Bug 14701 - evince crashed with SIGSEGV in cairo_image_surface_get_width(
Summary: evince crashed with SIGSEGV in cairo_image_surface_get_width(
Status: RESOLVED NOTOURBUG
Alias: None
Product: cairo
Classification: Unclassified
Component: general (show other bugs)
Version: 1.5.8
Hardware: x86 (IA32) Linux (All)
: medium critical
Assignee: Carl Worth
QA Contact: cairo-bugs mailing list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-02-27 06:03 UTC by Pedro Villavicencio
Modified: 2008-02-29 02:57 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Pedro Villavicencio 2008-02-27 06:03:21 UTC 
This report has been filed here:

https://bugs.edge.launchpad.net/ubuntu/+source/libcairo/+bug/195602

"From firefox3b3, I open http://www.norg.uminho.pt/iapinho/pdfs/optim_int_DSC_NM.pdf (from http://www.norg.uminho.pt/iapinho/slides_mnb0708.html).
The password form raises up, and when I submit the password ("mnb_lei"), evince open correctly. Just a few 'pgDn' commands make 'evince' crash."

"#0  0xb7556968 in _cairo_surface_is_image (surface=0x0)
    at /build/buildd/cairo-1.5.8/src/cairo-image-surface.c:1257
No locals.
#1  0x0808b4be in paint_surface (cr=0x860f4f0, surface=0x0, x_offset=0, y_offset=0, alpha=0, page_area=
      {x = 0, y = 0, width = 1035, height = 800})
    at /build/buildd/evince-2.21.91/./shell/ev-transition-animation.c:197
	width = 140519960
	height = <value optimized out>
#2  0x0808b9d4 in ev_transition_animation_paint (animation=0x8602a18, cr=0x860f4f0, page_area=
      {x = 0, y = 0, width = 1035, height = 800})
    at /build/buildd/evince-2.21.91/./shell/ev-transition-animation.c:611
	enum_value = <value optimized out>
	priv = (EvTransitionAnimationPriv *) 0x8602a40
	type = EV_TRANSITION_EFFECT_REPLACE
	progress = 0
	__PRETTY_FUNCTION__ = "ev_transition_animation_paint"
#3  0x08077743 in ev_view_expose_event (widget=0x837c018, event=0xbfb3da34)
    at /build/buildd/evince-2.21.91/./shell/ev-view.c:2504
	page_area = {x = 0, y = 0, width = 1035, height = 800}
	border = {left = 0, right = 0, top = 0, bottom = 0}
	view = (EvView *) 0x837c018
	cr = (cairo_t *) 0x860f4f0
	i = <value optimized out>
#4  0xb78826b4 in _gtk_marshal_BOOLEAN__BOXED (closure=0x80e05c0, return_value=0xbfb3d660, n_param_values=2, 
    param_values=0xbfb3d744, invocation_hint=0xbfb3d64c, marshal_data=0x8077680)
    at /build/buildd/gtk+2.0-2.12.8/gtk/gtkmarshalers.c:84
	data1 = (gpointer) 0x837c018
	data2 = <value optimized out>
	v_return = <value optimized out>
	__PRETTY_FUNCTION__ = "_gtk_marshal_BOOLEAN__BOXED"
#5  0xb731a0a9 in g_type_class_meta_marshal (closure=0x80e05c0, return_value=0xbfb3d660, n_param_values=2, 
    param_values=0xbfb3d744, invocation_hint=0xbfb3d64c, marshal_data=0xc8)
    at /build/buildd/glib2.0-2.15.5/gobject/gclosure.c:567
	callback = <value optimized out>
#6  0xb731b789 in IA__g_closure_invoke (closure=0x80e05c0, return_value=0xbfb3d660, n_param_values=2, 
    param_values=0xbfb3d744, invocation_hint=0xbfb3d64c)
    at /build/buildd/glib2.0-2.15.5/gobject/gclosure.c:490
	marshal = (GClosureMarshal) 0xb731a060 <g_type_class_meta_marshal>
	marshal_data = (gpointer) 0xc8
	__PRETTY_FUNCTION__ = "IA__g_closure_invoke"
#7  0xb73316b1 in signal_emit_unlocked_R (node=0x80e0530, detail=0, instance=0x837c018, 
    emission_return=0xbfb3d904, instance_and_params=0xbfb3d744)
    at /build/buildd/glib2.0-2.15.5/gobject/gsignal.c:2478
	tmp = <value optimized out>
	handler = (Handler *) 0x837a838
	accumulator = (SignalAccumulator *) 0x80e0560
	emission = {next = 0x0, instance = 0x837c018, ihint = {signal_id = 52, detail = 0, 
    run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 137865272}
	class_closure = (GClosure *) 0x80e05c0
	handler_list = (Handler *) 0x0
	return_accu = (GValue *) 0xbfb3d660
	accu = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, 
      v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, 
      v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
	signal_id = 52
	max_sequential_handler_number = 955
	return_value_altered = 0
#8  0xb7332e39 in IA__g_signal_emit_valist (instance=0x837c018, signal_id=52, detail=0, 
    var_args=0xbfb3d980 "\230Ù³¿4Ú³¿\030À7\b__\232·\030À7\b")
    at /build/buildd/glib2.0-2.15.5/gobject/gsignal.c:2209
	_flags = <value optimized out>
	_value_type = <value optimized out>
	_vtable = <value optimized out>
	_cvalues = {{v_int = -1078732392, v_long = -1078732392, v_int64 = 3216234904, 
    v_double = 1.5890311750219196e-314, v_pointer = 0xbfb3d998}, {v_int = 0, v_long = 0, v_int64 = 0, 
    v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {
    v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, 
    v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {
    v_int = 0, v_long = 0, v_int64 = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_long = 0, v_int64 = 0, 
    v_double = 0, v_pointer = 0x0}}
	_lcopy_format = <value optimized out>
	_n_values = <value optimized out>
	return_value = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, 
      v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, 
      v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
	error = <value optimized out>
	rtype = <value optimized out>
	instance_and_params = (GValue *) 0xbfb3d744
	stack_values = {{g_type = 137865272, data = {{v_int = 137871384, v_uint = 137871384, 
        v_long = 137871384, v_ulong = 137871384, v_int64 = 137871384, v_uint64 = 137871384, 
        v_float = 5.52953645e-34, v_double = 6.8117514378986505e-316, v_pointer = 0x837c018}, {v_int = 0, 
        v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, 
        v_pointer = 0x0}}}, {g_type = 135134208, data = {{v_int = -1078732236, v_uint = 3216235060, 
        v_long = -1078732236, v_ulong = 3216235060, v_int64 = 3216235060, v_uint64 = 3216235060, 
        v_float = -1.40509653, v_double = 1.5890312520961603e-314, v_pointer = 0xbfb3da34}, {
        v_int = 134217728, v_uint = 134217728, v_long = 134217728, v_ulong = 134217728, v_int64 = 134217728, 
        v_uint64 = 134217728, v_float = 3.85185989e-34, v_double = 6.631236846766476e-316, 
        v_pointer = 0x8000000}}}, {g_type = 3076132892, data = {{v_int = -1218834404, v_uint = 3076132892, 
        v_long = -1218834404, v_ulong = 3076132892, v_int64 = -4633122042506768356, 
        v_uint64 = 13813622031202783260, v_float = -1.29975633e-05, v_double = -0.077515406383156849, 
        v_pointer = 0xb75a101c}, {v_int = -1078732888, v_uint = 3216234408, v_long = -1078732888, 
        v_ulong = 3216234408, v_int64 = -5236296494818797656, v_uint64 = 13210447578890753960, 
        v_float = -1.40501881, v_double = -3.7555366721145803e-42, v_pointer = 0xbfb3d7a8}}}, {
    g_type = 3216234520, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, 
        v_int64 = 602885177814810624, v_uint64 = 602885177814810624, v_float = 0, 
        v_double = 2.2622545726165972e-268, v_pointer = 0x0}, {v_int = -1219170380, v_uint = 3075796916, 
        v_long = -1219170380, v_ulong = 3075796916, v_int64 = 3075796916, v_uint64 = 3075796916, 
        v_float = -1.26919949e-05, v_double = 1.5196455897800543e-314, v_pointer = 0xb754efb4}}}, {
    g_type = 3216234520, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, 
        v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = -1218834404, v_uint = 3076132892, 
        v_long = -1218834404, v_ulong = 3076132892, v_int64 = -4633122042506768356, 
        v_uint64 = 13813622031202783260, v_float = -1.29975633e-05, v_double = -0.077515406383156849, 
        v_pointer = 0xb75a101c}}}, {g_type = 3216234440, data = {{v_int = -1219057931, v_uint = 3075909365, 
        v_long = -1219057931, v_ulong = 3075909365, v_int64 = -4633121990967384331, 
        v_uint64 = 13813622082742167285, v_float = -1.27942667e-05, v_double = -0.077516121635792093, 
        v_pointer = 0xb756a6f5}, {v_int = 140370144, v_uint = 140370144, v_long = 140370144, 
        v_ulong = 140370144, v_int64 = -4633122337500307232, v_uint64 = 13813621736209244384, 
        v_float = 6.67691077e-34, v_double = -0.077511312525419651, v_pointer = 0x85de0e0}}}, {
    g_type = 3077223080, data = {{v_int = -1217744216, v_uint = 3077223080, v_long = -1217744216, 
        v_ulong = 3077223080, v_int64 = 3077223080, v_uint64 = 3077223080, v_float = -1.39890835e-05, 
        v_double = 1.5203502084177899e-314, v_pointer = 0xb76ab2a8}, {v_int = -1078732568, 
        v_uint = 3216234728, v_long = -1078732568, v_ulong = 3216234728, v_int64 = -5236203521661740824, 
        v_uint64 = 13210540552047810792, v_float = -1.40505695, v_double = -3.8147825858984548e-42, 
        v_pointer = 0xbfb3d8e8}}}, {g_type = 3216234508, data = {{v_int = 2, v_uint = 2, v_long = 2, 
        v_ulong = 2, v_int64 = -4633122045582901246, v_uint64 = 13813622028126650370, 
        v_float = 2.80259693e-45, v_double = -0.077515363693237332, v_pointer = 0x2}, {v_int = 140572272, 
        v_uint = 140572272, v_long = 140572272, v_ulong = 140572272, v_int64 = 140572272, 
        v_uint64 = 140572272, v_float = 6.76972339e-34, v_double = 6.9451930353051378e-316, 
        v_pointer = 0x860f670}}}, {g_type = 2576980378, data = {{v_int = 1069128089, v_uint = 1069128089, 
        v_long = 1069128089, v_ulong = 1069128089, v_int64 = 1069128089, v_uint64 = 1069128089, 
        v_float = 1.44999993, v_double = 5.2821945977880272e-315, v_pointer = 0x3fb99999}, {
        v_int = 140571920, v_uint = 140571920, v_long = 140571920, v_ulong = 140571920, 
        v_int64 = 603046977963357456, v_uint64 = 603046977963357456, v_float = 6.76956176e-34, 
        v_double = 2.3057779912473812e-268, v_pointer = 0x860f510}}}, {g_type = 0, data = {{
        v_int = -1223306543, v_uint = 3071660753, v_long = -1223306543, v_ulong = 3071660753, 
        v_int64 = -5234853901347990831, v_uint64 = 13211890172361560785, v_float = -8.93017659e-06, 
        v_double = -4.6748102678725173e-42, v_pointer = 0xb715d2d1}, {v_int = 140407816, v_uint = 140407816, 
        v_long = 140407816, v_ulong = 140407816, v_int64 = -4633121719024978936, 
        v_uint64 = 13813622354684572680, v_float = 6.6942089e-34, v_double = -0.077519895594790111, 
        v_pointer = 0x85e7408}}}, {g_type = 0, data = {{v_int = 1, v_uint = 1, v_long = 1, v_ulong = 1, 
        v_int64 = 1, v_uint64 = 1, v_float = 1.40129846e-45, v_double = 4.9406564584124654e-324, 
        v_pointer = 0x1}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 603825844372111360, 
        v_uint64 = 603825844372111360, v_float = 0, v_double = 2.6076873257868866e-268, v_pointer = 0x0}}}, {
    g_type = 12, data = {{v_int = 4104, v_uint = 4104, v_long = 4104, v_ulong = 4104, 
        v_int64 = -5250600955333832696, v_uint64 = 13196143118375718920, v_float = 5.7509289e-42, 
        v_double = -4.0622328763498833e-43, v_pointer = 0x1008}, {v_int = 0, v_uint = 0, v_long = 0, 
        v_ulong = 0, v_int64 = 4607182418800017408, v_uint64 = 4607182418800017408, v_float = 0, 
        v_double = 1, v_pointer = 0x0}}}, {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, 
        v_ulong = 0, v_int64 = -5254061595167817728, v_uint64 = 13192682478541733888, v_float = 0, 
        v_double = -2.4464991407946307e-43, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, 
        v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}, {
    g_type = 1072693248, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, 
        v_int64 = -5234853904419651584, v_uint64 = 13211890169289900032, v_float = 0, 
        v_double = -4.6748083104973575e-42, v_pointer = 0x0}, {v_int = 140589304, v_uint = 140589304, 
        v_long = 140589304, v_ulong = 140589304, v_int64 = -5249924819966674696, 
        v_uint64 = 13196819253742876920, v_float = 6.77754411e-34, v_double = -4.6008057684748735e-43, 
        v_pointer = 0x86138f8}}}, {g_type = 140571880, data = {{v_int = 140407828, v_uint = 140407828, 
        v_long = 140407828, v_ulong = 140407828, v_int64 = 5944375145492, v_uint64 = 5944375145492, 
        v_float = 6.69421441e-34, v_double = 2.9369115453801589e-311, v_pointer = 0x85e7414}, {
        v_int = -1222500800, v_uint = 3072466496, v_long = -1222500800, v_ulong = 3072466496, 
        v_int64 = 603825881804316224, v_uint64 = 603825881804316224, v_float = -9.66299558e-06, 
        v_double = 2.6077074639330774e-268, v_pointer = 0xb7221e40}}}, {g_type = 3216234664, data = {{
        v_int = -1223289888, v_uint = 3071677408, v_long = -1223289888, v_ulong = 3071677408, 
        v_int64 = -5250105072518032416, v_uint64 = 13196639001191519200, v_float = -8.94532423e-06, 
        v_double = -4.4572263277103882e-43, v_pointer = 0xb71613e0}, {v_int = 140589168, v_uint = 140589168, 
        v_long = 140589168, v_ulong = 140589168, v_int64 = -5234853904279062416, 
        v_uint64 = 13211890169430489200, v_float = 6.77748166e-34, v_double = -4.674808400085944e-42, 
        v_pointer = 0x8613870}}}}
	free_me = (GValue *) 0x0
	signal_return_type = 20
	param_values = (GValue *) 0xbfb3d758
	node = (SignalNode *) 0x80e0530
	i = 1
	n_params = 1
	__PRETTY_FUNCTION__ = "IA__g_signal_emit_valist"
#9  0xb7333499 in IA__g_signal_emit (instance=0x837c018, signal_id=52, detail=0)
    at /build/buildd/glib2.0-2.15.5/gobject/gsignal.c:2243
	var_args = 0xbfb3d97c "4Ú³¿\230Ù³¿4Ú³¿\030À7\b__\232·\030À7\b"
#10 0xb79a1247 in gtk_widget_event_internal (widget=0x837c018, event=0xbfb3da34)
    at /build/buildd/gtk+2.0-2.12.8/gtk/gtkwidget.c:4678
	signal_num = <value optimized out>
	return_val = 0
#11 0xb787cde4 in IA__gtk_main_do_event (event=0xbfb3da34) at /build/buildd/gtk+2.0-2.12.8/gtk/gtkmain.c:1514
	event_widget = (GtkWidget *) 0x837c018
	grab_widget = (GtkWidget *) 0x837c018
	window_group = (GtkWindowGroup *) 0x841fd10
	rewritten_event = (GdkEvent *) 0x0
	tmp_list = <value optimized out>
	__PRETTY_FUNCTION__ = "IA__gtk_main_do_event"
#12 0xb7655f33 in gdk_window_process_updates_internal (window=0x84fd5e8)
    at /build/buildd/gtk+2.0-2.12.8/gdk/gdkwindow.c:2378
	event = {type = GDK_EXPOSE, any = {type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0'}, 
  expose = {type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0', area = {x = 0, y = 0, width = 1280, 
      height = 800}, region = 0x84119a0, count = 0}, no_expose = {type = GDK_EXPOSE, window = 0x84fd5e8, 
    send_event = 0 '\0'}, visibility = {type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0', 
    state = GDK_VISIBILITY_UNOBSCURED}, motion = {type = GDK_EXPOSE, window = 0x84fd5e8, 
    send_event = 0 '\0', time = 0, x = 2.7161546124355486e-311, y = 6.4736985330864849e-269, axes = 0x0, 
    state = 3216235128, is_hint = 25323, device = 0xb76ab2a8, x_root = -0.077553272247314453, 
    y_root = -9.577397228708714e-42}, button = {type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0', 
    time = 0, x = 2.7161546124355486e-311, y = 6.4736985330864849e-269, axes = 0x0, state = 3216235128, 
    button = 3076874987, device = 0xb76ab2a8, x_root = -0.077553272247314453, 
    y_root = -9.577397228708714e-42}, scroll = {type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0', 
    time = 0, x = 2.7161546124355486e-311, y = 6.4736985330864849e-269, state = 0, direction = 3216235128, 
    device = 0xb76562eb, x_root = 1.5203502084177899e-314, y_root = -7.671905185944129e-42}, key = {
    type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0', time = 0, state = 0, keyval = 1280, 
    length = 800, string = 0x84119a0 "\002", hardware_keycode = 0, group = 0 '\0', is_modifier = 0}, 
  crossing = {type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0', subwindow = 0x0, time = 0, 
    x = 1.6975966334046219e-311, y = 6.8420250139081854e-316, x_root = -7.6719982409202552e-42, 
    y_root = 1.5203502084177899e-314, mode = 3216235144, detail = 3076874970, focus = -1217744216, 
    state = 139449832}, focus_change = {type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0', 
    in = -18636}, configure = {type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0', x = 0, y = 0, 
    width = 1280, height = 800}, property = {type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0', 
    atom = 0x0, time = 0, state = 1280}, selection = {type = GDK_EXPOSE, window = 0x84fd5e8, 
    send_event = 0 '\0', selection = 0x0, target = 0x0, property = 0x500, time = 800, 
    requestor = 138484128}, owner_change = {type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0', 
    owner = 0, reason = GDK_OWNER_CHANGE_NEW_OWNER, selection = 0x500, time = 800, 
    selection_time = 138484128}, proximity = {type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0', 
    time = 0, device = 0x0}, client = {type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0', 
    message_type = 0x0, data_format = 0, data = {
      b = "\000\005\000\000 \003\000\000 \031A\b\000\000\000\000xÚ³¿", s = {1280, 0, 800, 0, 6560, 2113, 0, 
        0, -9608, -16461}, l = {1280, 800, 138484128, 0, -1078732168}}}, dnd = {type = GDK_EXPOSE, 
    window = 0x84fd5e8, send_event = 0 '\0', context = 0x0, time = 0, x_root = 1280, y_root = 0}, 
  window_state = {type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0', changed_mask = 0, 
    new_window_state = 0}, setting = {type = GDK_EXPOSE, window = 0x84fd5e8, send_event = 0 '\0', 
    action = GDK_SETTING_ACTION_NEW, name = 0x0}, grab_broken = {type = GDK_EXPOSE, window = 0x84fd5e8, 
    send_event = 0 '\0', keyboard = 0, implicit = 0, grab_window = 0x500}}
	window_rect = {x = 0, y = 0, width = 1280, height = 800}
	expose_region = (GdkRegion *) 0x84119a0
	window_region = (GdkRegion *) 0x851d6c0
	width = 1280
	height = 800
	save_region = 1
#13 0xb76565c8 in IA__gdk_window_process_all_updates () at /build/buildd/gtk+2.0-2.12.8/gdk/gdkwindow.c:2444
	old_update_windows = (GSList *) 0x8561b60
	tmp_list = (GSList *) 0x8561b60
#14 0xb77e4b9f in gtk_container_idle_sizer (data=0x0) at /build/buildd/gtk+2.0-2.12.8/gtk/gtkcontainer.c:1307
No locals.
#15 0xb763c81b in gdk_threads_dispatch (data=0x85bc620) at /build/buildd/gtk+2.0-2.12.8/gdk/gdk.c:470
	ret = 0
#16 0xb728f191 in g_idle_dispatch (source=0x8601dc8, callback=0xb75a0500 <cairo_image_surface_backend>, 
    user_data=0x85bc620) at /build/buildd/glib2.0-2.15.5/glib/gmain.c:4142
No locals.
#17 0xb7290d36 in IA__g_main_context_dispatch (context=0x80ccd38)
    at /build/buildd/glib2.0-2.15.5/glib/gmain.c:2064
No locals.
#18 0xb72940f3 in g_main_context_iterate (context=0x80ccd38, block=1, dispatch=1, self=0x80a3680)
    at /build/buildd/glib2.0-2.15.5/glib/gmain.c:2697
	got_ownership = <value optimized out>
	max_priority = 110
	timeout = 0
	some_ready = 1
	nfds = <value optimized out>
	allocated_nfds = <value optimized out>
	fds = (GPollFD *) 0x84ea000
	__PRETTY_FUNCTION__ = "g_main_context_iterate"
#19 0xb72944d7 in IA__g_main_loop_run (loop=0x80eb7f0) at /build/buildd/glib2.0-2.15.5/glib/gmain.c:2905
	got_ownership = -1222343392
	self = (GThread *) 0x80a3680
	__PRETTY_FUNCTION__ = "IA__g_main_loop_run"
#20 0xb787d044 in IA__gtk_main () at /build/buildd/gtk+2.0-2.12.8/gtk/gtkmain.c:1163
	tmp_list = (GList *) 0x80ef790
	functions = (GList *) 0x0
	init = (GtkInitFunction *) 0x0
	loop = (GMainLoop *) 0x80eb7f0
#21 0x0808d1b6 in main (argc=2, argv=0xb760f5a0) at /build/buildd/evince-2.21.91/./shell/main.c:412
	enable_metadata = 1
	context = <value optimized out>
	args = (GHashTable *) 0x80d4518
	program = (GnomeProgram *) 0x80ac058
#22 0xb7108450 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#23 0x0805c381 in _start ()"
Comment 1 Carl Worth 2008-02-27 08:19:42 UTC 
Evince is passing a NULL pointer to cairo_image_surface_get_width.

So that's a bug in evince that should be fixed. The crash in cairo
is quite legitimate in this scenario.

-Carl
Comment 2 James Cloos 2008-02-29 02:57:59 UTC 
Would it not be appropriate for cairo_image_surface_get_width() to throw a @CAIRO_STATUS_NULL_POINTER in that case rather than allow the null pointer to be dereferenced in _cairo_surface_is_image()?

Something like:

    if (!surface) {
        _cairo_error_throw (CAIRO_STATUS_NULL_POINTER);
        return 0;
    }

It would be needed of course in each of the cairo_image_surface_get... funtions before the 

    if (!_cairo_surface_is_image (surface)) {
        _cairo_error_throw (CAIRO_STATUS_SURFACE_TYPE_MISMATCH);
        return 0;
    }

blocks.

I suppose the question is just how vigilant cairo should be in avoiding SEGVs from bogus input?

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.