[cairo-bugs] [Bug 66871] New: segmentation fault when using cairo_show_text inside evince backend

Sat Jul 13 01:14:32 PDT 2013

https://bugs.freedesktop.org/show_bug.cgi?id=66871

          Priority: medium
            Bug ID: 66871
          Assignee: david at freetype.org
           Summary: segmentation fault when using cairo_show_text inside
                    evince backend
        QA Contact: cairo-bugs at cairographics.org
          Severity: critical
    Classification: Unclassified
                OS: Linux (All)
          Reporter: cogniti at gmail.com
          Hardware: x86-64 (AMD64)
            Status: NEW
           Version: 1.12.14
         Component: freetype font backend
           Product: cairo

Created attachment 82377
  --> https://bugs.freedesktop.org/attachment.cgi?id=82377&action=edit
cairo test inside evince backend

Hello.

I am developing evince backend for hwp document file.
I want to apply pango layout to evince hwp backend.
I apply pango to evince backend, so that segmentation fault occurs
intermittently.
Using gdb, I have found that segmentation fault can occur in cairo_show_glyphs

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff2db3f91 in ?? () from /usr/lib/x86_64-linux-gnu/libfreetype.so.6
(gdb) bt
#0  0x00007ffff2db3f91 in ?? () from /usr/lib/x86_64-linux-gnu/libfreetype.so.6
#1  0x00007ffff2db48fa in ?? () from /usr/lib/x86_64-linux-gnu/libfreetype.so.6
#2  0x00007ffff2db49d9 in ?? () from /usr/lib/x86_64-linux-gnu/libfreetype.so.6
#3  0x00007ffff2db4c84 in ?? () from /usr/lib/x86_64-linux-gnu/libfreetype.so.6
#4  0x00007ffff2db5480 in ?? () from /usr/lib/x86_64-linux-gnu/libfreetype.so.6
#5  0x00007ffff2d6a1ee in FT_Outline_Decompose ()
   from /usr/lib/x86_64-linux-gnu/libfreetype.so.6
#6  0x00007ffff2db4035 in ?? () from /usr/lib/x86_64-linux-gnu/libfreetype.so.6
#7  0x00007ffff2db4375 in ?? () from /usr/lib/x86_64-linux-gnu/libfreetype.so.6
#8  0x00007ffff2db3adb in ?? () from /usr/lib/x86_64-linux-gnu/libfreetype.so.6
#9  0x00007ffff2db3c9f in ?? () from /usr/lib/x86_64-linux-gnu/libfreetype.so.6
#10 0x00007ffff2d6e705 in FT_Render_Glyph_Internal ()
   from /usr/lib/x86_64-linux-gnu/libfreetype.so.6
#11 0x00007ffff5b30b12 in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
#12 0x00007ffff5ae3e80 in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
#13 0x00007ffff5b13326 in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
#14 0x00007ffff5afc4d3 in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
#15 0x00007ffff5afc6fe in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
#16 0x00007ffff5aac3a1 in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
#17 0x00007ffff5b15aef in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
#18 0x00007ffff5aebb0a in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
#19 0x00007ffff5af05f5 in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
#20 0x00007ffff5af10ec in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
---Type <return> to continue, or q <return> to quit--- 
#21 0x00007ffff5aebb0a in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
#22 0x00007ffff5ab4d31 in ?? () from /usr/lib/x86_64-linux-gnu/libcairo.so.2
#23 0x00007ffff5aa78c3 in cairo_show_glyphs ()
   from /usr/lib/x86_64-linux-gnu/libcairo.so.2
#24 0x00007ffff63fe8f5 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libpangocairo-1.0.so.0
#25 0x00007ffff63febc4 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libpangocairo-1.0.so.0
#26 0x00007ffff5daa99d in pango_renderer_draw_glyphs ()
   from /usr/lib/x86_64-linux-gnu/libpango-1.0.so.0

And, I tested sample code using cairo_show_text inside evince backend,
it also makes segmentation fault occurred intermittently.

static void
draw_sample (cairo_t *cr)
{
    cairo_select_font_face (cr, "Sans", CAIRO_FONT_SLANT_NORMAL,
                                   CAIRO_FONT_WEIGHT_BOLD);
    cairo_set_font_size (cr, 20.0);

    cairo_move_to (cr, 10.0, 135.0);
    cairo_show_text (cr, "abcdefghijklm");

    cairo_move_to (cr, 70.0, 165.0);
    cairo_text_path (cr, "nopqrstuvwxyz");
    cairo_set_source_rgb (cr, 0.5, 0.5, 1);
    cairo_fill_preserve (cr);
    cairo_set_source_rgb (cr, 0, 0, 0);
    cairo_set_line_width (cr, 2.56);
    cairo_stroke (cr);

    /* draw helping lines */
    cairo_set_source_rgba (cr, 1, 0.2, 0.2, 0.6);
    cairo_arc (cr, 10.0, 135.0, 5.12, 0, 2*M_PI);
    cairo_close_path (cr);
    cairo_arc (cr, 70.0, 165.0, 5.12, 0, 2*M_PI);
    cairo_fill (cr);
}

/* inside evince backend */
gboolean example_page_render (ExamplePage *page, cairo_t *cr)
{
    g_return_val_if_fail (EXAMPLE_IS_PAGE (page), FALSE);
/*    draw_text (cr);*/
    draw_sample (cr);
    return TRUE;
}

I cannot understand the behavior that when I use pango or cairo_show_text
inside evince backend, segmentation fault occurs.

Is it because of fontmap or thread ?
but considering ev_job_render_run (EvJob *job) in libview/ev-jobs.c

    ev_document_fc_mutex_lock ()
    ...
    job_render->surface = ev_document_render (job->document, rc);
    ...
    ev_document_fc_mutex_unlock ()

it might occur in cairo.

I don't know why. Is it a bug ?

To test libexample and evince-sample-backend please follow the below steps.

Step 1. Downloads the attachment and extract.

evince-sample-backend and libexample will be created.

Step 2. compile and install libexample

cd libexample
./autogen.sh
make
sudo make install
sudo ldconfig
cd ..

Step 3. compile and install evince-sample-backend

cd evince-sample-backend
./autogen.sh
make
sudo make install
sudo ldconfig

Step 4. open the any text file from the terminal with evince many times.
Try many times.

$ evince any.txt

My current environment:
debian wheezy
evince          3.4.0-3.1
libfreetype6    2.4.9-1.1(I also tested 2.5.0)
libpango1.0-0   1.30.0-1 (I also tested 1.30.0 / 1.32.5 / 1.34.1 / 1.35.0)
libcairo2       1.12.2-3 (I also tested 1.12.14)

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20130713/f72ca88f/attachment.html>