Debian Bug report logs - #690799
cairo null pointer dereference with polygon intersections

version graph

Package: libcairo2; Maintainer for libcairo2 is Dave Beckett <dajobe@debian.org>; Source for libcairo2 is src:cairo.

Reported by: Kubo Hiroshi <h-kubo@geisya.or.jp>

Date: Wed, 17 Oct 2012 18:27:01 UTC

Severity: grave

Tags: patch

Found in version cairo/1.12.2-2

Fixed in version cairo/1.12.2-2.1

Done: Neil Williams <codehelp@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#690799; Package evince. (Wed, 17 Oct 2012 18:27:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kubo Hiroshi <h-kubo@geisya.or.jp>:
New Bug report received and forwarded. Copy sent to Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>. (Wed, 17 Oct 2012 18:27:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Kubo Hiroshi <h-kubo@geisya.or.jp>
To: submit@bugs.debian.org
Subject: evnice crashes with a certain PDF file
Date: Thu, 18 Oct 2012 03:25:46 +0900 (JST)
Package: evince
Version: 3.4.0-3
Severity: normal

Evince crashes when reading a certain pdf file:

http://www.city.kyoto.lg.jp/kotsu/cmsfiles/contents/0000019/19770/rosenzurosen.pdf

md5sum of the file: 92e48af5926d92e751a07558c355f7cc

How I operated the evince is:

$ evince rosenzurosen.pdf
Gtk-Message: Failed to load module "canberra-gtk-module"
Segmentation fault

$ gdb core core
  (snip)
[New LWP 10399]
[New LWP 10396]
[New LWP 10395]
[New LWP 10398]
[New LWP 10397]
Core was generated by `evince rosenzurosen.pdf'.
Program terminated with signal 11, Segmentation fault.
#0  0xb6e5afa8 in ?? ()
(gdb) q


Packages on which the evnice package depends: 
# LANG=C aptitude -F "%c%a%M %p %Z %v %V" search "~Rdepends:evince" 
i   dconf-gsettings-backend                        0.12.1-2       0.12.1-2      
i A evince                                         3.4.0-3        3.4.0-3       
i A evince-common                                  3.4.0-3        3.4.0-3       
p   gconf-gsettings-backend                        <none>         3.2.5-1+build1
i A gconf2                                         3.2.5-1+build1 3.2.5-1+build1
pi  gir1.0-freedesktop                   +102 kB   <none>         0.6.14-1+b1   
pB  gir1.0-glib-2.0                      +496 kB   <none>         0.6.14-1+b1   
c   gir1.0-gtk-2.0                                 <none>         0.6.5-7       
i   gir1.2-atk-1.0                                 2.4.0-2        2.4.0-2       
i A gir1.2-evince-3.0                              3.4.0-3        3.4.0-3       
iB  gir1.2-freedesktop                             1.32.1-1       1.32.1-1      
i   gir1.2-gdkpixbuf-2.0                           2.26.1-1       2.26.1-1      
iB  gir1.2-glib-2.0                                1.32.1-1       1.32.1-1      
i   gir1.2-gtk-3.0                                 3.4.2-4        3.4.2-4       
i   gir1.2-pango-1.0                               1.30.0-1       1.30.0-1      
i A gnome-icon-theme                               3.4.0-2        3.4.0-2       
v   gsettings-backend                              <none>         <none>        
i   gsettings-desktop-schemas                      3.4.2-1        3.4.2-1       
i A libatk1.0-0                                    2.4.0-2        2.4.0-2       
i   libc6                                          2.13-35        2.13-35       
i   libcairo-gobject2                              1.12.2-2       1.12.2-2      
i A libcairo2                                      1.12.2-2       1.12.2-2      
i A libdbus-1-3                                    1.6.8-1        1.6.8-1       
i A libdbus-glib-1-2                               0.100-1        0.100-1       
i A libdjvulibre21                                 3.5.25.3-1     3.5.25.3-1    
i   libevdocument3-4                               3.4.0-3        3.4.0-3       
c   libevince2                                     <none>         2.30.3-2+squee
i   libevview3-3                                   3.4.0-3        3.4.0-3       
i A libfontconfig1                                 2.9.0-7        2.9.0-7       
i A libfreetype6                                   2.4.9-1        2.4.9-1       
i   libgail-3-0                                    3.4.2-4        3.4.2-4       
i   libgcc1                                        1:4.7.1-7      1:4.7.1-7     
i A libgconf2-4                                    3.2.5-1+build1 3.2.5-1+build1
i   libgdk-pixbuf2.0-0                             2.26.1-1       2.26.1-1      
i A libglib2.0-0                                   2.32.3-1       2.32.3-1      
pi  libglib2.0-dev                       +7235 kB  <none>         2.32.3-1      
i A libgnome-keyring0                              3.4.1-1        3.4.1-1       
i   libgtk-3-0                                     3.4.2-4        3.4.2-4       
p   libgtk-3-dev                                   <none>         3.4.2-4       
i A libgtk2.0-0                                    2.24.10-2      2.24.10-2     
p   libgtk2.0-dev                                  <none>         2.24.10-2     
i A libice6                                        2:1.0.8-2      2:1.0.8-2     
i A libjpeg62                                      6b1-3          6b1-3         
c   libkpathsea5                                   <none>         2009-8        
c   libnautilus-extension1                         <none>         2.30.1-2squeez
i   libnautilus-extension1a                        3.4.2-1+build1 3.4.2-1+build1
i A libpango1.0-0                                  1.30.0-1       1.30.0-1      
c   libpoppler-glib4                               <none>         0.12.4-1.2    
i A libsm6                                         2:1.2.1-2      2:1.2.1-2     
i A libspectre1                                    0.2.7-2        0.2.7-2       
i A libstdc++6                                     4.7.1-7        4.7.1-7       
i A libt1-5                                        5.1.2-3.5      5.1.2-3.5     
i A libtiff4                                       3.9.6-9        3.9.6-9       
i A libx11-6                                       2:1.5.0-1      2:1.5.0-1     
i A libxml2                                        2.8.0+dfsg1-6  2.8.0+dfsg1-6 
i   python                                         2.7.3~rc2-1    2.7.3~rc2-1   
i A python-gtk2                                    2.24.0-3       2.24.0-3      
i A python-support                                 1.0.15         1.0.15        
i A shared-mime-info                               1.0-1+b1       1.0-1+b1      
i   zlib1g                                         1:1.2.7.dfsg-1 1:1.2.7.dfsg-1



---
Kubo Hiroshi <h-kubo@geisya.or.jp>





Information forwarded to debian-bugs-dist@lists.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#690799; Package evince. (Mon, 05 Nov 2012 17:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kubo Hiroshi <h-kubo@geisya.or.jp>:
Extra info received and forwarded to list. Copy sent to Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>. (Mon, 05 Nov 2012 17:45:03 GMT) Full text and rfc822 format available.

Message #10 received at 690799@bugs.debian.org (full text, mbox):

From: Kubo Hiroshi <h-kubo@geisya.or.jp>
To: 690799@bugs.debian.org
Subject: stack trace with gdb
Date: Tue, 06 Nov 2012 02:17:22 +0900 (JST)
Hi.

Here is a sample list of gdb console outpt running the evince with the
rosenzurosen.pdf.  The evince binary executable is built from the
source under the local environment. Could this be of any help?


(gdb) run $HOME/tmp/rosenzurosen.pdf
Starting program: /home/hkubo/build/evince/evince-3.4.0/debian/evince/usr/bin/evince $HOME/tmp/rosenzurosen.pdf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".
Gtk-Message: Failed to load module "canberra-gtk-module"
[New Thread 0xb67d1b70 (LWP 32583)]
[New Thread 0xb5fd0b70 (LWP 32584)]
[New Thread 0xb57cfb70 (LWP 32585)]
[New Thread 0xae3d4b70 (LWP 32586)]
[New Thread 0xadbd3b70 (LWP 32587)]
[Thread 0xb57cfb70 (LWP 32585) exited]
[New Thread 0xb57cfb70 (LWP 32589)]
[Thread 0xb57cfb70 (LWP 32589) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xadbd3b70 (LWP 32587)]
0xb771bfa8 in ?? () from /usr/lib/i386-linux-gnu/libcairo.so.2

(gdb) where
#0  0xb771bfa8 in ?? () from /usr/lib/i386-linux-gnu/libcairo.so.2
#1  0xb772d58d in ?? () from /usr/lib/i386-linux-gnu/libcairo.so.2
#2  0xb772e0cc in ?? () from /usr/lib/i386-linux-gnu/libcairo.so.2
#3  0xb76ea3bc in ?? () from /usr/lib/i386-linux-gnu/libcairo.so.2
#4  0xb76fd1b1 in ?? () from /usr/lib/i386-linux-gnu/libcairo.so.2
#5  0xb7731919 in ?? () from /usr/lib/i386-linux-gnu/libcairo.so.2
#6  0xb76f36da in ?? () from /usr/lib/i386-linux-gnu/libcairo.so.2
#7  0xb76ec31d in ?? () from /usr/lib/i386-linux-gnu/libcairo.so.2
#8  0xb76e46eb in cairo_stroke () from /usr/lib/i386-linux-gnu/libcairo.so.2
#9  0xad3bcb89 in CairoOutputDev::stroke(GfxState*) () from /usr/lib/i386-linux-gnu/libpoppler-glib.so.8
#10 0xad17c7e1 in Gfx::opStroke(Object*, int) () from /usr/lib/i386-linux-gnu/libpoppler.so.19
#11 0xad172bca in Gfx::execOp(Object*, Object*, int) () from /usr/lib/i386-linux-gnu/libpoppler.so.19
#12 0xad179b60 in Gfx::go(bool) () from /usr/lib/i386-linux-gnu/libpoppler.so.19
#13 0xad17a038 in Gfx::display(Object*, bool) () from /usr/lib/i386-linux-gnu/libpoppler.so.19
#14 0xad1bb46f in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, Catalog*, bool (*)(void*), void*, bool (*)(Annot*, void*), void*) () from /usr/lib/i386-linux-gnu/libpoppler.so.19
#15 0xad3b00da in ?? () from /usr/lib/i386-linux-gnu/libpoppler-glib.so.8
#16 0xb4f46f34 in pdf_page_render (page=page@entry=0x8032c0e0, width=width@entry=100, height=height@entry=141, rc=rc@entry=0x8032c100)
    at /build/buildd-evince_3.4.0-3-i386-LMFQwV/evince-3.4.0/./backend/pdf/ev-poppler.cc:359
#17 0xb4f475e3 in make_thumbnail_for_page (height=141, width=100, rc=0x8032c100, poppler_page=0x8032c0e0)
    at /build/buildd-evince_3.4.0-3-i386-LMFQwV/evince-3.4.0/./backend/pdf/ev-poppler.cc:405
#18 pdf_document_get_thumbnail (document=0x80274150, rc=0x8032c100)
    at /build/buildd-evince_3.4.0-3-i386-LMFQwV/evince-3.4.0/./backend/pdf/ev-poppler.cc:465
#19 0xb7f7a8e0 in ev_document_get_thumbnail (document=0x80274150, rc=rc@entry=0x8032c100)
    at /build/buildd-evince_3.4.0-3-i386-LMFQwV/evince-3.4.0/./libdocument/ev-document.c:606
#20 0xb7f39b33 in ev_job_thumbnail_run (job=0x80521200) at /build/buildd-evince_3.4.0-3-i386-LMFQwV/evince-3.4.0/./libview/ev-jobs.c:817
#21 0xb7f38fdf in ev_job_run (job=job@entry=0x80521200) at /build/buildd-evince_3.4.0-3-i386-LMFQwV/evince-3.4.0/./libview/ev-jobs.c:213
#22 0xb7f3aec3 in ev_job_thread (job=0x80521200) at /build/buildd-evince_3.4.0-3-i386-LMFQwV/evince-3.4.0/./libview/ev-job-scheduler.c:204
#23 ev_job_thread_proxy (data=0x0) at /build/buildd-evince_3.4.0-3-i386-LMFQwV/evince-3.4.0/./libview/ev-job-scheduler.c:237
#24 0xb731beb3 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#25 0xb725ac39 in start_thread () from /lib/i386-linux-gnu/i686/cmov/libpthread.so.0
#26 0xb71c823e in clone () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
(gdb) up 16
#16 0xb4f46f34 in pdf_page_render (page=page@entry=0x8032c0e0, width=width@entry=100, height=height@entry=141, rc=rc@entry=0x8032c100)
    at /build/buildd-evince_3.4.0-3-i386-LMFQwV/evince-3.4.0/./backend/pdf/ev-poppler.cc:359
359		poppler_page_render (page, cr);

---
Kubo Hiroshi



Information forwarded to debian-bugs-dist@lists.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#690799; Package evince. (Sat, 26 Jan 2013 18:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kubo Hiroshi <h-kubo@geisya.or.jp>:
Extra info received and forwarded to list. Copy sent to Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>. (Sat, 26 Jan 2013 18:21:03 GMT) Full text and rfc822 format available.

Message #15 received at 690799@bugs.debian.org (full text, mbox):

From: Kubo Hiroshi <h-kubo@geisya.or.jp>
To: 690799@bugs.debian.org
Subject: Another gdb output
Date: Sun, 27 Jan 2013 02:52:31 +0900 (JST)
[Message part 1 (text/plain, inline)]
Control: severity -1 grave

Hi, 

I investigated the problem further. 

The segmentation fault occurs when the thumbnail is shown, by selecting the menu
[View] - [Side pane].

Here I attach another file of the gdb output.

The segmentation fault is caused by the null pointer dereference in the function
active_edges(), which resides in cairo-1.12.2/src/cairo-polygon-intersect.c of
the cairo package.

Between the line 1233 and  1235 of cairo-1.12.2/src/cairo-polygon-intersect.c,
null pointer check is missing.

This seems to be a cairo-1.12.2's bug.
How about reassigning this bug to the cairo package ?

---
Kubo Hiroshi <h-kubo@geisya.or.jp>
[gdb-stack-trace.txt (text/plain, inline)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xadbc8b70 (LWP 6045)]
active_edges (polygon=0xadbc72e8, top=9322, left=0xb5e19fe4)
    at /build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-polygon-intersect.c:1235
1235			if unlikely ((right->deferred.other))
(gdb) list
1230			    return;
1231		    } while (1);
1232	
1233		    right = left->next;
1234		    do {
1235			if unlikely ((right->deferred.other))
1236			    edges_end (right, top, polygon);
1237	
1238			winding[right->a_or_b] += right->edge.dir;
1239			if (is_zero (winding)) {
(gdb) p right
$1 = (cairo_bo_edge_t *) 0x0
(gdb) p *left
$2 = {a_or_b = 1, edge = {line = {p1 = {x = 14848, y = 8959}, p2 = {x = 14848, 
        y = 9322}}, top = 8959, bottom = 9322, dir = -1}, prev = 0xb5e15a48, 
  next = 0x0, deferred = {other = 0x0, top = 0}}
(gdb) where
#0  active_edges (polygon=0xadbc72e8, top=9322, left=0xb5e19fe4)
    at /build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-polygon-intersect.c:1235
#1  intersection_sweep (polygon=0xadbc72e8, num_events=-1243501384, 
    start_events=0xadbc5e94)
    at /build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-polygon-intersect.c:1271
#2  _cairo_polygon_intersect (a=a@entry=0xadbc72e8, 
    winding_a=winding_a@entry=0, b=0xadbc6ed8, winding_b=0)
    at /build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-polygon-intersect.c:1466
#3  0xb772d58d in clip_and_composite_polygon (
    antialias=CAIRO_ANTIALIAS_DEFAULT, fill_rule=CAIRO_FILL_RULE_WINDING, 
    polygon=0xadbc72e8, extents=0xadbc76f0, compositor=0xb77d3880)
    at /build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-spans-compositor.c:861
#4  clip_and_composite_polygon (compositor=0xb77d3880, extents=0xadbc76f0, 
    polygon=0xadbc72e8, fill_rule=CAIRO_FILL_RULE_WINDING, 
    antialias=CAIRO_ANTIALIAS_DEFAULT)
    at /build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-spans-compositor.c:819
#5  0xb772e0cc in _cairo_spans_compositor_stroke (_compositor=0xb77d3880, 
    extents=0xadbc76f0, path=0x800d279c, style=0xadbc7a80, ctm=0xb5e4194c, 
    ctm_inverse=0xb5e4197c, tolerance=0.10000000000000001, 
    antialias=CAIRO_ANTIALIAS_DEFAULT)
    at /build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-spans-compositor.c:985
#6  0xb76ea3bc in _cairo_compositor_stroke (compositor=0xb77d3880, 
    surface=surface@entry=0xb5e12840, op=op@entry=CAIRO_OPERATOR_OVER, 
    source=source@entry=0xadbc7aac, path=path@entry=0x800d279c, 
    style=style@entry=0xadbc7a80, ctm=ctm@entry=0xb5e4194c, 
    ctm_inverse=ctm_inverse@entry=0xb5e4197c, tolerance=0.10000000000000001, 
    tolerance@entry=<error reading variable: Could not find type for DW_OP_GNU_const_type>, antialias=antialias@entry=CAIRO_ANTIALIAS_DEFAULT, 
    clip=clip@entry=0xb5e00840)
    at /build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-compositor.c:153
#7  0xb76fd1b1 in _cairo_image_surface_stroke (abstract_surface=0xb5e12840, 
    op=CAIRO_OPERATOR_OVER, source=0xadbc7aac, path=0x800d279c, 
    style=0xadbc7a80, ctm=0xb5e4194c, ctm_inverse=0xb5e4197c, 
    tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT, 
    clip=0xb5e00840)
    at /build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-image-surface.c:952
#8  0xb7731919 in _cairo_surface_stroke (surface=0xb5e12840, 
    op=CAIRO_OPERATOR_OVER, source=0xadbc7aac, path=0x800d279c, 
    stroke_style=0xadbc7a80, ctm=0xb5e4194c, ctm_inverse=0xb5e4197c, 
    tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT, 
    clip=0xb5e00840)
    at /build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-surface.c:2043
#9  0xb76f36da in _cairo_gstate_stroke (gstate=0xb5e41898, 
    path=path@entry=0x800d279c)
    at /build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-gstate.c:1171
#10 0xb76ec31d in _cairo_default_context_stroke (abstract_cr=0x800d24d8)
    at /build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo-default-context.c:965
#11 0xb76e46eb in INT_cairo_stroke (cr=0x800d24d8)
    at /build/buildd-cairo_1.12.2-2-i386-1cmzkR/cairo-1.12.2/src/cairo.c:2146
#12 0xad3b1b89 in CairoOutputDev::stroke(GfxState*) ()
   from /usr/lib/i386-linux-gnu/libpoppler-glib.so.8
#13 0xad154811 in Gfx::opStroke(Object*, int) ()
   from /usr/lib/i386-linux-gnu/libpoppler.so.19
#14 0xad14abfa in Gfx::execOp(Object*, Object*, int) ()
   from /usr/lib/i386-linux-gnu/libpoppler.so.19
#15 0xad151b90 in Gfx::go(bool) ()
   from /usr/lib/i386-linux-gnu/libpoppler.so.19
#16 0xad152068 in Gfx::display(Object*, bool) ()
   from /usr/lib/i386-linux-gnu/libpoppler.so.19
#17 0xad1934bf in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, Catalog*, bool (*)(void*), void*, bool (*)(Annot*, void*), void*) () from /usr/lib/i386-linux-gnu/libpoppler.so.19
#18 0xad3a50da in ?? () from /usr/lib/i386-linux-gnu/libpoppler-glib.so.8
#19 0xb5f3ff34 in pdf_page_render (page=page@entry=0x803425a0, 
    width=width@entry=100, height=height@entry=141, rc=rc@entry=0x803425c0)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./backend/pdf/ev-poppler.cc:359
#20 0xb5f405e3 in make_thumbnail_for_page (height=141, width=100, 
    rc=0x803425c0, poppler_page=0x803425a0)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./backend/pdf/ev-poppler.cc:405
#21 pdf_document_get_thumbnail (document=0x8027a968, rc=0x803425c0)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./backend/pdf/ev-poppler.cc:465
#22 0xb7f7a8e0 in ev_document_get_thumbnail (document=0x8027a968, 
    rc=rc@entry=0x803425c0)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./libdocument/ev-document.c:606
#23 0xb7f39b33 in ev_job_thumbnail_run (job=0x805ab618)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./libview/ev-jobs.c:817
#24 0xb7f38fdf in ev_job_run (job=job@entry=0x805ab618)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./libview/ev-jobs.c:213
#25 0xb7f3aec3 in ev_job_thread (job=0x805ab618)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./libview/ev-job-scheduler.c:204
#26 ev_job_thread_proxy (data=0x0)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./libview/ev-job-scheduler.c:237
#27 0xb731beb3 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#28 0xb725ac39 in start_thread ()
   from /lib/i386-linux-gnu/i686/cmov/libpthread.so.0
#29 0xb71c778e in clone () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
(gdb) 

Severity set to 'grave' from 'normal' Request was from Kubo Hiroshi <h-kubo@geisya.or.jp> to 690799-submit@bugs.debian.org. (Sat, 26 Jan 2013 18:21:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#690799; Package evince. (Sat, 26 Jan 2013 23:48:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Neil Williams <codehelp@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>. (Sat, 26 Jan 2013 23:48:02 GMT) Full text and rfc822 format available.

Message #22 received at 690799@bugs.debian.org (full text, mbox):

From: Neil Williams <codehelp@debian.org>
To: 690799@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Prevent null pointer dereference in polygon intersection calculations
Date: Sat, 26 Jan 2013 23:45:07 +0000
[Message part 1 (text/plain, inline)]
reassign 690799 libcairo2
retitle 690799 cairo null pointer dereference with polygon intersections
tag 690799 + patch
found 690799 1.12.2-2
tag 690799 + pending
user debian-release@lists.debian.org
usertags bsp-2013-01-gb-cambridge
thanks

I've implemented a trivial patch to avoid the null pointer deference
without pulling in other changes from upstream. I've tested with the
PDF from the bug report and I get no problems, no crashes and no
apparent rendering issues.

The same PDF was tested with libcairo2 1.12.10 from experimental which
also showed no crashes and no rendering issues. The patch for this bug
is not drawn from the upstream changes, it merely protects against the
null pointer deference as there are too many other changes between
1.12.2 and 1.12.10.

As this RC bug has been open for some time, I'll be uploading the NMU
to unstable and it has already been initially reviewed for an unblock.


-- 


Neil Williams
=============
http://www.linux.codehelp.co.uk/

[690799.diff (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Bug reassigned from package 'evince' to 'libcairo2'. Request was from Neil Williams <codehelp@debian.org> to control@bugs.debian.org. (Sat, 26 Jan 2013 23:48:04 GMT) Full text and rfc822 format available.

No longer marked as found in versions evince/3.4.0-3. Request was from Neil Williams <codehelp@debian.org> to control@bugs.debian.org. (Sat, 26 Jan 2013 23:48:05 GMT) Full text and rfc822 format available.

Changed Bug title to 'cairo null pointer dereference with polygon intersections' from 'evnice crashes with a certain PDF file' Request was from Neil Williams <codehelp@debian.org> to control@bugs.debian.org. (Sat, 26 Jan 2013 23:48:05 GMT) Full text and rfc822 format available.

Added tag(s) patch. Request was from Neil Williams <codehelp@debian.org> to control@bugs.debian.org. (Sat, 26 Jan 2013 23:48:06 GMT) Full text and rfc822 format available.

Marked as found in versions cairo/1.12.2-2. Request was from Neil Williams <codehelp@debian.org> to control@bugs.debian.org. (Sat, 26 Jan 2013 23:48:06 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Neil Williams <codehelp@debian.org> to control@bugs.debian.org. (Sat, 26 Jan 2013 23:48:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Dave Beckett <dajobe@debian.org>:
Bug#690799; Package libcairo2. (Sun, 27 Jan 2013 00:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Neil Williams <codehelp@debian.org>:
Extra info received and forwarded to list. Copy sent to Dave Beckett <dajobe@debian.org>. (Sun, 27 Jan 2013 00:06:03 GMT) Full text and rfc822 format available.

Message #39 received at 690799@bugs.debian.org (full text, mbox):

From: Neil Williams <codehelp@debian.org>
To: 690799@bugs.debian.org
Cc: control@bugs.debian.org
Subject: uploaded
Date: Sun, 27 Jan 2013 00:04:20 +0000
[Message part 1 (text/plain, inline)]
user debian-release@lists.debian.org
usertags 690799 bsp-2013-01-gb-cambridge
thanks

Apologies, I only realised after doing the reassignment that the cairo
maintainers probably didn't get a chance to see this bug before the
upload or I would have used delayed. If this NMU is not acceptable for
cairo, please let me know before the package gets unblocked. I'll file
the unblock request in a few days and put the bug number here.

-- 


Neil Williams
=============
http://www.linux.codehelp.co.uk/

[Message part 2 (application/pgp-signature, inline)]

Reply sent to Neil Williams <codehelp@debian.org>:
You have taken responsibility. (Sun, 27 Jan 2013 00:06:05 GMT) Full text and rfc822 format available.

Notification sent to Kubo Hiroshi <h-kubo@geisya.or.jp>:
Bug acknowledged by developer. (Sun, 27 Jan 2013 00:06:05 GMT) Full text and rfc822 format available.

Message #44 received at 690799-close@bugs.debian.org (full text, mbox):

From: Neil Williams <codehelp@debian.org>
To: 690799-close@bugs.debian.org
Subject: Bug#690799: fixed in cairo 1.12.2-2.1
Date: Sun, 27 Jan 2013 00:02:45 +0000
Source: cairo
Source-Version: 1.12.2-2.1

We believe that the bug you reported is fixed in the latest version of
cairo, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 690799@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Neil Williams <codehelp@debian.org> (supplier of updated cairo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 26 Jan 2013 23:22:12 +0000
Source: cairo
Binary: libcairo2-dev libcairo2 libcairo2-dbg libcairo2-doc libcairo-script-interpreter2 libcairo-gobject2 cairo-perf-utils libcairo2-udeb
Architecture: source all amd64
Version: 1.12.2-2.1
Distribution: unstable
Urgency: low
Maintainer: Dave Beckett <dajobe@debian.org>
Changed-By: Neil Williams <codehelp@debian.org>
Description: 
 cairo-perf-utils - The Cairo 2D vector graphics library performance utilities
 libcairo-gobject2 - The Cairo 2D vector graphics library (GObject library)
 libcairo-script-interpreter2 - The Cairo 2D vector graphics library (script interpreter)
 libcairo2  - The Cairo 2D vector graphics library
 libcairo2-dbg - The Cairo 2D vector graphics library (debugging symbols)
 libcairo2-dev - Development files for the Cairo 2D graphics library
 libcairo2-doc - Documentation for the Cairo Multi-platform 2D graphics library
 libcairo2-udeb - The Cairo 2D vector graphics library Xlib backend (udeb)
Closes: 690799
Changes: 
 cairo (1.12.2-2.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * (Closes: #690799)  evince crashes with a certain PDF file
Checksums-Sha1: 
 8fe821f289673837bd509bdd03077ba16fd6b1d3 2664 cairo_1.12.2-2.1.dsc
 e064d629b8a8ce3c21805942d6b2cb769c172a2d 30987 cairo_1.12.2-2.1.debian.tar.gz
 73f5ed58047b8e620b85e467e787308e98af3215 625890 libcairo2-doc_1.12.2-2.1_all.deb
 9313e0dcb8627ba1e34bb0f7c36f52decef4a79d 1162000 libcairo2-dev_1.12.2-2.1_amd64.deb
 0081c01e3c8ed6304dcd17f676a10595ade76ca8 911930 libcairo2_1.12.2-2.1_amd64.deb
 a54c80bef9e7f2b9d4078a9b197008e7f8652e73 2332768 libcairo2-dbg_1.12.2-2.1_amd64.deb
 e8bfee514c416c90054e269f034b7c483c612b31 481760 libcairo-script-interpreter2_1.12.2-2.1_amd64.deb
 c2128958ba56a5751c97419b9a431427baa7e211 438488 libcairo-gobject2_1.12.2-2.1_amd64.deb
 47d2e4b59e0d680b8384dfaf442af43a2d4e7a8e 957890 cairo-perf-utils_1.12.2-2.1_amd64.deb
 9e1729dbad227d7c92a6606ac882ab873abe1fa4 359996 libcairo2-udeb_1.12.2-2.1_amd64.udeb
Checksums-Sha256: 
 b7ef12593f7c98ab172969ef35d31443dfb4d57efb8daec9458087613441bcef 2664 cairo_1.12.2-2.1.dsc
 eb588155d307ea89137a2b63336818f852fe1e242b8a5198e8df6f5b074a00c6 30987 cairo_1.12.2-2.1.debian.tar.gz
 2daeccec0f69a5f8e8f168d8eb24354c40439acfdc7183b9549b3de5bfc24b0f 625890 libcairo2-doc_1.12.2-2.1_all.deb
 58c99915bd3ce729dcbd33a16ecc39061aee8c479ec7500dad317c9412bff9d5 1162000 libcairo2-dev_1.12.2-2.1_amd64.deb
 417956eb457587114e79e4785c35aa25c6149132bcdda5d87f495fa0fd2e5a59 911930 libcairo2_1.12.2-2.1_amd64.deb
 922663a6613baa7beb3aee9b9a86423c6ff17161163e831b3ff5f81068cdeecd 2332768 libcairo2-dbg_1.12.2-2.1_amd64.deb
 c618832119bc5fe6e42fae81edfefab609c9832236246d26ef0bdeaddbc2b4d3 481760 libcairo-script-interpreter2_1.12.2-2.1_amd64.deb
 6eb1598ef15af37f79816dbd282259c7bda1b9d7f0ff2427484944867c7324c9 438488 libcairo-gobject2_1.12.2-2.1_amd64.deb
 c6fbba504bae17ca05d99481411b83b38ed2f1ba33961063d879276a1a007375 957890 cairo-perf-utils_1.12.2-2.1_amd64.deb
 3e1259c1fba3033d01b8c60b23c937c39fa20cee1dd2f90951180244b8e4bb8e 359996 libcairo2-udeb_1.12.2-2.1_amd64.udeb
Files: 
 a881c78884f222a420ebb4247bbefe71 2664 libs optional cairo_1.12.2-2.1.dsc
 a3363378034fcf8ec2d0b341d098f18d 30987 libs optional cairo_1.12.2-2.1.debian.tar.gz
 f5bf958efab7906f7a885cdb9704b0ba 625890 doc optional libcairo2-doc_1.12.2-2.1_all.deb
 54a5d91f157681f1743905e2002ec654 1162000 libdevel optional libcairo2-dev_1.12.2-2.1_amd64.deb
 c0fcb00afb144bd89cb4865298d35de4 911930 libs optional libcairo2_1.12.2-2.1_amd64.deb
 1d020bbfa84479a813253197a7f4f4ba 2332768 debug extra libcairo2-dbg_1.12.2-2.1_amd64.deb
 ebc8769f3ae4ad60548663627c2db0b5 481760 libs optional libcairo-script-interpreter2_1.12.2-2.1_amd64.deb
 dfc9b42008ece549d5cc80380d76d662 438488 libs optional libcairo-gobject2_1.12.2-2.1_amd64.deb
 3f78081a0861b2dc3dd97ad21aed6ce1 957890 misc optional cairo-perf-utils_1.12.2-2.1_amd64.deb
 2689f3ee9d0da380305c63c8140ce920 359996 debian-installer optional libcairo2-udeb_1.12.2-2.1_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRBGvNAAoJEPFn5DyBQ7aCquoP/itQCL30PQ7/O0ZVbC3AjQOP
MdNyRyPeKb8sxKlmX2PzRFg/n7ulMfpzvzsuvFaF972wbbmFDLT7u/T9+Qv6AewB
9Eb7dCrOOt7uO8hGmhCMNMmexqa3oTx9jv18n4QLLwCeb2NI0911St/RuL4TYcEY
3qR0ZgdjWCVU+L6CqF0+PalcZiW/43LCXIJo9W6Asd+8nQzIIllgm3SkRQl7Jos0
TPKiDCENH/PkYXqJDTObYcCvN8+JkAEemDGIJHgn6cIDFY0nlaW+NSTMLbPJKwW0
gcZLQm8iyY/PxtA36ZvU98D1hrBG5brka4VamWI2SEPwuDogfqIjJO4K4I+3jPeB
PlMOtluMTkksrBmzO+wbeX7AjxhdPrbYGuAdn0HbDNa1GdUq0xTU5znf0LtDcD94
KcvRSISzV8zvqqBx8i68aS+U2FL9Fvr8Rnldzmcij5gGwjcgfOgHIqkH+ke21OQJ
FfhkLPQ1cZp3P9EB4kqzzTFtcgiMegTtWsqHxmZh5JQMsyhQ3/qXYTZjiA5yPj89
PMqWVEv9GQ8+sCAXBemor4UKaP6bhf2Y01L9kTL7RPMGfUWnPDcSNQ98vpJ4IwYu
CbB+/7ZKwFeCyGlQgRXyGQvmFjXw+SbX6zkd7Cn4yGE5J9tz5UUYKY+ft+hynmRZ
GYnOC6fUOLoVbxzoo6gh
=+rVR
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Dave Beckett <dajobe@debian.org>:
Bug#690799; Package libcairo2. (Sun, 27 Jan 2013 03:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Biebl <biebl@debian.org>:
Extra info received and forwarded to list. Copy sent to Dave Beckett <dajobe@debian.org>. (Sun, 27 Jan 2013 03:09:03 GMT) Full text and rfc822 format available.

Message #49 received at 690799@bugs.debian.org (full text, mbox):

From: Michael Biebl <biebl@debian.org>
To: Kubo Hiroshi <h-kubo@geisya.or.jp>, 690799@bugs.debian.org
Subject: Re: Bug#690799: evnice crashes with a certain PDF file
Date: Sun, 27 Jan 2013 04:07:32 +0100
[Message part 1 (text/plain, inline)]
On 17.10.2012 20:25, Kubo Hiroshi wrote:
> Package: evince
> Version: 3.4.0-3
> Severity: normal
> 
> Evince crashes when reading a certain pdf file:
> 
> http://www.city.kyoto.lg.jp/kotsu/cmsfiles/contents/0000019/19770/rosenzurosen.pdf
> 
> md5sum of the file: 92e48af5926d92e751a07558c355f7cc
> 
> How I operated the evince is:
> 
> $ evince rosenzurosen.pdf
> Gtk-Message: Failed to load module "canberra-gtk-module"
> Segmentation fault

Looks like another duplicate of the libcairo bug.

Can you try the libcairo packages from [1]. With those patches applied I
can successfully open and print(-preview) your linked pdf.

Cheers,
Michael

[1] deb http://people.debian.org/~biebl/cairo/i386 ./
    deb http://people.debian.org/~biebl/cairo/amd64 ./
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Dave Beckett <dajobe@debian.org>:
Bug#690799; Package libcairo2. (Sun, 27 Jan 2013 13:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kubo Hiroshi <h-kubo@geisya.or.jp>:
Extra info received and forwarded to list. Copy sent to Dave Beckett <dajobe@debian.org>. (Sun, 27 Jan 2013 13:57:03 GMT) Full text and rfc822 format available.

Message #54 received at 690799@bugs.debian.org (full text, mbox):

From: Kubo Hiroshi <h-kubo@geisya.or.jp>
To: biebl@debian.org, 690799@bugs.debian.org
Subject: Re: Bug#690799: evnice crashes with a certain PDF file
Date: Sun, 27 Jan 2013 22:52:01 +0900 (JST)
Hi,

From:  <biebl@debian.org>
Date: Sun, 27 Jan 2013 04:07:32 +0100

> 
> Can you try the libcairo packages from [1]. With those patches applied I
> can successfully open and print(-preview) your linked pdf.

OK.

I tried your 1.12.2-2+deb7u2 binary packages.
Still, the same crash occured with the linked pdf.

Is this what you expected for me to do?
Did you open the thumbnail view, by selecting the menu [View] - [Side pane]?

Thank you.
---
Kubo Hiroshi <h-kubo@geisya.or.jp>



Information forwarded to debian-bugs-dist@lists.debian.org, Dave Beckett <dajobe@debian.org>:
Bug#690799; Package libcairo2. (Sun, 27 Jan 2013 16:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Biebl <biebl@debian.org>:
Extra info received and forwarded to list. Copy sent to Dave Beckett <dajobe@debian.org>. (Sun, 27 Jan 2013 16:30:03 GMT) Full text and rfc822 format available.

Message #59 received at 690799@bugs.debian.org (full text, mbox):

From: Michael Biebl <biebl@debian.org>
To: Kubo Hiroshi <h-kubo@geisya.or.jp>
Cc: 690799@bugs.debian.org
Subject: Re: Bug#690799: evnice crashes with a certain PDF file
Date: Sun, 27 Jan 2013 17:26:51 +0100
[Message part 1 (text/plain, inline)]
On 27.01.2013 14:52, Kubo Hiroshi wrote:
> I tried your 1.12.2-2+deb7u2 binary packages.
> Still, the same crash occured with the linked pdf.
> 
> Is this what you expected for me to do?
> Did you open the thumbnail view, by selecting the menu [View] - [Side pane]?

I did try that. And while I can reproduce the crash with 1.12.2-2, I
can't with 1.12.2-2+deb7u2 (resp. 1.12.2-2.1+deb7u1) so this is kinda
odd that you still run into this problem.
Can you update all cairo related packages to 1.12.2-2.1+deb7u1 and
restart evince / your desktop session.



Michael




-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Dave Beckett <dajobe@debian.org>:
Bug#690799; Package libcairo2. (Mon, 28 Jan 2013 15:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steven Chamberlain <steven@pyro.eu.org>:
Extra info received and forwarded to list. Copy sent to Dave Beckett <dajobe@debian.org>. (Mon, 28 Jan 2013 15:21:03 GMT) Full text and rfc822 format available.

Message #64 received at 690799@bugs.debian.org (full text, mbox):

From: Steven Chamberlain <steven@pyro.eu.org>
To: 690799@bugs.debian.org
Cc: Michael Biebl <biebl@debian.org>, h-kubo@geisya.or.jp
Subject: Re: Bug#690799: evnice crashes with a certain PDF file
Date: Mon, 28 Jan 2013 15:17:59 +0000
Hi,

With the 1.12.2-2+deb7u2 packages, this PDF renders okay for me,
including the thumbnail in View->Side Pane, without crashing:

http://www.city.kyoto.lg.jp/kotsu/cmsfiles/contents/0000019/19770/rosenzurosen.pdf

These are the exact packages I have installed:

http://people.debian.org/~biebl/cairo/amd64/libcairo2_1.12.2-2+deb7u2_amd64.deb
http://people.debian.org/~biebl/cairo/amd64/libcairo-gobject2_1.12.2-2+deb7u2_amd64.deb
http://people.debian.org/~biebl/cairo/amd64/libcairo2-dbg_1.12.2-2+deb7u2_amd64.deb

If it still crashes with those, a new gdb backtrace would be helpful, in
case there is some other problem.

Thank you,
Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org



Information forwarded to debian-bugs-dist@lists.debian.org, Dave Beckett <dajobe@debian.org>:
Bug#690799; Package libcairo2. (Sun, 03 Feb 2013 17:00:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Kubo Hiroshi <h-kubo@geisya.or.jp>:
Extra info received and forwarded to list. Copy sent to Dave Beckett <dajobe@debian.org>. (Sun, 03 Feb 2013 17:00:03 GMT) Full text and rfc822 format available.

Message #69 received at 690799@bugs.debian.org (full text, mbox):

From: Kubo Hiroshi <h-kubo@geisya.or.jp>
To: biebl@debian.org, Steven Chamberlain <steven@pyro.eu.org>, 690799@bugs.debian.org
Subject: Re: Bug#690799: evnice crashes with a certain PDF file
Date: Mon, 04 Feb 2013 01:57:11 +0900 (JST)
[Message part 1 (text/plain, inline)]
Hi.

I installed your libcairo2-1.12.2-2+deb7u2  to the system
and tried again.

Here I attach the gdb trace. I hope this could help.

From:  <biebl@debian.org>
Date: Sun, 27 Jan 2013 17:26:51 +0100

> On 27.01.2013 14:52, Kubo Hiroshi wrote:
>> I tried your 1.12.2-2+deb7u2 binary packages.
>> Still, the same crash occured with the linked pdf.
>> 
>> Is this what you expected for me to do?
>> Did you open the thumbnail view, by selecting the menu [View] - [Side pane]?
> 
> I did try that. And while I can reproduce the crash with 1.12.2-2, I
> can't with 1.12.2-2+deb7u2 (resp. 1.12.2-2.1+deb7u1) so this is kinda
> odd that you still run into this problem.
> Can you update all cairo related packages to 1.12.2-2.1+deb7u1 and
> restart evince / your desktop session.

---
Kubo Hiroshi <h-kubo@geisya.or.jp>

[20130204_evince_crash.txt (text/plain, inline)]
$ dpkg -l libcairo2\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                 Version         Architecture    Description
+++-====================-===============-===============-=============================================
ii  libcairo2:i386       1.12.2-2+deb7u2 i386            The Cairo 2D vector graphics library
ii  libcairo2-dbg:i386   1.12.2-2+deb7u2 i386            The Cairo 2D vector graphics library (debuggi
ii  libcairo2-dev        1.12.2-2+deb7u2 i386            Development files for the Cairo 2D graphics l
un  libcairo2-doc        <none>                          (no description available)

$ gdb /usr/bin/evince
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/evince...Reading symbols from /usr/lib/debug/usr/bin/evince...done.
done.
(gdb) run ~/tmp/rosenzurosen.pdf 
Starting program: /usr/bin/evince ~/tmp/rosenzurosen.pdf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".
Gtk-Message: Failed to load module "canberra-gtk-module"
[New Thread 0xb6b1ab70 (LWP 6299)]
[New Thread 0xb6319b70 (LWP 6300)]
[New Thread 0xaf49eb70 (LWP 6306)]
[New Thread 0xaec9db70 (LWP 6307)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xaec9db70 (LWP 6307)]
active_edges (polygon=0xaec9c2e8, top=9322, left=0xb5a54c3c)
    at /tmp/buildd/cairo-1.12.2/src/cairo-polygon-intersect.c:1235
1235	/tmp/buildd/cairo-1.12.2/src/cairo-polygon-intersect.c: No such file or directory.
(gdb) where
#0  active_edges (polygon=0xaec9c2e8, top=9322, left=0xb5a54c3c)
    at /tmp/buildd/cairo-1.12.2/src/cairo-polygon-intersect.c:1235
#1  intersection_sweep (polygon=0xaec9c2e8, num_events=-1247557552, 
    start_events=0xaec9ae94)
    at /tmp/buildd/cairo-1.12.2/src/cairo-polygon-intersect.c:1271
#2  _cairo_polygon_intersect (a=a@entry=0xaec9c2e8, winding_a=winding_a@entry=0, 
    b=0xaec9bed8, winding_b=0)
    at /tmp/buildd/cairo-1.12.2/src/cairo-polygon-intersect.c:1466
#3  0xb772e0bd in clip_and_composite_polygon (antialias=CAIRO_ANTIALIAS_DEFAULT, 
    fill_rule=CAIRO_FILL_RULE_WINDING, polygon=0xaec9c2e8, extents=0xaec9c6f0, 
    compositor=0xb77d3880)
    at /tmp/buildd/cairo-1.12.2/src/cairo-spans-compositor.c:861
#4  clip_and_composite_polygon (compositor=0xb77d3880, extents=0xaec9c6f0, 
    polygon=0xaec9c2e8, fill_rule=CAIRO_FILL_RULE_WINDING, 
    antialias=CAIRO_ANTIALIAS_DEFAULT)
    at /tmp/buildd/cairo-1.12.2/src/cairo-spans-compositor.c:819
#5  0xb772ebfc in _cairo_spans_compositor_stroke (_compositor=0xb77d3880, 
    extents=0xaec9c6f0, path=0x800c16f4, style=0xaec9ca80, ctm=0xb5a318bc, 
    ctm_inverse=0xb5a318ec, tolerance=0.10000000000000001, 
    antialias=CAIRO_ANTIALIAS_DEFAULT)
    at /tmp/buildd/cairo-1.12.2/src/cairo-spans-compositor.c:985
#6  0xb76eb48c in _cairo_compositor_stroke (compositor=0xb77d3880, 
    surface=surface@entry=0xb5a33d40, op=op@entry=CAIRO_OPERATOR_OVER, 
    source=source@entry=0xaec9caac, path=path@entry=0x800c16f4, 
    style=style@entry=0xaec9ca80, ctm=ctm@entry=0xb5a318bc, 
    ctm_inverse=ctm_inverse@entry=0xb5a318ec, tolerance=0.10000000000000001, 
    tolerance@entry=<error reading variable: Could not find type for DW_OP_GNU_const_type>, antialias=antialias@entry=CAIRO_ANTIALIAS_DEFAULT, 
    clip=clip@entry=0x802cd600)
    at /tmp/buildd/cairo-1.12.2/src/cairo-compositor.c:153
#7  0xb76fe271 in _cairo_image_surface_stroke (abstract_surface=0xb5a33d40, 
    op=CAIRO_OPERATOR_OVER, source=0xaec9caac, path=0x800c16f4, 
    style=0xaec9ca80, ctm=0xb5a318bc, ctm_inverse=0xb5a318ec, 
    tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT, 
    clip=0x802cd600) at /tmp/buildd/cairo-1.12.2/src/cairo-image-surface.c:952
#8  0xb7732439 in _cairo_surface_stroke (surface=0xb5a33d40, 
    op=CAIRO_OPERATOR_OVER, source=0xaec9caac, path=0x800c16f4, 
    stroke_style=0xaec9ca80, ctm=0xb5a318bc, ctm_inverse=0xb5a318ec, 
    tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT, 
    clip=0x802cd600) at /tmp/buildd/cairo-1.12.2/src/cairo-surface.c:2043
#9  0xb76f479a in _cairo_gstate_stroke (gstate=0xb5a31808, 
    path=path@entry=0x800c16f4)
    at /tmp/buildd/cairo-1.12.2/src/cairo-gstate.c:1171
#10 0xb76ed40d in _cairo_default_context_stroke (abstract_cr=0x800c1430)
    at /tmp/buildd/cairo-1.12.2/src/cairo-default-context.c:965
#11 0xb76e57bb in INT_cairo_stroke (cr=0x800c1430)
    at /tmp/buildd/cairo-1.12.2/src/cairo.c:2146
#12 0xae466b89 in CairoOutputDev::stroke(GfxState*) ()
   from /usr/lib/i386-linux-gnu/libpoppler-glib.so.8
#13 0xae209811 in Gfx::opStroke(Object*, int) ()
   from /usr/lib/i386-linux-gnu/libpoppler.so.19
#14 0xae1ffbfa in Gfx::execOp(Object*, Object*, int) ()
   from /usr/lib/i386-linux-gnu/libpoppler.so.19
#15 0xae206b90 in Gfx::go(bool) () from /usr/lib/i386-linux-gnu/libpoppler.so.19
#16 0xae207068 in Gfx::display(Object*, bool) ()
   from /usr/lib/i386-linux-gnu/libpoppler.so.19
#17 0xae2484bf in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, Catalog*, bool (*)(void*), void*, bool (*)(Annot*, void*), void*) () from /usr/lib/i386-linux-gnu/libpoppler.so.19
#18 0xae45a0da in ?? () from /usr/lib/i386-linux-gnu/libpoppler-glib.so.8
#19 0xb5b0ff34 in pdf_page_render (page=page@entry=0x802d73a0, 
    width=width@entry=100, height=height@entry=141, rc=rc@entry=0x802d73c0)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./backend/pdf/ev-poppler.cc:359
#20 0xb5b105e3 in make_thumbnail_for_page (height=141, width=100, rc=0x802d73c0, 
    poppler_page=0x802d73a0)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./backend/pdf/ev-poppler.cc:405
#21 pdf_document_get_thumbnail (document=0x80252130, rc=0x802d73c0)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./backend/pdf/ev-poppler.cc:465
#22 0xb7f7a8e0 in ev_document_get_thumbnail (document=0x80252130, 
    rc=rc@entry=0x802d73c0)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./libdocument/ev-document.c:606
#23 0xb7f39b33 in ev_job_thumbnail_run (job=0x803e30a0)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./libview/ev-jobs.c:817
#24 0xb7f38fdf in ev_job_run (job=job@entry=0x803e30a0)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./libview/ev-jobs
#25 0xb7f3aec3 in ev_job_thread (job=0x803e30a0)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./libview/ev-job-scheduler.c:204
#26 ev_job_thread_proxy (data=0x0)
    at /build/buildd-evince_3.4.0-3.1-i386-gBFlOX/evince-3.4.0/./libview/ev-job-scheduler.c:237
#27 0xb731ceb3 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#28 0xb725bc39 in start_thread ()
   from /lib/i386-linux-gnu/i686/cmov/libpthread.so.0
#29 0xb71c878e in clone () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
(gdb) quit

$ ldd /usr/bin/evince | grep libcairo
	libcairo-gobject.so.2 => /usr/lib/i386-linux-gnu/libcairo-gobject.so.2 (0xb6f28000)
	libcairo.so.2 => /usr/lib/i386-linux-gnu/libcairo.so.2 (0xb6dcf000)
$ ls -l /usr/lib/i386-linux-gnu/libcairo.so.2
lrwxrwxrwx 1 root root 21 Jan 26 23:47 /usr/lib/i386-linux-gnu/libcairo.so.2 -> libcairo.so.2.11200.2
$ ls -l /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2
-rw-r--r-- 1 root root 1092528 Jan 26 23:47 /usr/lib/i386-linux-gnu/libcairo.so.2.11200.2


Information forwarded to debian-bugs-dist@lists.debian.org, Dave Beckett <dajobe@debian.org>:
Bug#690799; Package libcairo2. (Sun, 03 Feb 2013 17:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Steven Chamberlain <steven@pyro.eu.org>:
Extra info received and forwarded to list. Copy sent to Dave Beckett <dajobe@debian.org>. (Sun, 03 Feb 2013 17:18:03 GMT) Full text and rfc822 format available.

Message #74 received at 690799@bugs.debian.org (full text, mbox):

From: Steven Chamberlain <steven@pyro.eu.org>
To: Kubo Hiroshi <h-kubo@geisya.or.jp>
Cc: biebl@debian.org, 690799@bugs.debian.org
Subject: Re: Bug#690799: evnice crashes with a certain PDF file
Date: Sun, 03 Feb 2013 17:14:47 +0000
Hi,

On 03/02/13 16:57, Kubo Hiroshi wrote:
> I installed your libcairo2-1.12.2-2+deb7u2  to the system
> and tried again.

Thank you for testing this.

I guess it did not work because -2+deb7u2 didn't contain Neil's fix;
but I can't check that now because the packages and changelogs of
1.12.2-2+deb7u2 have been deleted.

Let's hope this problem is fixed in 1.12.2-3 now available in sid:
http://cdn.debian.net/debian/pool/main/c/cairo/

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org



Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 19 Mar 2013 07:27:03 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 05:23:48 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.