[cairo-bugs] [Bug 102922] evince abrt on a double free in cairo_truetype_font_destroy

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Sep 22 06:27:25 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=102922

Sebastien Bacher <seb128 at ubuntu.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #5 from Sebastien Bacher <seb128 at ubuntu.com> ---
> Hopefully the backtrace for this one would be more useful, but I am just guessing here.

backtrace is

#1  0x00007ffff48bef5d in __GI_abort () at abort.c:90
#2  0x00007ffff48b4f17 in __assert_fail_base (fmt=<optimised out>,
assertion=assertion at entry=0x7ffff5de0e18 "font->base.num_glyphs <
font->num_glyphs_in_face", file=file at entry=0x7ffff5de0e00
"cairo-truetype-subset.c", line=line at entry=1029,
function=function at entry=0x7ffff5de0e80 <__PRETTY_FUNCTION__.11613>
"cairo_truetype_font_use_glyph") at assert.c:92
#3  0x00007ffff48b4fc2 in __GI___assert_fail
(assertion=assertion at entry=0x7ffff5de0e18 "font->base.num_glyphs <
font->num_glyphs_in_face", file=file at entry=0x7ffff5de0e00
"cairo-truetype-subset.c", line=line at entry=1029,
function=function at entry=0x7ffff5de0e80 <__PRETTY_FUNCTION__.11613>
"cairo_truetype_font_use_glyph")
    at assert.c:101
#4  0x00007ffff5d8da79 in cairo_truetype_font_use_glyph (font=<optimised out>,
glyph=<optimised out>, out=<optimised out>) at cairo-truetype-subset.c:1029
#5  0x00007ffff5d8f63f in cairo_truetype_subset_init_internal
(truetype_subset=truetype_subset at entry=0x7fffffffd840,
font_subset=font_subset at entry=0x7fffffffd9b0, is_pdf=is_pdf at entry=1) at
cairo-truetype-subset.c:1142
#6  0x00007ffff5d8ffea in _cairo_truetype_subset_init_pdf
(truetype_subset=truetype_subset at entry=0x7fffffffd840,
font_subset=font_subset at entry=0x7fffffffd9b0)
    at cairo-truetype-subset.c:1244
#7  0x00007ffff5dceb8b in _cairo_pdf_surface_emit_truetype_font_subset
(font_subset=0x7fffffffd9b0, surface=0x55555621aad0) at
cairo-pdf-surface.c:5436
#8  0x00007ffff5dceb8b in _cairo_pdf_surface_emit_unscaled_font_subset
(font_subset=0x7fffffffd9b0, closure=0x55555621aad0) at
cairo-pdf-surface.c:5910
#9  0x00007ffff5d8c20e in _cairo_sub_font_collect (closure=0x7fffffffd960,
entry=0x55555605bc00) at cairo-scaled-font-subsets.c:746
#10 0x00007ffff5d8c20e in _cairo_scaled_font_subsets_foreach_internal
(font_subsets=<optimised out>,
font_subset_callback=font_subset_callback at entry=0x7ffff5dceaa0
<_cairo_pdf_surface_emit_unscaled_font_subset>,
closure=closure at entry=0x55555621aad0,
type=type at entry=CAIRO_SUBSETS_FOREACH_UNSCALED)
    at cairo-scaled-font-subsets.c:1067
#11 0x00007ffff5d8d0b7 in _cairo_scaled_font_subsets_foreach_unscaled
(font_subsets=<optimised out>,
font_subset_callback=font_subset_callback at entry=0x7ffff5dceaa0
<_cairo_pdf_surface_emit_unscaled_font_subset>,
closure=closure at entry=0x55555621aad0) at cairo-scaled-font-subsets.c:1095
#12 0x00007ffff5dca673 in _cairo_pdf_surface_emit_font_subsets
(surface=0x55555621aad0) at cairo-pdf-surface.c:5956
#13 0x00007ffff5dca673 in _cairo_pdf_surface_finish
(abstract_surface=0x55555621aad0) at cairo-pdf-surface.c:2031
#14 0x00007ffff5d70486 in _cairo_surface_finish (surface=0x55555621aad0)
    at cairo-surface.c:1033
#15 0x00007ffff5d710b7 in INT_cairo_surface_finish (surface=0x55555621aad0)
    at cairo-surface.c:1080
#16 0x00007ffff5d43365 in _cairo_paginated_surface_finish
(abstract_surface=0x555556197e90) at cairo-paginated-surface.c:213
#17 0x00007ffff5d70486 in _cairo_surface_finish (surface=0x555556197e90)
    at cairo-surface.c:1033
#18 0x00007ffff5d710b7 in INT_cairo_surface_finish (surface=0x555556197e90)
    at cairo-surface.c:1080
#19 0x00007ffff6f5fb17 in unix_end_run (op=0x55555583a430, wait=0, cancelled=0)
    at ././gtk/gtkprintoperation-unix.c:373
#20 0x00007ffff6e315f8 in print_pages_idle (user_data=0x555555f9f840)
    at ././gtk/gtkprintoperation.c:2935
#21 0x00007ffff68ceb90 in gdk_threads_dispatch (data=0x5555559cb820)
    at ././gdk/gdk.c:743
#22 0x00007ffff5225de5 in g_main_context_dispatch ()
    at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#23 0x00007ffff52261b0 in  () at /lib/x86_64-linux-gnu/libglib-2.0.so.0

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20170922/58cf253d/attachment-0001.html>

More information about the cairo-bugs mailing list