(If you don't have the test file installed locally, you can get it from http://websvn.kde.org/*checkout*/trunk/KDE/kdegames/libkdegames/carddecks/svg-oxygen-white/oxygen-white.svgz?revision=896352 ) This crash happens with formats pdf, ps (rsvg-convert creates a pdf or ps surface), but does *not* crash for png (image surface). This is cairo 1.10.0 (git master from today), librsvg git master. $ ./rsvg-convert --format pdf /usr/share/kde4/apps/carddecks/svg-oxygen-white/oxygen-white.svgz -o test.pdf Program received signal SIGSEGV, Segmentation fault. __memcpy_ssse3 () at ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S:160 160 movdqu (%eax), %xmm0 (gdb) where #0 __memcpy_ssse3 () at ../sysdeps/i386/i686/multiarch/memcpy-ssse3.S:160 #1 0x004441ec in _cairo_surface_snapshot_copy_on_write (surface=0x805aaa8) at cairo-surface-snapshot.c:140 #2 0x0043c07f in _cairo_surface_detach_snapshot (snapshot=0x805aaa8) at cairo-surface.c:329 #3 0x0043bfea in _cairo_surface_detach_snapshots (surface=0x805a5c8) at cairo-surface.c:314 #4 0x0043c9d1 in cairo_surface_finish (surface=0x805a5c8) at cairo-surface.c:715 #5 0x0043c8f0 in cairo_surface_destroy (surface=0x805a5c8) at cairo-surface.c:645 #6 0x004296db in _cairo_pattern_fini (pattern=0x805a6f0) at cairo-pattern.c:346 #7 0x0042a1d3 in cairo_pattern_destroy (pattern=0x805a6f0) at cairo-pattern.c:828 #8 0x00409fd9 in _cairo_gstate_fini (gstate=0x805bea0) at cairo-gstate.c:229 #9 0x0040a120 in _cairo_gstate_restore (gstate=0x4a7e5c, freelist=0x4a80f0) at cairo-gstate.c:290 #10 0x003fed87 in cairo_restore (cr=0x4a7e40) at cairo.c:583 #11 0x001400b1 in rsvg_cairo_pop_discrete_layer (ctx=0x851b8b8) at rsvg-cairo-draw.c:1003 #12 0x0013f0ce in rsvg_cairo_render_path (ctx=0x851b8b8, bpath_def=0x808cfa0) at rsvg-cairo-draw.c:639 #13 0x0013cc4e in rsvg_render_path (ctx=0x851b8b8, d=0x8059da0 "M 45.70543 501.29736000000003 H 325.28484200000003 A15.247724 15.247724 0 0 1 340.53256599999997 516.54508399999997 V 924.46134600000005 A15.247724 15.247724 0 0 1 325.28484200000003 939.7090700000001"...) at rsvg-base.c:2067 #14 0x0012f7ff in _rsvg_node_rect_draw (self=0x8106458, ctx=0x851b8b8, dominate=0) at rsvg-shapes.c:445 #15 0x00130e8a in rsvg_node_draw (self=0x8106458, ctx=0x851b8b8, dominate=0) at rsvg-structure.c:69 #16 0x00130f35 in _rsvg_node_draw_children (self=0x8105ad8, ctx=0x851b8b8, dominate=0) at rsvg-structure.c:87 #17 0x00130e8a in rsvg_node_draw (self=0x8105ad8, ctx=0x851b8b8, dominate=0) at rsvg-structure.c:69 #18 0x001319aa in rsvg_node_svg_draw (self=0x806b8c0, ctx=0x851b8b8, dominate=0) at rsvg-structure.c:326 #19 0x00130e8a in rsvg_node_draw (self=0x806b8c0, ctx=0x851b8b8, dominate=0) at rsvg-structure.c:69 #20 0x00140d4a in rsvg_handle_render_cairo_sub (handle=0x8056400, cr=0x4a7e40, id=0x0) at rsvg-cairo-render.c:234 #21 0x00140da2 in rsvg_handle_render_cairo (handle=0x8056400, cr=0x4a7e40) at rsvg-cairo-render.c:256 #22 0x0804a06b in main (argc=1, argv=0xbfffead4) at rsvg-convert.c:319 Running under valgrind doesn't crash, but reports this: ==27565== Unaddressable byte(s) found during client check request ==27565== at 0x427E2C0: _cairo_debug_check_image_surface_is_defined (cairo-debug.c:125) ==27565== by 0x42B5749: _cairo_surface_acquire_source_image (cairo-surface.c:1447) ==27565== by 0x42BC119: _cairo_surface_snapshot_copy_on_write (cairo-surface-snapshot.c:125) ==27565== by 0x42B407E: _cairo_surface_detach_snapshot (cairo-surface.c:329) ==27565== by 0x42B3FE9: _cairo_surface_detach_snapshots (cairo-surface.c:314) ==27565== by 0x42B49D0: cairo_surface_finish (cairo-surface.c:715) ==27565== by 0x42B48EF: cairo_surface_destroy (cairo-surface.c:645) ==27565== by 0x42A16DA: _cairo_pattern_fini (cairo-pattern.c:346) ==27565== by 0x42A21D2: cairo_pattern_destroy (cairo-pattern.c:828) ==27565== by 0x4281FD8: _cairo_gstate_fini (cairo-gstate.c:229) ==27565== by 0x428211F: _cairo_gstate_restore (cairo-gstate.c:290) ==27565== by 0x4276D86: cairo_restore (cairo.c:583) ==27565== by 0x40390B0: rsvg_cairo_pop_discrete_layer (rsvg-cairo-draw.c:1003) ==27565== by 0x40380CD: rsvg_cairo_render_path (rsvg-cairo-draw.c:639) ==27565== by 0x4035C4D: rsvg_render_path (rsvg-base.c:2067) ==27565== by 0x40287FE: _rsvg_node_rect_draw (rsvg-shapes.c:445) ==27565== by 0x4029E89: rsvg_node_draw (rsvg-structure.c:69) ==27565== by 0x4029F34: _rsvg_node_draw_children (rsvg-structure.c:87) ==27565== by 0x4029E89: rsvg_node_draw (rsvg-structure.c:69) ==27565== by 0x402A9A9: rsvg_node_svg_draw (rsvg-structure.c:326) ==27565== by 0x4029E89: rsvg_node_draw (rsvg-structure.c:69) ==27565== by 0x4039D49: rsvg_handle_render_cairo_sub (rsvg-cairo-render.c:234) ==27565== by 0x4039DA1: rsvg_handle_render_cairo (rsvg-cairo-render.c:256) ==27565== by 0x804A06A: main (rsvg-convert.c:319) ==27565== Address 0x6c6b028 is not stack'd, malloc'd or (recently) free'd
Created attachment 38534 [details] minimally reduced svg file
Turns out this was a rsvg bug after all; now fixed with this commit: http://git.gnome.org/browse/librsvg/commit/?id=02a38df61976f6bbd1e5d2555a182e0a1411de57 .
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.