Bug 63203 - cairo_line_to segfaults when used from pdf2svg from homebrew on macosx
Summary: cairo_line_to segfaults when used from pdf2svg from homebrew on macosx
Status: RESOLVED MOVED
Alias: None
Product: cairo
Classification: Unclassified
Component: svg backend (show other bugs)
Version: 1.12.14
Hardware: Other All
: medium normal
Assignee: Emmanuel Pacaud
QA Contact: cairo-bugs mailing list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: cairo-1.14
  Show dependency treegraph
 
Reported: 2013-04-06 09:00 UTC by Perry Wagle
Modified: 2018-08-25 13:45 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
sample_pdf_file (27.90 KB, text/plain)
2013-04-06 09:00 UTC, Perry Wagle 		Details
View All

Description Perry Wagle 2013-04-06 09:00:28 UTC 
Created attachment 77513 [details]
sample_pdf_file

When running sample_pdf_file (see attached) through pdf2svg, the first indirect call in cairo_line_to() segfaults when trying to call address zero.

This happens on macosx 10.8.2 with cairo 1.12.14 via homebrew.  Installing older versions of cairo (for example 1.12.8) fixes the segfault.

Here's a session with gdb (so, oh, its also going through poppler):

#0  0x0000000000000000 in ?? ()
#1  0x0000000100e53d2c in cairo_line_to ()
#2  0x00000001009988e6 in CairoOutputDev::doPath ()
#3  0x00000001009999e8 in CairoOutputDev::clip ()
#4  0x0000000100c9d693 in Gfx::drawForm ()
#5  0x0000000100ca6427 in Gfx::doForm ()
#6  0x0000000100c97cf6 in Gfx::opXObject ()
#7  0x0000000100c9cbf6 in Gfx::go ()
#8  0x0000000100c9c940 in Gfx::display ()
#9  0x0000000100cd7721 in Page::displaySlice ()
#10 0x000000010099015a in _poppler_page_render ()
#11 0x0000000100001a48 in convertPage ()
#12 0x0000000100001b5f in main ()
(gdb) list   
No symbol table is loaded.  Use the "file" command.
(gdb) up
#1  0x0000000100e53d2c in cairo_line_to ()
(gdb) list
No symbol table is loaded.  Use the "file" command.
(gdb) disasm
Undefined command: "disasm".  Try "help".
(gdb) disas
Dump of assembler code for function cairo_line_to:
0x0000000100e53d10 <cairo_line_to+0>:   push   %rbp
0x0000000100e53d11 <cairo_line_to+1>:   mov    %rsp,%rbp
0x0000000100e53d14 <cairo_line_to+4>:   push   %rbx
0x0000000100e53d15 <cairo_line_to+5>:   push   %rax
0x0000000100e53d16 <cairo_line_to+6>:   mov    %rdi,%rbx
0x0000000100e53d19 <cairo_line_to+9>:   cmpl   $0x0,0x4(%rbx)
0x0000000100e53d1d <cairo_line_to+13>:  jne    0x100e53d30 <cairo_line_to+32>
0x0000000100e53d1f <cairo_line_to+15>:  mov    0x20(%rbx),%rax
0x0000000100e53d23 <cairo_line_to+19>:  mov    %rbx,%rdi
0x0000000100e53d26 <cairo_line_to+22>:  callq  *0x198(%rax)
0x0000000100e53d2c <cairo_line_to+28>:  test   %eax,%eax
0x0000000100e53d2e <cairo_line_to+30>:  jne    0x100e53d37 <cairo_line_to+39>
0x0000000100e53d30 <cairo_line_to+32>:  add    $0x8,%rsp
0x0000000100e53d34 <cairo_line_to+36>:  pop    %rbx
0x0000000100e53d35 <cairo_line_to+37>:  pop    %rbp
0x0000000100e53d36 <cairo_line_to+38>:  retq   
0x0000000100e53d37 <cairo_line_to+39>:  mov    %rbx,%rdi
0x0000000100e53d3a <cairo_line_to+42>:  mov    %eax,%esi
0x0000000100e53d3c <cairo_line_to+44>:  add    $0x8,%rsp
0x0000000100e53d40 <cairo_line_to+48>:  pop    %rbx
0x0000000100e53d41 <cairo_line_to+49>:  pop    %rbp
0x0000000100e53d42 <cairo_line_to+50>:  jmpq   0x100e5363a <_cairo_set_error>
Comment 1 Perry Wagle 2013-04-07 00:39:32 UTC 
I was wrong about 1.12.8..  But 1.12.2 does work.
Comment 2 Perry Wagle 2013-09-07 05:24:26 UTC 
1.12.16 gets a segfault in the same place, do you need more details?
Comment 3 GitLab Migration User 2018-08-25 13:45:39 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/cairo/cairo/issues/181.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.