SRU: Cairo crashes when loading some svg or pdf files
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libcairo |
Fix Released
|
Medium
|
|||
cairo (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Quantal |
Fix Released
|
High
|
Unassigned |
Bug Description
[ Impact ]
Some apps (which use Cairo) crash when loadgin some svg[1] or pdf[2] files.
[ Test case ]
* Open this file with Evince: http://
* Open the svg file[1] with this little program compiled with:
$ gcc -ggdb test.c -o test `pkg-config --libs --cflags gtk+-3.0`
Then, launch it from the same dir of the 'geany.svg' file[1]
===========
#include <stdio.h>
#include <gtk/gtk.h>
int main (int argc, char **argv)
{
gtk_init (&argc, &argv);
GdkPixbuf *pixbuf = gdk_pixbuf_
return 0;
}
===========
[ Regression Potential ]
* The new proposed version contains a patch from Git upstream repository. It is also available in the 1.12.4 version. According to Cairo devs, it should have any regression:
- http://
- https:/
- https:/
[ Other Info ]
* This BZR branch should fix this bug: lp:~matttbe/ubuntu/quantal/cairo/lp1074667
* You can easily test the new version by using these packages on Quantal: https:/
* Or on Ubuntu Raring: https:/
[ Original bug report ]
Hello,
Cairo (libcairo2 1.12.2-2ubuntu1) crashes when loading some svg[1] or pdf[2] files.
This bug has already been reported to Cairo devs:
* https:/
* https:/
And it's already fixed in the bug-fix version 1.12.4 thanks to this commit by Chris Wilson:
* http://
How to reproduce this crash:
1] Open this file with Evince: http://
2] Open the svg file[1] with this little program compiled with:
$ gcc -ggdb test.c -o test `pkg-config --libs --cflags gtk+-3.0`
Then, launch it from the same dir of the 'geany.svg' file[1]
===========
#include <stdio.h>
#include <gtk/gtk.h>
int main (int argc, char **argv)
{
gtk_init (&argc, &argv);
GdkPixbuf *pixbuf = gdk_pixbuf_
return 0;
}
===========
A bzr branch will be linked to this bug report: lp:~matttbe/ubuntu/raring/cairo/1074667
This new version should fix this bug.
How to easily test the new version:
You can use the new version of this package available in my ppa:matttbe/ppa
https:/
Is it possible to upload this new package to Raring repos?
And is it also possible to backport this change to Quantal-update repos?
Thank you for your help! :)
[1] The svg file joined to this bug report: https:/
[2] http://
description: | updated |
description: | updated |
Changed in libcairo: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
Changed in cairo (Ubuntu): | |
importance: | Undecided → High |
status: | New → Fix Committed |
description: | updated |
summary: |
- Cairo crashes when loading some svg or pdf files + SRU: Cairo crashes when loading some svg or pdf files |
Changed in cairo (Ubuntu Quantal): | |
importance: | Undecided → High |
status: | New → Triaged |
tags: |
added: verification-done removed: verification-needed |
This file [1] makes evince crash in cairo. Debian sid with cairo 1.12.2-2 and evince 3.4.0-3.
[1] http:// kernsec. org/files/ LinuxSecuritySu mmit2012_ rpm.pdf
Program received signal SIGSEGV, Segmentation fault. 0xf5ffcbac, active=0xf5ffcb3c) buildd- cairo_1. 12.2-2- i386-1cmzkR/ cairo-1. 12.2/src/ cairo-tor- scan-converter. c:1358 buildd- cairo_1. 12.2-2- i386-1cmzkR/ cairo-1. 12.2/src/ cairo-tor- scan-converter. c: File o directory non esistente. 0xf5ffcbac, active=0xf5ffcb3c) buildd- cairo_1. 12.2-2- i386-1cmzkR/ cairo-1. 12.2/src/ cairo-tor- scan-converter. c:1358 scan_converter_ render (renderer= 0xef6fd1ac, antialias=1, mask=4294967295 , converter= 0xf5ffc394) buildd- cairo_1. 12.2-2- i386-1cmzkR/ cairo-1. 12.2/src/ cairo-tor- scan-converter. c:1713 tor_scan_ converter_ generate (converter= 0xf5ffc388, 0xef6fd1ac) buildd- cairo_1. 12.2-2- i386-1cmzkR/ cairo-1. 12.2/src/ cairo-tor- scan-converter. c:1809 extents@ entry=0xef6fe21 0, polygon@ entry=0xef6fde0 8, rule=fill_ rule@entry= CAIRO_FILL_ RULE_WINDING, antialias@ entry=CAIRO_ ANTIALIAS_ DEFAULT, <error reading variable: Unhandled dwarf expression opcode 0xfa>, compositor=<error reading variable: Unhandled dwarf expression opcode 0xfa>) buildd- cairo_1. 12.2-2- i386-1cmzkR/ cairo-1. 12.2/src/ cairo-spans- compositor. c:716
render_ rows = 0xf76ed850 <_inplace_spans>, finish = 0}, 357D`\022= \003\302\ v\300 \000\000\ 000`\362u\ 357h\367u\ 357\350\ 362\361\ 365\000\ 000\000\ 000\000\ 000\000\ 000\217\ 261\303' \017\205ɿ\ 225^\254/ \035X\335? \301\361h\ 347\v", '\000' <repeats 14 times>, "\005\341\ 366ÿBXp\ 367\364\ 217|\367H\ 322o\357H\ 322o\357\ 244\327o\ 357O]p\ 367\\\325o\ 357H\322o\ 357\003\ 000\000\ 000\260\ 357p\367\ \\325o\ 357\f\335o\ 357p\322oﻻ\ 273\273\ 000\000\ 000\000\ 000\022\ 254?\322Q\ 000\000\ 016/\000\ 000[`\000\ 000\231. \000\000\ 211.\000\ 000$.\000\ 000.\000\ 000\000\ 024\000\ 000\000\ 351\363wM\ 364\217| \367\344\ 177\223V\ 000\000\ 000\000$ `\000\000\ 236\364p\ 367\260\ 325o\357\ 212(\000\ 000\022) \000\000\ 377\377\ 37---Type <return> to continue, or q <return> to quit--- \"\367. a\"\367\ 000\373\ 377\377M[ p\367\370\ 331o\357[ `\000\000\ 000Q\000\ 000\000a\ 000\000\ 212(\000\ 000\022) \000\000[ `\000\000\ 320'\000\ 000 \324o\357@ g\327?\ 303.\000\ 000dR\000\ 000\000Q\ 000\000C/ \000\000\ 000a\000\ 000\320' \000\000\ 000]\372\ 377\377\ ...
[Switching to Thread 0xef6ffb70 (LWP 10039)]
full_row (mask=4294967295, coverages=
at /build/
1358 /build/
(gdb) bt full
#0 full_row (mask=4294967295, coverages=
at /build/
right = 0x0
winding = 36752
left = 0xf5ffcad4
#1 glitter_
winding_
at /build/
do_full_row = 1
j = 4
ymax_i = <optimized out>
xmin_i = 81
active = 0xf5ffcb3c
ymin_i = <optimized out>
h = <optimized out>
polygon = 0xf5ffc394
buckets = {0x0 <repeats 15 times>}
i = <optimized out>
xmax_i = 97
coverages = 0xf5ffcbac
#2 _cairo_
---Type <return> to continue, or q <return> to quit---
renderer=
at /build/
self = 0xef6fd1ac
status = <optimized out>
#3 0xf7722a15 in composite_polygon (extents=
polygon=
fill_
antialias=
compositor=
at /build/
renderer = {base = {status = 3221996115, destroy = 0x3eb82b6a,
data = "\020\342o\
7\377W^