[cairo-bugs] [Bug 15216] evince crashed with SIGSEGV in ft_glyphslot_free_bitmap()

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Thu Mar 27 03:51:58 PDT 2008 

http://bugs.freedesktop.org/show_bug.cgi?id=15216


Chris Wilson <chris at chris-wilson.co.uk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|pdf backend                 |cairo backend
            Product|cairo                       |poppler
            Version|1.5.15                      |unspecified




--- Comment #1 from Chris Wilson <chris at chris-wilson.co.uk>  2008-03-27 03:51:54 PST ---
valgrind reports:
==13745== Invalid read of size 4
==13745==    at 0x51BE572: FT_Load_Glyph (ftobjs.c:549)
==13745==    by 0x4A24921: _cairo_ft_scaled_glyph_init (cairo-ft-font.c:1922)
==13745==    by 0x4A117AB: _cairo_scaled_glyph_lookup
(cairo-scaled-font.c:1674)
==13745==    by 0x4A12A5A: _cairo_scaled_font_glyph_device_extents
(cairo-scaled-font.c:1124)
==13745==    by 0x4A21ECD: _cairo_analysis_surface_show_glyphs
(cairo-analysis-surface.c:516)
==13745==    by 0x4A144DC: _cairo_surface_show_glyphs (cairo-surface.c:2086)
==13745==    by 0x4A1FCC8: _cairo_meta_surface_replay_internal
(cairo-meta-surface.c:816)
==13745==    by 0x4A214B1: _paint_page (cairo-paginated-surface.c:299)
==13745==    by 0x4A2171E: _cairo_paginated_surface_show_page
(cairo-paginated-surface.c:445)
==13745==    by 0x4A14BDF: cairo_surface_show_page (cairo-surface.c:1702)
==13745==    by 0x49FF661: cairo_show_page (cairo.c:2155)
==13745==    by 0xA267D97:
pdf_document_file_exporter_end_page(_EvFileExporter*) (ev-poppler.cc:1753)
==13745==  Address 0x55c5630 is 88 bytes inside a block of size 552 free'd
==13745==    at 0x402269C: free (vg_replace_malloc.c:326)
==13745==    by 0x51B7ABC: ft_free (ftsystem.c:158)
==13745==    by 0x51BB319: ft_mem_free (ftutil.c:171)
==13745==    by 0x51BC318: destroy_face (ftobjs.c:856)
==13745==    by 0x51BC3B2: FT_Done_Face (ftobjs.c:1972)
==13745==    by 0x4363704: CairoFont::~CairoFont() (CairoFontEngine.cc:251)
==13745==    by 0x436401D: CairoFontEngine::getFont(GfxFont*, XRef*)
(CairoFontEngine.cc:335)
==13745==    by 0x4366915: CairoOutputDev::updateFont(GfxState*)
(CairoOutputDev.cc:318)
==13745==    by 0x5093BF1: Gfx::opShowText(Object*, int) (Gfx.cc:3073)
==13745==    by 0x508F901: Gfx::execOp(Object*, Object*, int) (Gfx.cc:726)
==13745==    by 0x50906FF: Gfx::go(int) (Gfx.cc:594)
==13745==    by 0x5090C96: Gfx::display(Object*, int) (Gfx.cc:557)
==13745==

which looks like poppler has called FT_Done_Face on a live cairo_font_face_t.


-- 
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the cairo-bugs mailing list