9b1d768, 
    d=0x9d16e48 "M 647.80511,286.51260 A 287.91339,287.91339 0 1 1
647.79738,284.40230")
    at rsvg-base.c:1639
        bpath_def = (RsvgBpathDef *) 0x9b302c0
#17 0x009b747b in rsvg_node_path_draw (self=0x9d16c30, ctx=0x9b1d768,
dominate=0) at rsvg-shapes.c:61
No locals.
#18 0x009b9fee in rsvg_node_draw (self=0x6, ctx=0x9b1d768, dominate=0) at
rsvg-structure.c:54
        stacksave = (GSList *) 0x0
#19 0x009ba2aa in _rsvg_node_draw_children (self=0x9d0a618, ctx=0x9b1d768,
dominate=0)
    at rsvg-structure.c:73
        i = 2
#20 0x009b9fee in rsvg_node_draw (self=0x6, ctx=0x9b1d768, dominate=0) at
rsvg-structure.c:54
        stacksave = (GSList *) 0x0
#21 0x009ba2aa in _rsvg_node_draw_children (self=0x9c67cf0, ctx=0x9b1d768,
dominate=0)
    at rsvg-structure.c:73
        i = 2
#22 0x009b9fee in rsvg_node_draw (self=0x6, ctx=0x9b1d768, dominate=0) at
rsvg-structure.c:54
        stacksave = (GSList *) 0x0
#23 0x009baaff in rsvg_node_svg_draw (self=0x9b20fa0, ctx=0x9b1d768,
dominate=0) at rsvg-structure.c:346
        state = <value optimized out>
        affine = {1, 0, 0, 1, 0, 0}
        affine_old = {1, 0, 0, 1, 0, 0}
        affine_new = {1, 0, 0, 1, 0, 0}
        i = 5
        nx = 0
        ny = 0
        nw = 744.09447999999998
        nh = 1052.3622
#24 0x009b9fee in rsvg_node_draw (self=0x6, ctx=0x9b1d768, dominate=0) at
rsvg-structure.c:54
        stacksave = (GSList *) 0x0
#25 0x009c72d7 in rsvg_handle_render_cairo_sub (handle=0x9c53558, cr=0x9c67a60,
id=0x0)
    at rsvg-cairo-render.c:161
        drawsub = (RsvgNode *) 0x9d29020
        __PRETTY_FUNCTION__ = "rsvg_handle_render_cairo_sub"
#26 0x009c777e in rsvg_handle_get_pixbuf_sub (handle=0x9c53558, id=0x0) at
rsvg.c:101
        dimensions = {width = 744, height = 1052, em = 744, ex = 1052}
        output = <value optimized out>
        surface = (cairo_surface_t *) 0x9c67978
        cr = (cairo_t *) 0x9c67a60
        rowstride = 2976
        __PRETTY_FUNCTION__ = "rsvg_handle_get_pixbuf_sub"
#27 0x009c7855 in rsvg_handle_get_pixbuf (handle=0x9c53558) at rsvg.c:135
No locals.
#28 0x00527bc7 in gdk_pixbuf__svg_image_stop_load (data=0x9c5cca0,
error=0xb55d8368) at io-svg.c:154
        pixbuf = <value optimized out>
#29 0x03d8611d in _gdk_pixbuf_generic_image_load (module=0x9939700,
f=0xb1705680, error=0xb55d8368)
    at gdk-pixbuf-io.c:810
        buffer =
"e-width:0.00000000;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4.0000000;stroke-dashoffset:1.8218375;stroke-opacity:1.0000000\"
transform=\"translate(24.42309,273.6212)\"/>\n      <path d"...
        length = <value optimized out>
        pixbuf = (GdkPixbuf *) 0x0
        animation = <value optimized out>
        context = (gpointer) 0x9c5cca0
        locked = 1
#30 0x03d87114 in IA__gdk_pixbuf_new_from_file (
    filename=0xb1706950
"/fileserver/mjcfiles/eraseme/svg/blue_eye_kilian_valkhof_.svg", 
    error=0xb55d8368) at gdk-pixbuf-io.c:902
        pixbuf = <value optimized out>
        f = (FILE *) 0xb1705680
        buffer = "<?xml version=\"1.0\" encoding=\"UTF-8\"
standalone=\"no\"?>\n<!-- Created with Inkscape (http://www.inkscape.org/)
--><svg height=\"1052.3622\" id=\"svg1\" version=\"1.0\" width=\"744.09448\"
x=\"0.00000000\" xmlns=\""...
        image_module = (GdkPixbufModule *) 0x9939700
        display_name = (
    gchar *) 0xb17067d8
"/fileserver/mjcfiles/eraseme/svg/blue_eye_kilian_valkhof_.svg"
        __PRETTY_FUNCTION__ = "IA__gdk_pixbuf_new_from_file"
#31 0x00e12b62 in gth_pixbuf_new_from_uri (
    uri=0xb1706a10
"/fileserver/mjcfiles/eraseme/svg/blue_eye_kilian_valkhof_.svg",
error=0xb55d8368, 
    requested_width_if_used=128, requested_height_if_used=128,
mime_type=0x9b7f5a0 "image/svg+xml")
    at file-utils.c:2763
        pixbuf = (GdkPixbuf *) 0xb1706a10
        local_file = 0xb1706950
"/fileserver/mjcfiles/eraseme/svg/blue_eye_kilian_valkhof_.svg"
#32 0x00e146a4 in gth_pixbuf_animation_new_from_uri (
    filename=0xb1702218
"file:///fileserver/mjcfiles/eraseme/svg/blue_eye_kilian_valkhof_.svg", 
    error=0xb55d8368, requested_width_if_used=128,
requested_height_if_used=128, factory=0x9af9f80, 
    mime_type=0x9b7f5a0 "image/svg+xml") at file-utils.c:2832
        local_uri = 0xb1706a10
"/fileserver/mjcfiles/eraseme/svg/blue_eye_kilian_valkhof_.svg"
        animation = <value optimized out>
        pixbuf = <value optimized out>
        local_file = 0xb1705060
"/fileserver/mjcfiles/eraseme/svg/blue_eye_kilian_valkhof_.svg"
#33 0x00e44ed6 in thumb_loader (
    path=0xb1702218
"file:///fileserver/mjcfiles/eraseme/svg/blue_eye_kilian_valkhof_.svg", 
    mime_type=0x9b7f5a0 "image/svg+xml", error=0xb55d8368, data=0x9af9eb0) at
thumb-loader.c:239
No locals.
#34 0x00e311f1 in load_image_thread (thread_data=0x9b020b0) at
image-loader.c:639
        path = 0xb1702218
"file:///fileserver/mjcfiles/eraseme/svg/blue_eye_kilian_valkhof_.svg"
        exit_thread = <value optimized out>
        priv = (ImageLoaderPrivateData *) 0x9b03168
        animation = (GdkPixbufAnimation *) 0x0
        error = (GError *) 0x0
#35 0x0381a29f in g_thread_create_proxy (data=0x9afda48) at gthread.c:591
        __PRETTY_FUNCTION__ = "g_thread_create_proxy"
#36 0x00d9d3db in start_thread (arg=0xb55d8b90) at pthread_create.c:296
        __res = <value optimized out>
        __ignore1 = <value optimized out>
        __ignore2 = <value optimized out>
        pd = (struct pthread *) 0xb55d8b90
        now = <value optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {14335988, 0, 4001536,
-1252162408, 1293221335, 
        -124736065}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, 
      cleanup = 0x0, canceltype = 0}}}
        not_first_call = 0
        robust = <value optimized out>
#37 0x001f626e in clone () from /lib/libc.so.6
        fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname =
0x0, mnt_dir = 0x0, 
    mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret =
{fs_spec = 0x0, 
    fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq =
0, fs_passno = 0}}
        __elf_set___libc_subfreeres_element_fstab_free__ = (const void *)
0x234160

Thread 5 (Thread -1252689008 (LWP 9735)):
#0  0x00c79402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00da11a6 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
No symbol table info available.
#2  0x00e31179 in load_image_thread (thread_data=0x99f5b00) at
image-loader.c:619
        path = 0x80c2a6c "\001"
        exit_thread = <value optimized out>
        priv = (ImageLoaderPrivateData *) 0x9b32400
        animation = (GdkPixbufAnimation *) 0xda07c0
        error = (GError *) 0x0
#3  0x0381a29f in g_thread_create_proxy (data=0x9b32520) at gthread.c:591
        __PRETTY_FUNCTION__ = "g_thread_create_proxy"
#4  0x00d9d3db in start_thread (arg=0xb5557b90) at pthread_create.c:296
        __res = <value optimized out>
        __ignore1 = <value optimized out>
        __ignore2 = <value optimized out>
        pd = (struct pthread *) 0xb5557b90
        now = <value optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {14335988, 0, 4001536,
-1252690792, 1293684183, 
        -124736065}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, 
      cleanup = 0x0, canceltype = 0}}}
        not_first_call = 0
        robust = <value optimized out>
#5  0x001f626e in clone () from /lib/libc.so.6
        fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname =
0x0, mnt_dir = 0x0, 
    mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret =
{fs_spec = 0x0, 
    fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq =
0, fs_passno = 0}}
        __elf_set___libc_subfreeres_element_fstab_free__ = (const void *)
0x234160

Thread 4 (Thread -1316156528 (LWP 9743)):
#0  0x00c79402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00da398e in __lll_mutex_lock_wait () from /lib/libpthread.so.0
No symbol table info available.
#2  0x00d9f7fc in _L_mutex_lock_85 () from /lib/libpthread.so.0
No symbol table info available.
#3  0x00d9f33d in __pthread_mutex_lock (mutex=0xe65560) at
pthread_mutex_lock.c:81
        ignore1 = <value optimized out>
        ignore2 = <value optimized out>
        oldval = <value optimized out>
        retval = <value optimized out>
#4  0x00e31361 in load_image_thread (thread_data=0x9a19a50) at
image-loader.c:634
        path = 0x9c4fb10
"file:///fileserver/mjcfiles/eraseme/svg/blue_eye_kilian_valkhof_.svg"
        exit_thread = <value optimized out>
        priv = (ImageLoaderPrivateData *) 0x9bb30e0
        animation = <value optimized out>
        error = (GError *) 0x0
#5  0x0381a29f in g_thread_create_proxy (data=0x9bb31e0) at gthread.c:591
        __PRETTY_FUNCTION__ = "g_thread_create_proxy"
#6  0x00d9d3db in start_thread (arg=0xb18d0b90) at pthread_create.c:296
        __res = <value optimized out>
        __ignore1 = <value optimized out>
        __ignore2 = <value optimized out>
        pd = (struct pthread *) 0xb18d0b90
        now = <value optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {14335988, 0, 4001536,
-1316158312, 1237614039, 
        -124736065}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, 
      cleanup = 0x0, canceltype = 0}}}
        not_first_call = 0
        robust = <value optimized out>
#7  0x001f626e in clone () from /lib/libc.so.6
        fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname =
0x0, mnt_dir = 0x0, 
    mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret =
{fs_spec = 0x0, 
    fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq =
0, fs_passno = 0}}
        __elf_set___libc_subfreeres_element_fstab_free__ = (const void *)
0x234160

Thread 3 (Thread -1318061168 (LWP 9744)):
#0  0x00c79402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00da11a6 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
No symbol table info available.
#2  0x00e31179 in load_image_thread (thread_data=0x9a19a20) at
image-loader.c:619
        path = 0x9c86350 "\030¹\221\t\003"
        exit_thread = <value optimized out>
        priv = (ImageLoaderPrivateData *) 0x9bb8630
        animation = (GdkPixbufAnimation *) 0x9d0ccd0
        error = (GError *) 0x0
#3  0x0381a29f in g_thread_create_proxy (data=0x9a1ae40) at gthread.c:591
        __PRETTY_FUNCTION__ = "g_thread_create_proxy"
#4  0x00d9d3db in start_thread (arg=0xb16ffb90) at pthread_create.c:296
        __res = <value optimized out>
        __ignore1 = <value optimized out>
        __ignore2 = <value optimized out>
        pd = (struct pthread *) 0xb16ffb90
        now = <value optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {14335988, 0, 4001536,
-1318062952, 1227263447, 
        -124736065}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, 
      cleanup = 0x0, canceltype = 0}}}
        not_first_call = 0
        robust = <value optimized out>
#5  0x001f626e in clone () from /lib/libc.so.6
        fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname =
0x0, mnt_dir = 0x0, 
    mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret =
{fs_spec = 0x0, 
    fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq =
0, fs_passno = 0}}
        __elf_set___libc_subfreeres_element_fstab_free__ = (const void *)
0x234160

Thread 2 (Thread -1318589552 (LWP 9745)):
#0  0x00c79402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00da11a6 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
No symbol table info available.
#2  0x00e31179 in load_image_thread (thread_data=0x9a19810) at
image-loader.c:619
        path = 0x80c2a6c "\001"
        exit_thread = <value optimized out>
        priv = (ImageLoaderPrivateData *) 0x9bb8e28
        animation = (GdkPixbufAnimation *) 0xda07c0
        error = (GError *) 0x0
#3  0x0381a29f in g_thread_create_proxy (data=0x9bb90a0) at gthread.c:591
        __PRETTY_FUNCTION__ = "g_thread_create_proxy"
#4  0x00d9d3db in start_thread (arg=0xb167eb90) at pthread_create.c:296
        __res = <value optimized out>
        __ignore1 = <value optimized out>
        __ignore2 = <value optimized out>
        pd = (struct pthread *) 0xb167eb90
        now = <value optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {14335988, 0, 4001536,
-1318591336, 1227791831, 
        -124736065}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0},
data = {prev = 0x0, 
      cleanup = 0x0, canceltype = 0}}}
        not_first_call = 0
        robust = <value optimized out>
#5  0x001f626e in clone () from /lib/libc.so.6
        fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {mnt_fsname =
0x0, mnt_dir = 0x0, 
    mnt_type = 0x0, mnt_opts = 0x0, mnt_freq = 0, mnt_passno = 0}, fs_ret =
{fs_spec = 0x0, 
    fs_file = 0x0, fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq =
0, fs_passno = 0}}
        __elf_set___libc_subfreeres_element_fstab_free__ = (const void *)
0x234160

Thread 1 (Thread -1208346912 (LWP 9727)):
#0  0x00c79402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00da398e in __lll_mutex_lock_wait () from /lib/libpthread.so.0
No symbol table info available.
#2  0x00d9f7fc in _L_mutex_lock_85 () from /lib/libpthread.so.0
No symbol table info available.
#3  0x00d9f33d in __pthread_mutex_lock (mutex=0x9a19778) at
pthread_mutex_lock.c:81
        ignore1 = <value optimized out>
        ignore2 = <value optimized out>
        oldval = <value optimized out>
        retval = <value optimized out>
#4  0x00e30cef in check_thread (data=0x9a19a50) at image-loader.c:731
        il = <value optimized out>
        done = <value optimized out>
        error = <value optimized out>
        loader_done = <value optimized out>
        priv = (ImageLoaderPrivateData *) 0x9bb30e0
#5  0x037fca16 in g_timeout_dispatch (source=0x9b1c500, callback=0,
user_data=0x9a19a50) at gmain.c:3422
No locals.
#6  0x037fc442 in IA__g_main_context_dispatch (context=0x991d660) at
gmain.c:2045
No locals.
#7  0x037ff41f in g_main_context_iterate (context=0x991d660, block=1,
dispatch=1, self=0x9900f50)
    at gmain.c:2677
        got_ownership = <value optimized out>
        max_priority = 0
        timeout = 0
        some_ready = 1
        nfds = <value optimized out>
        allocated_nfds = <value optimized out>
        fds = (GPollFD *) 0x9c5a1a0
        __PRETTY_FUNCTION__ = "g_main_context_iterate"
#8  0x037ff7c9 in IA__g_main_loop_run (loop=0x9c4b240) at gmain.c:2881
        got_ownership = 14283488
        self = (GThread *) 0x9900f50
        __PRETTY_FUNCTION__ = "IA__g_main_loop_run"
#9  0x0212d4b4 in IA__gtk_main () at gtkmain.c:1148
        tmp_list = (GList *) 0x0
        functions = (GList *) 0x0
        init = (GtkInitFunction *) 0xbf832054
        loop = (GMainLoop *) 0x9c4b240
#10 0x080a65b5 in main (argc=) at main.c:834
No locals.
#0  0x00c79402 in __kernel_vsyscall ()
Comment 1 Michael Chudobiak 2007-04-10 04:54:15 UTC
Created attachment 9555 [details]
SVG file that causes the crash
Comment 2 Christian Kirbach 2007-07-01 03:35:48 UTC
see also http://bugzilla.gnome.org/show_bug.cgi?id=452601#stacktrace

nautilus: cairo-pen.c:323: _cairo_pen_find_active_cw_vertex_index: Assertion `i
< pen->num_vertices' failed.

could this be a bug in librsvg?


#7  0x4732338b in *__GI___assert_fail (
    assertion=0x47ecc070 "i < pen->num_vertices", 
    file=0x47ecc064 "cairo-pen.c", line=323, 
    function=0x47ecc0a0 "_cairo_pen_find_active_cw_vertex_index")
    at assert.c:78
        buf = 0x93b6ec0 "ØØè?<<<<<<ì?"
        errstr = "Unexpected error.\n"
#8  0x47e8716f in _cairo_pen_find_active_cw_vertex_index (pen=0xb5dfd834, 
    slope=0xb5dfd760, active=0xb5dfd768) at cairo-pen.c:323
        i = 4
        __PRETTY_FUNCTION__ = "_cairo_pen_find_active_cw_vertex_index"
#9  0x47e859f4 in _cairo_stroker_add_cap (stroker=0xb5dfd81c, f=0xb5dfd790)
    at cairo-path-stroke.c:385
        i = <value optimized out>
        stop = <value optimized out>
        slope = {dx = 37079, dy = -37273}
        tri = {{x = 5311777, y = 2414207}, {x = 37079, y = 37274}, {
    x = -88568302, y = 1072078999}}
        pen = (cairo_pen_t *) 0xb5dfd834
        start = <value optimized out>
        status = <value optimized out>
#10 0x47e85c65 in _cairo_stroker_add_leading_cap (stroker=0x0, 
    face=<value optimized out>) at cairo-path-stroke.c:456
        reversed = {ccw = {x = 5348856, y = 2376934}, point = {x = 5348856, 
    y = 2376934}, cw = {x = 5348856, y = 2376934}, dev_vector = {dx = 37079, 
    dy = -37273}, usr_vector = {x = 0.70711320477456541, 
    y = -0.70710035754017508}}
#11 0x47e85c95 in _cairo_stroker_add_caps (stroker=0xb5dfd81c)
    at cairo-path-stroke.c:488
        status = <value optimized out>
#12 0x47e85f1a in _cairo_path_fixed_stroke_to_traps (path=0x91986c8, 
    stroke_style=0x93b6990, ctm=0x93b6a2c, ctm_inverse=0x93b6a5c, 
    tolerance=0.10000000000000001, traps=0xb5dfd914)
    at cairo-path-stroke.c:1005
        status = CAIRO_STATUS_SUCCESS
        stroker = {style = 0x93b6990, ctm = 0x93b6a2c, 
  ctm_inverse = 0x93b6a5c, tolerance = 0.10000000000000001, 
  traps = 0xb5dfd914, pen = {radius = -0, tolerance = 0.10000000000000001, 
    vertices = 0x93b5bd8, num_vertices = 4}, current_point = {x = 5348856, 
    y = 2451481}, first_point = {x = 5348856, y = 2376934}, has_sub_path = 1, 
  has_current_face = 1, current_face = {ccw = {x = 5348856, y = 2451481}, 
    point = {x = 5348856, y = 2451481}, cw = {x = 5348856, y = 2451481}, 
    dev_vector = {dx = 37079, dy = 37274}, usr_vector = {
      x = 0.70710371941499006, y = 0.70710984294484758}}, has_first_face = 1, 
  first_face = {ccw = {x = 5348856, y = 2376934}, point = {x = 5348856, 
      y = 2376934}, cw = {x = 5348856, y = 2376934}, dev_vector = {
      dx = -37079, dy = 37273}, usr_vector = {x = -0.70711320477456541, 
      y = 0.70710035754017508}}, dashed = 0, dash_index = 3226480967, 
  dash_on = 1195614196, dash_remain = 7.9165322551249684e-265}
#13 0x47e7fdb7 in _cairo_gstate_stroke_extents (gstate=0x93b6980, 
    path=0x91986c8, x1=0xb5dfda08, y1=0xb5dfda10, x2=0xb5dfda18, 
    y2=0xb5dfda20) at cairo-gstate.c:1056
        status = 3051346236
        traps = {traps = 0x93b8000, num_traps = 2, traps_size = 32, 
  extents = {p1 = {x = 5311777, y = 2376934}, p2 = {x = 5348856, 
      y = 2451481}}}
        extents = {p1 = {x = -1891783525, y = 1094890508}, p2 = {
    x = -1243621024, y = 5348856}}
#14 0x47e7afb2 in cairo_stroke_extents (cr=0x91986c0, x1=0xb5dfda08, 
    y1=0x11d4, x2=0x6, y2=0xb5dfda20) at cairo.c:2021
No locals.
#15 0x4672fb14 in rsvg_cairo_render_path (ctx=0x919b5b8, bpath_def=0x93b4790)
    at rsvg-cairo-draw.c:546
        sb = {x = 3.4542216629796162e-313, y = 1.8884829227941214e+35, w = 0, 
  h = 2.712707690888975e-314, virgin = 1, affine = {0.56577866123872023, 0, 
    0, 0.56874918932402085, 81.051291316319919, 36.837876467866657}}
        state = (RsvgState *) 0x91bcd78
        cr = (cairo_t *) 0x91986c0
        bpath = <value optimized out>
        i = 4
        need_tmpbuf = 0
        bbox = {x = 5.2998088236266445e-315, y = 5.2762970911146811e+36, 
  w = 0, h = 1, virgin = 1, affine = {0.56577866123872023, 0, 0, 
    0.56874918932402085, 81.051291316319919, 36.837876467866657}}
#16 0x4672a9ce in rsvg_render_path (ctx=0x919b5b8, 
    d=0x91d70b0 "M 1 -1 L 0 0 L 1 1 ") at rsvg-base.c:1639
        bpath_def = (RsvgBpathDef *) 0x93b4790
#17 0x4672047b in rsvg_node_path_draw (self=0x91d6e98, ctx=0x919b5b8, 
    dominate=0) at rsvg-shapes.c:61
No locals.
#18 0x46722fee in rsvg_node_draw (self=0x6, ctx=0x919b5b8, dominate=0)
    at rsvg-structure.c:54
        stacksave = (GSList *) 0x0
#19 0x467232aa in _rsvg_node_draw_children (self=0x91d69a8, ctx=0x919b5b8, 
    dominate=1) at rsvg-structure.c:73
        i = 2
#20 0x46722fee in rsvg_node_draw (self=0x6, ctx=0x919b5b8, dominate=1)
    at rsvg-structure.c:54
        stacksave = (GSList *) 0x0
#21 0x46723ed3 in rsvg_node_use_draw (self=0x91d7ed0, ctx=0x919b5b8, 
    dominate=0) at rsvg-structure.c:230
        child = (RsvgNode *) 0x91d69a8
        state = (RsvgState *) 0x91bc530
        affine = {1, 0, 0, 1, 0, 0}
        x = 0
        y = 0
        w = 0
        h = 0
#22 0x46722fee in rsvg_node_draw (self=0x6, ctx=0x919b5b8, dominate=0)
    at rsvg-structure.c:54
        stacksave = (GSList *) 0x0
#23 0x4671ebae in rsvg_marker_render (self=0x91d74f8, x=0, 
    y=396.85000000000002, orient=0, linewidth=1.2, ctx=0x919b5b8)
    at rsvg-marker.c:180
        affine = {0.18250924556087747, 0, 0, 0.18346748042710348, 
  81.051291316319919, 36.837876467866657}
        taffine = {1, 0, 0, 1, -0, -0}
        i = 2
        rotation = 0
        state = <value optimized out>
Comment 3 Chris Wilson 2008-01-11 08:30:42 UTC
*** Bug 11493 has been marked as a duplicate of this bug. ***
Comment 4 Chris Wilson 2008-01-11 08:31:06 UTC
This was fixed by Carl Worth in commit 448c9314252bba779194d2b01950b8738b26fd13.