Bug#838082: libcairo2: crash in _cairo_gstate_set_dash when rendering PDF

Yann Soubeyrand yann.soubeyrand at gmx.fr
Sat Sep 17 09:52:26 UTC 2016 

Package: libcairo2
Version: 1.14.0-2.1+deb8u1
Severity: important

Dear Maintainer,

I was reading a PDF document when Evince got a SIGSEGV. I installed debug
packages and got the following backtrace using gdb:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe67fc700 (LWP 5971)]
0x00007ffff5efb7d9 in _cairo_gstate_set_dash (gstate=0x7fffd0220450, dash=0x0, num_dashes=2, offset=8.4879831678136144e-314) at ../../../../src/cairo-gstate.c:542
542	../../../../src/cairo-gstate.c: Aucun fichier ou dossier de ce type.
(gdb) bt
#0  0x00007ffff5efb7d9 in _cairo_gstate_set_dash (gstate=0x7fffd0220450, dash=0x0, num_dashes=2, offset=8.4879831678136144e-314) at ../../../../src/cairo-gstate.c:542
#1  0x00007ffff5eee632 in cairo_set_dash (cr=0x0, dashes=0x7fffd0000020, num_dashes=-803065744, offset=8.4879831678136144e-314) at ../../../../src/cairo.c:1080
#2  0x00007fffe5bc84bc in CairoOutputDev::fillToStrokePathClip(GfxState*) () from /usr/lib/x86_64-linux-gnu/libpoppler-glib.so.8
#3  0x00007fffe5bc86e5 in CairoOutputDev::fill(GfxState*) () from /usr/lib/x86_64-linux-gnu/libpoppler-glib.so.8
#4  0x00007fffe52e50ea in Gfx::doAxialShFill(GfxAxialShading*) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.46
#5  0x00007fffe52eb01e in Gfx::opShFill(Object*, int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.46
#6  0x00007fffe52ebe78 in Gfx::go(bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.46
#7  0x00007fffe52ec378 in Gfx::display(Object*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.46
#8  0x00007fffe52ec702 in Gfx::drawForm(Object*, Dict*, double*, double*, bool, bool, GfxColorSpace*, bool, bool, bool, Function*, GfxColor*) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.46
#9  0x00007fffe52ecdcb in Gfx::doSoftMask(Object*, bool, GfxColorSpace*, bool, bool, Function*, GfxColor*) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.46
#10 0x00007fffe52ee582 in Gfx::opSetExtGState(Object*, int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.46
#11 0x00007fffe52ebe78 in Gfx::go(bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.46
#12 0x00007fffe52ec378 in Gfx::display(Object*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.46
#13 0x00007fffe5334375 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) ()
   from /usr/lib/x86_64-linux-gnu/libpoppler.so.46
#14 0x00007fffe5bb4e52 in ?? () from /usr/lib/x86_64-linux-gnu/libpoppler-glib.so.8
#15 0x00007fffe5df2b93 in pdf_page_render (page=page at entry=0x7fffd010e4c0, width=1890, height=3093, rc=rc at entry=0x7fffd010e500) at /build/evince-3.14.1/./backend/pdf/ev-poppler.cc:415
#16 0x00007fffe5df2dd1 in pdf_document_render (document=<optimized out>, rc=0x7fffd010e500) at /build/evince-3.14.1/./backend/pdf/ev-poppler.cc:442
#17 0x00007ffff7969342 in ev_job_render_run (job=0xb38e40) at /build/evince-3.14.1/./libview/ev-jobs.c:638
#18 0x00007ffff796b19a in ev_job_thread (job=0xb38e40) at /build/evince-3.14.1/./libview/ev-job-scheduler.c:184
#19 ev_job_thread_proxy (data=<optimized out>) at /build/evince-3.14.1/./libview/ev-job-scheduler.c:217
#20 0x00007ffff4de5845 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007ffff46440a4 in start_thread (arg=0x7fffe67fc700) at pthread_create.c:309
#22 0x00007ffff437987d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

I can provide the PDF document as well as the core file but due to their size
I can't attach them to this bug report.

Regards

Yann

-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libcairo2 depends on:
ii  libc6              2.19-18+deb8u4
ii  libfontconfig1     2.11.0-6.3+deb8u1
ii  libfreetype6       2.5.2-3+deb8u1
ii  libpixman-1-0      0.32.6-3
ii  libpng12-0         1.2.50-2+deb8u2
ii  libx11-6           2:1.6.2-3
ii  libxcb-render0     1.10-3+b1
ii  libxcb-shm0        1.10-3+b1
ii  libxcb1            1.10-3+b1
ii  libxext6           2:1.3.3-1
ii  libxrender1        1:0.9.8-1+b1
ii  multiarch-support  2.19-18+deb8u4
ii  zlib1g             1:1.2.8.dfsg-2+b1

libcairo2 recommends no packages.

libcairo2 suggests no packages.

-- no debconf information

More information about the pkg-gnome-maintainers mailing list