[cairo-bugs] [Bug 102922] evince abrt on a double free in cairo_truetype_font_destroy

Thu Sep 21 07:17:34 UTC 2017

https://bugs.freedesktop.org/show_bug.cgi?id=102922

--- Comment #1 from Sebastien Bacher <seb128 at ubuntu.com> ---
valgrind reports an invalid read error

==7173== Invalid write of size 8
==7173==    at 0x6C86FD7: cairo_truetype_font_write_glyf_table
(cairo-truetype-subset.c:690)
==7173==    by 0x6C8858B: cairo_truetype_font_generate
(cairo-truetype-subset.c:978)
==7173==    by 0x6C8858B: cairo_truetype_subset_init_internal
(cairo-truetype-subset.c:1146)
==7173==    by 0x6CC637A: _cairo_pdf_surface_emit_truetype_font_subset
(cairo-pdf-surface.c:5436)
==7173==    by 0x6CC637A: _cairo_pdf_surface_emit_unscaled_font_subset
(cairo-pdf-surface.c:5910)
==7173==    by 0x6C84CE0: _cairo_sub_font_collect
(cairo-scaled-font-subsets.c:746)
==7173==    by 0x6C84CE0: _cairo_scaled_font_subsets_foreach_internal
(cairo-scaled-font-subsets.c:1067)
==7173==    by 0x6CC20D7: _cairo_pdf_surface_emit_font_subsets
(cairo-pdf-surface.c:5956)
==7173==    by 0x6CC20D7: _cairo_pdf_surface_finish (cairo-pdf-surface.c:2031)
==7173==    by 0x6C68EC5: _cairo_surface_finish (cairo-surface.c:1033)
==7173==    by 0x6C69AD6: cairo_surface_finish (cairo-surface.c:1080)
==7173==    by 0x6C3DC8E: _cairo_paginated_surface_finish
(cairo-paginated-surface.c:213)
==7173==    by 0x6C68EC5: _cairo_surface_finish (cairo-surface.c:1033)
==7173==    by 0x6C69AD6: cairo_surface_finish (cairo-surface.c:1080)
==7173==    by 0x5B0DB16: unix_end_run (gtkprintoperation-unix.c:373)
==7173==    by 0x59DF5F7: print_pages_idle (gtkprintoperation.c:2935)
==7173==    by 0x6097B8F: gdk_threads_dispatch (gdk.c:743)
==7173==    by 0x776ADE4: g_main_context_dispatch (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==7173==    by 0x776B1AF: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==7173==    by 0x776B23B: g_main_context_iteration (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==7173==    by 0x6FAEBEC: g_application_run (in
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.5400.0)
==7173==    by 0x127C97: main (main.c:316)
==7173==  Address 0x166d0558 is 8 bytes after a block of size 160 alloc'd
==7173==    at 0x4C31B25: calloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7173==    by 0x6C87FAF: _cairo_truetype_font_create
(cairo-truetype-subset.c:205)
==7173==    by 0x6C87FAF: cairo_truetype_subset_init_internal
(cairo-truetype-subset.c:1134)
==7173==    by 0x6CC637A: _cairo_pdf_surface_emit_truetype_font_subset
(cairo-pdf-surface.c:5436)
==7173==    by 0x6CC637A: _cairo_pdf_surface_emit_unscaled_font_subset
(cairo-pdf-surface.c:5910)
==7173==    by 0x6C84CE0: _cairo_sub_font_collect
(cairo-scaled-font-subsets.c:746)
==7173==    by 0x6C84CE0: _cairo_scaled_font_subsets_foreach_internal
(cairo-scaled-font-subsets.c:1067)
==7173==    by 0x6CC20D7: _cairo_pdf_surface_emit_font_subsets
(cairo-pdf-surface.c:5956)
==7173==    by 0x6CC20D7: _cairo_pdf_surface_finish (cairo-pdf-surface.c:2031)
==7173==    by 0x6C68EC5: _cairo_surface_finish (cairo-surface.c:1033)
==7173==    by 0x6C69AD6: cairo_surface_finish (cairo-surface.c:1080)
==7173==    by 0x6C3DC8E: _cairo_paginated_surface_finish
(cairo-paginated-surface.c:213)
==7173==    by 0x6C68EC5: _cairo_surface_finish (cairo-surface.c:1033)
==7173==    by 0x6C69AD6: cairo_surface_finish (cairo-surface.c:1080)
==7173==    by 0x5B0DB16: unix_end_run (gtkprintoperation-unix.c:373)
==7173==    by 0x59DF5F7: print_pages_idle (gtkprintoperation.c:2935)
==7173==    by 0x6097B8F: gdk_threads_dispatch (gdk.c:743)
==7173==    by 0x776ADE4: g_main_context_dispatch (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==7173==    by 0x776B1AF: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==7173==    by 0x776B23B: g_main_context_iteration (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==7173==    by 0x6FAEBEC: g_application_run (in
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.5400.0)
==7173==    by 0x127C97: main (main.c:316)

let me know if you need more debug info

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20170921/3cb08964/attachment.html>