Bug 23264 - Cairo crashes in INT_cairo_set_operator()
Summary: Cairo crashes in INT_cairo_set_operator()
Alias: None
Product: poppler
Classification: Unclassified
Component: cairo backend (show other bugs)
Version: unspecified
Hardware: Other All
: high critical
Assignee: Adrian Johnson
QA Contact: cairo-bugs mailing list
Depends on:
Reported: 2009-08-12 01:21 UTC by Mitch
Modified: 2009-08-12 01:54 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Description Mitch 2009-08-12 01:21:07 UTC
When viewing a doc in evince linked to cairo 1.9.3 and poppler 0.11.2 i get the following crash

$ !gd
gdb evince
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
(gdb) r /www/hasbox.com/htdocs/M2N-MX.pdf 
Starting program: /usr/bin/evince /www/hasbox.com/htdocs/M2N-MX.pdf
[Thread debugging using libthread_db enabled]
[New Thread 0xb704d920 (LWP 7432)]
Xlib:  extension "RANDR" missing on display ":0.0".
[New Thread 0xb5575b90 (LWP 8268)]
[New Thread 0xb4995b90 (LWP 8401)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb5575b90 (LWP 8268)]
0xb787c082 in *INT_cairo_set_operator (cr=0x0, op=CAIRO_OPERATOR_OVER) at cairo.c:695
695	    if (unlikely (cr->status))
(gdb) where
#0  0xb787c082 in *INT_cairo_set_operator (cr=0x0, op=CAIRO_OPERATOR_OVER) at cairo.c:695
#1  0xb4d3ab6e in CairoOutputDev::updateBlendMode (this=0x84f5ad0, state=0x85038f8) at CairoOutputDev.cc:480
#2  0xb4bbd38d in Gfx::opSetExtGState (this=0x85042e8, args=0xb5574e98, numArgs=1) at Gfx.cc:922
#3  0xb4bb592e in Gfx::execOp (this=0x85042e8, cmd=0xb5575038, args=0xb5574e98, numArgs=1) at Gfx.cc:781
#4  0xb4bb5ac1 in Gfx::go (this=0x85042e8, topLevel=1) at Gfx.cc:652
#5  0xb4bb60ca in Gfx::display (this=0x85042e8, obj=0xb55750d8, topLevel=1) at Gfx.cc:621
#6  0xb4c05ae6 in Page::display (this=0x846bb70, gfx=0x85042e8) at Page.cc:508
#7  0xb4d2d71f in poppler_page_get_image_output_dev (page=0x84cb4a0, imgDrawDeviceCbk=0, imgDrawCbkData=0x0) at poppler-page.cc:1274
#8  0xb4d2e4c8 in poppler_page_get_image_mapping (page=0x84cb4a0) at poppler-page.cc:1299
#9  0xb4d705c5 in ?? () from /usr/lib/evince/1/backends/libpdfdocument.so
#10 0xb7ed6f08 in ev_document_images_get_image_mapping (document_images=0x8472750, page=0) at ev-document-images.c:37
#11 0xb7ea614b in ev_job_render_run (job=0x84d28a8) at ev-jobs.c:563
#12 0xb7ea55d2 in ev_job_run (job=0x84d28a8) at ev-jobs.c:212
#13 0xb7ea8332 in ev_job_thread (job=0x84d28a8) at ev-job-scheduler.c:183
#14 0xb7ea843e in ev_job_thread_proxy (data=0x0) at ev-job-scheduler.c:213
#15 0xb7236a98 in g_thread_create_proxy (data=0x84a36d0) at gthread.c:635
#16 0xb735c17b in start_thread () from /lib/libpthread.so.0
#17 0xb7156bde in clone () from /lib/libc.so.6
(gdb) quit
The program is running.  Exit anyway? (y or n) y
home:/usr/src/sources/gnome/cairo$ git pull
Already up-to-date.
Comment 1 Adrian Johnson 2009-08-12 01:54:30 UTC
This is a poppler bug (it is passing a NULL context to cairo).

It should be fixed with this commit:


Please reopen the bug if the crash still occurs with poppler git master.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.