<html>
<head>
<base href="https://bugs.freedesktop.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Priority</th>
<td>medium
</td>
</tr>
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW --- - cairo_line_to segfaults when used from pdf2svg from homebrew on macosx"
href="https://bugs.freedesktop.org/show_bug.cgi?id=63203">63203</a>
</td>
</tr>
<tr>
<th>Assignee</th>
<td>emmanuel.pacaud@lapp.in2p3.fr
</td>
</tr>
<tr>
<th>Summary</th>
<td>cairo_line_to segfaults when used from pdf2svg from homebrew on macosx
</td>
</tr>
<tr>
<th>QA Contact</th>
<td>cairo-bugs@cairographics.org
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Reporter</th>
<td>wagle@mac.com
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Other
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Version</th>
<td>1.12.14
</td>
</tr>
<tr>
<th>Component</th>
<td>svg backend
</td>
</tr>
<tr>
<th>Product</th>
<td>cairo
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=77513" name="attach_77513" title="sample_pdf_file">attachment 77513</a> <a href="attachment.cgi?id=77513&action=edit" title="sample_pdf_file">[details]</a></span>
sample_pdf_file
When running sample_pdf_file (see attached) through pdf2svg, the first indirect
call in cairo_line_to() segfaults when trying to call address zero.
This happens on macosx 10.8.2 with cairo 1.12.14 via homebrew. Installing
older versions of cairo (for example 1.12.8) fixes the segfault.
Here's a session with gdb (so, oh, its also going through poppler):
#0 0x0000000000000000 in ?? ()
#1 0x0000000100e53d2c in cairo_line_to ()
#2 0x00000001009988e6 in CairoOutputDev::doPath ()
#3 0x00000001009999e8 in CairoOutputDev::clip ()
#4 0x0000000100c9d693 in Gfx::drawForm ()
#5 0x0000000100ca6427 in Gfx::doForm ()
#6 0x0000000100c97cf6 in Gfx::opXObject ()
#7 0x0000000100c9cbf6 in Gfx::go ()
#8 0x0000000100c9c940 in Gfx::display ()
#9 0x0000000100cd7721 in Page::displaySlice ()
#10 0x000000010099015a in _poppler_page_render ()
#11 0x0000000100001a48 in convertPage ()
#12 0x0000000100001b5f in main ()
(gdb) list
No symbol table is loaded. Use the "file" command.
(gdb) up
#1 0x0000000100e53d2c in cairo_line_to ()
(gdb) list
No symbol table is loaded. Use the "file" command.
(gdb) disasm
Undefined command: "disasm". Try "help".
(gdb) disas
Dump of assembler code for function cairo_line_to:
0x0000000100e53d10 <cairo_line_to+0>: push %rbp
0x0000000100e53d11 <cairo_line_to+1>: mov %rsp,%rbp
0x0000000100e53d14 <cairo_line_to+4>: push %rbx
0x0000000100e53d15 <cairo_line_to+5>: push %rax
0x0000000100e53d16 <cairo_line_to+6>: mov %rdi,%rbx
0x0000000100e53d19 <cairo_line_to+9>: cmpl $0x0,0x4(%rbx)
0x0000000100e53d1d <cairo_line_to+13>: jne 0x100e53d30 <cairo_line_to+32>
0x0000000100e53d1f <cairo_line_to+15>: mov 0x20(%rbx),%rax
0x0000000100e53d23 <cairo_line_to+19>: mov %rbx,%rdi
0x0000000100e53d26 <cairo_line_to+22>: callq *0x198(%rax)
0x0000000100e53d2c <cairo_line_to+28>: test %eax,%eax
0x0000000100e53d2e <cairo_line_to+30>: jne 0x100e53d37 <cairo_line_to+39>
0x0000000100e53d30 <cairo_line_to+32>: add $0x8,%rsp
0x0000000100e53d34 <cairo_line_to+36>: pop %rbx
0x0000000100e53d35 <cairo_line_to+37>: pop %rbp
0x0000000100e53d36 <cairo_line_to+38>: retq
0x0000000100e53d37 <cairo_line_to+39>: mov %rbx,%rdi
0x0000000100e53d3a <cairo_line_to+42>: mov %eax,%esi
0x0000000100e53d3c <cairo_line_to+44>: add $0x8,%rsp
0x0000000100e53d40 <cairo_line_to+48>: pop %rbx
0x0000000100e53d41 <cairo_line_to+49>: pop %rbp
0x0000000100e53d42 <cairo_line_to+50>: jmpq 0x100e5363a <_cairo_set_error></pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the QA Contact for the bug.</li>
</ul>
</body>
</html>