<html>
<head>
<base href="https://bugs.freedesktop.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Priority</th>
<td>medium
</td>
</tr>
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW --- - crash in cairo PDF writer when rendering certain PDFs to PDFs using poppler"
href="https://bugs.freedesktop.org/show_bug.cgi?id=61451">61451</a>
</td>
</tr>
<tr>
<th>Assignee</th>
<td>ajohnson@redneon.com
</td>
</tr>
<tr>
<th>Summary</th>
<td>crash in cairo PDF writer when rendering certain PDFs to PDFs using poppler
</td>
</tr>
<tr>
<th>QA Contact</th>
<td>cairo-bugs@cairographics.org
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux (All)
</td>
</tr>
<tr>
<th>Reporter</th>
<td>jana@saout.de
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Other
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Version</th>
<td>1.12.12
</td>
</tr>
<tr>
<th>Component</th>
<td>pdf backend
</td>
</tr>
<tr>
<th>Product</th>
<td>cairo
</td>
</tr></table>
<p>
<div>
<pre>We are using a simple PDF-to-PDF converter (the main reason is to simplify the
PDFs). For this we are using a small python script (simplified version
attached below) that uses poppler to render into a cairo surface, which writes
to a PDF.
During this, certain PDF files crash the PDF writer. At some point a NULL
pointer is passed down which later crashes a function.
I "fixed" this bug by replacing the NULL pointer by another pointer somewhere
up the call chain - not knowing if this is the correct fix. (the PDF looks
right though, and the crash is gone)
I am getting the following crash:
Program received signal SIGSEGV, Segmentation fault.
_cairo_box_from_rectangle (box=box@entry=0x7fffffffd240, rect=rect@entry=0x0)
at cairo-rectangle.c:77
77 box->p1.x = _cairo_fixed_from_int (rect->x);
(gdb) bt
#0 _cairo_box_from_rectangle (box=box@entry=0x7fffffffd240,
rect=rect@entry=0x0) at cairo-rectangle.c:77
#1 0x00007ffff7a007a2 in _cairo_pdf_surface_add_padded_image_surface (
surface=surface@entry=0xa24580, source=source@entry=0xb47910, extents=0x0,
surface_res=surface_res@entry=0x7fffffffd380,
width=width@entry=0x7fffffffd3a0, height=height@entry=0x7fffffffd3c0,
x_offset=x_offset@entry=0x7fffffffd400,
y_offset=y_offset@entry=0x7fffffffd408) at cairo-pdf-surface.c:2123
#2 0x00007ffff7a00d77 in _cairo_pdf_surface_paint_surface_pattern (
surface=0xa24580, source=0xb47910, extents=<optimized out>, stencil_mask=1)
at cairo-pdf-surface.c:3925
#3 0x00007ffff7a01252 in _cairo_pdf_surface_emit_stencil_mask (
extents=0x7fffffffd56c, mask=<optimized out>, source=<optimized out>,
surface=0xa24580) at cairo-pdf-surface.c:6378
#4 _cairo_pdf_surface_mask (abstract_surface=0xa24580, op=<optimized out>,
source=0xb477f8, mask=0xb47910, clip=<optimized out>)
at cairo-pdf-surface.c:6608
#5 0x00007ffff79a3c24 in _cairo_surface_mask (surface=0xa24580,
op=CAIRO_OPERATOR_OVER, source=0xb477f8, mask=0xb47910, clip=0xa27f10)
at cairo-surface.c:2054
#6 0x00007ffff79a9fb6 in _cairo_surface_wrapper_mask (
wrapper=wrapper@entry=0x7fffffffdc20, op=CAIRO_OPERATOR_OVER,
source=<optimized out>, source@entry=0xb477f8, mask=mask@entry=0xb47910,
clip=<optimized out>) at cairo-surface-wrapper.c:206
#7 0x00007ffff7995587 in _cairo_recording_surface_replay_internal (
surface=<optimized out>, surface_extents=<optimized out>,
surface_transform=<optimized out>, target=<optimized out>,
target_clip=<optimized out>, type=CAIRO_RECORDING_REPLAY,
region=CAIRO_RECORDING_REGION_NATIVE) at cairo-recording-surface.c:1678
#8 0x00007ffff79966a7 in _cairo_recording_surface_replay_region (
surface=<optimized out>, surface_extents=surface_extents@entry=0x0,
target=<optimized out>, region=region@entry=CAIRO_RECORDING_REGION_NATIVE)
at cairo-recording-surface.c:1934
#9 0x00007ffff7977861 in _paint_page (surface=0xa26510)
at cairo-paginated-surface.c:406
#10 0x00007ffff7977adc in _cairo_paginated_surface_show_page (
abstract_surface=0xa26510) at cairo-paginated-surface.c:509
#11 0x00007ffff79a413b in INT_cairo_surface_show_page (surface=0xa26510)
at cairo-surface.c:2305
#12 0x00007ffff7a712ea in surface_show_page ()
from /usr/lib64/python2.7/site-packages/cairo/_cairo.so
[...]
and I "fixed" the NULL pointer issue using this:
--- cairo-1.12.12/src/cairo-pdf-surface.c.orig 2013-02-25 17:01:27.130438874
+0100
+++ cairo-1.12.12/src/cairo-pdf-surface.c 2013-02-25 17:01:33.217105734
+0100
@@ -6375,7 +6375,7 @@ _cairo_pdf_surface_emit_stencil_mask (ca
return status;
_cairo_output_stream_printf (surface->output, "q\n");
- status = _cairo_pdf_surface_paint_surface_pattern (surface, mask, NULL,
TRUE);
+ status = _cairo_pdf_surface_paint_surface_pattern (surface, mask, extents,
TRUE);
if (unlikely (status))
return status;
The script used: (needs cairo python bindings, poppler and poppler-python
bindings). (I guess it should be simple to write a C analogon, as long as you
have poppler installed). My poppler version is 0.20.5 by the way.
Called "python pdftopdf.py input.pdf output.pdf":
The link to an example input PDF that produces the crash:
<a href="http://www.saout.de/assets/Kfz-Techniker_Teil_II_11478_print.pdf">http://www.saout.de/assets/Kfz-Techniker_Teil_II_11478_print.pdf</a>
#!/usr/bin/env python
import os, sys
import poppler, cairo
d = poppler.document_new_from_file('file://' + os.path.abspath(sys.argv[1]),
'')
out = sys.argv[2]
s = None
n = d.get_n_pages()
for i in xrange(n):
p = d.get_page(i)
w, h = p.get_size()
if s is None:
s = cairo.PDFSurface(out, w, h)
s.set_size(w, h)
c = cairo.Context(s)
p.render(c)
del c
s.show_page()</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the QA Contact for the bug.</li>
</ul>
</body>
</html>