[cairo-bugs] [Bug 61451] New: crash in cairo PDF writer when rendering certain PDFs to PDFs using poppler
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Feb 25 08:13:26 PST 2013
https://bugs.freedesktop.org/show_bug.cgi?id=61451
Priority: medium
Bug ID: 61451
Assignee: ajohnson at redneon.com
Summary: crash in cairo PDF writer when rendering certain PDFs
to PDFs using poppler
QA Contact: cairo-bugs at cairographics.org
Severity: normal
Classification: Unclassified
OS: Linux (All)
Reporter: jana at saout.de
Hardware: Other
Status: NEW
Version: 1.12.12
Component: pdf backend
Product: cairo
We are using a simple PDF-to-PDF converter (the main reason is to simplify the
PDFs). For this we are using a small python script (simplified version
attached below) that uses poppler to render into a cairo surface, which writes
to a PDF.
During this, certain PDF files crash the PDF writer. At some point a NULL
pointer is passed down which later crashes a function.
I "fixed" this bug by replacing the NULL pointer by another pointer somewhere
up the call chain - not knowing if this is the correct fix. (the PDF looks
right though, and the crash is gone)
I am getting the following crash:
Program received signal SIGSEGV, Segmentation fault.
_cairo_box_from_rectangle (box=box at entry=0x7fffffffd240, rect=rect at entry=0x0)
at cairo-rectangle.c:77
77 box->p1.x = _cairo_fixed_from_int (rect->x);
(gdb) bt
#0 _cairo_box_from_rectangle (box=box at entry=0x7fffffffd240,
rect=rect at entry=0x0) at cairo-rectangle.c:77
#1 0x00007ffff7a007a2 in _cairo_pdf_surface_add_padded_image_surface (
surface=surface at entry=0xa24580, source=source at entry=0xb47910, extents=0x0,
surface_res=surface_res at entry=0x7fffffffd380,
width=width at entry=0x7fffffffd3a0, height=height at entry=0x7fffffffd3c0,
x_offset=x_offset at entry=0x7fffffffd400,
y_offset=y_offset at entry=0x7fffffffd408) at cairo-pdf-surface.c:2123
#2 0x00007ffff7a00d77 in _cairo_pdf_surface_paint_surface_pattern (
surface=0xa24580, source=0xb47910, extents=<optimized out>, stencil_mask=1)
at cairo-pdf-surface.c:3925
#3 0x00007ffff7a01252 in _cairo_pdf_surface_emit_stencil_mask (
extents=0x7fffffffd56c, mask=<optimized out>, source=<optimized out>,
surface=0xa24580) at cairo-pdf-surface.c:6378
#4 _cairo_pdf_surface_mask (abstract_surface=0xa24580, op=<optimized out>,
source=0xb477f8, mask=0xb47910, clip=<optimized out>)
at cairo-pdf-surface.c:6608
#5 0x00007ffff79a3c24 in _cairo_surface_mask (surface=0xa24580,
op=CAIRO_OPERATOR_OVER, source=0xb477f8, mask=0xb47910, clip=0xa27f10)
at cairo-surface.c:2054
#6 0x00007ffff79a9fb6 in _cairo_surface_wrapper_mask (
wrapper=wrapper at entry=0x7fffffffdc20, op=CAIRO_OPERATOR_OVER,
source=<optimized out>, source at entry=0xb477f8, mask=mask at entry=0xb47910,
clip=<optimized out>) at cairo-surface-wrapper.c:206
#7 0x00007ffff7995587 in _cairo_recording_surface_replay_internal (
surface=<optimized out>, surface_extents=<optimized out>,
surface_transform=<optimized out>, target=<optimized out>,
target_clip=<optimized out>, type=CAIRO_RECORDING_REPLAY,
region=CAIRO_RECORDING_REGION_NATIVE) at cairo-recording-surface.c:1678
#8 0x00007ffff79966a7 in _cairo_recording_surface_replay_region (
surface=<optimized out>, surface_extents=surface_extents at entry=0x0,
target=<optimized out>, region=region at entry=CAIRO_RECORDING_REGION_NATIVE)
at cairo-recording-surface.c:1934
#9 0x00007ffff7977861 in _paint_page (surface=0xa26510)
at cairo-paginated-surface.c:406
#10 0x00007ffff7977adc in _cairo_paginated_surface_show_page (
abstract_surface=0xa26510) at cairo-paginated-surface.c:509
#11 0x00007ffff79a413b in INT_cairo_surface_show_page (surface=0xa26510)
at cairo-surface.c:2305
#12 0x00007ffff7a712ea in surface_show_page ()
from /usr/lib64/python2.7/site-packages/cairo/_cairo.so
[...]
and I "fixed" the NULL pointer issue using this:
--- cairo-1.12.12/src/cairo-pdf-surface.c.orig 2013-02-25 17:01:27.130438874
+0100
+++ cairo-1.12.12/src/cairo-pdf-surface.c 2013-02-25 17:01:33.217105734
+0100
@@ -6375,7 +6375,7 @@ _cairo_pdf_surface_emit_stencil_mask (ca
return status;
_cairo_output_stream_printf (surface->output, "q\n");
- status = _cairo_pdf_surface_paint_surface_pattern (surface, mask, NULL,
TRUE);
+ status = _cairo_pdf_surface_paint_surface_pattern (surface, mask, extents,
TRUE);
if (unlikely (status))
return status;
The script used: (needs cairo python bindings, poppler and poppler-python
bindings). (I guess it should be simple to write a C analogon, as long as you
have poppler installed). My poppler version is 0.20.5 by the way.
Called "python pdftopdf.py input.pdf output.pdf":
The link to an example input PDF that produces the crash:
http://www.saout.de/assets/Kfz-Techniker_Teil_II_11478_print.pdf
#!/usr/bin/env python
import os, sys
import poppler, cairo
d = poppler.document_new_from_file('file://' + os.path.abspath(sys.argv[1]),
'')
out = sys.argv[2]
s = None
n = d.get_n_pages()
for i in xrange(n):
p = d.get_page(i)
w, h = p.get_size()
if s is None:
s = cairo.PDFSurface(out, w, h)
s.set_size(w, h)
c = cairo.Context(s)
p.render(c)
del c
s.show_page()
--
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20130225/8d161a46/attachment.html>
More information about the cairo-bugs
mailing list