<html>
    <head>
      <base href="https://bugs.freedesktop.org/">
    </head>
    <body>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - evince abrt on a double free in cairo_truetype_font_destroy"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=102922#c1">Comment # 1</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - evince abrt on a double free in cairo_truetype_font_destroy"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=102922">bug 102922</a>
              from <span class="vcard"><a class="email" href="mailto:seb128@ubuntu.com" title="Sebastien Bacher <seb128@ubuntu.com>"> <span class="fn">Sebastien Bacher</span></a>
</span></b>
        <pre>valgrind reports an invalid read error

==7173== Invalid write of size 8
==7173==    at 0x6C86FD7: cairo_truetype_font_write_glyf_table
(cairo-truetype-subset.c:690)
==7173==    by 0x6C8858B: cairo_truetype_font_generate
(cairo-truetype-subset.c:978)
==7173==    by 0x6C8858B: cairo_truetype_subset_init_internal
(cairo-truetype-subset.c:1146)
==7173==    by 0x6CC637A: _cairo_pdf_surface_emit_truetype_font_subset
(cairo-pdf-surface.c:5436)
==7173==    by 0x6CC637A: _cairo_pdf_surface_emit_unscaled_font_subset
(cairo-pdf-surface.c:5910)
==7173==    by 0x6C84CE0: _cairo_sub_font_collect
(cairo-scaled-font-subsets.c:746)
==7173==    by 0x6C84CE0: _cairo_scaled_font_subsets_foreach_internal
(cairo-scaled-font-subsets.c:1067)
==7173==    by 0x6CC20D7: _cairo_pdf_surface_emit_font_subsets
(cairo-pdf-surface.c:5956)
==7173==    by 0x6CC20D7: _cairo_pdf_surface_finish (cairo-pdf-surface.c:2031)
==7173==    by 0x6C68EC5: _cairo_surface_finish (cairo-surface.c:1033)
==7173==    by 0x6C69AD6: cairo_surface_finish (cairo-surface.c:1080)
==7173==    by 0x6C3DC8E: _cairo_paginated_surface_finish
(cairo-paginated-surface.c:213)
==7173==    by 0x6C68EC5: _cairo_surface_finish (cairo-surface.c:1033)
==7173==    by 0x6C69AD6: cairo_surface_finish (cairo-surface.c:1080)
==7173==    by 0x5B0DB16: unix_end_run (gtkprintoperation-unix.c:373)
==7173==    by 0x59DF5F7: print_pages_idle (gtkprintoperation.c:2935)
==7173==    by 0x6097B8F: gdk_threads_dispatch (gdk.c:743)
==7173==    by 0x776ADE4: g_main_context_dispatch (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==7173==    by 0x776B1AF: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==7173==    by 0x776B23B: g_main_context_iteration (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==7173==    by 0x6FAEBEC: g_application_run (in
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.5400.0)
==7173==    by 0x127C97: main (main.c:316)
==7173==  Address 0x166d0558 is 8 bytes after a block of size 160 alloc'd
==7173==    at 0x4C31B25: calloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7173==    by 0x6C87FAF: _cairo_truetype_font_create
(cairo-truetype-subset.c:205)
==7173==    by 0x6C87FAF: cairo_truetype_subset_init_internal
(cairo-truetype-subset.c:1134)
==7173==    by 0x6CC637A: _cairo_pdf_surface_emit_truetype_font_subset
(cairo-pdf-surface.c:5436)
==7173==    by 0x6CC637A: _cairo_pdf_surface_emit_unscaled_font_subset
(cairo-pdf-surface.c:5910)
==7173==    by 0x6C84CE0: _cairo_sub_font_collect
(cairo-scaled-font-subsets.c:746)
==7173==    by 0x6C84CE0: _cairo_scaled_font_subsets_foreach_internal
(cairo-scaled-font-subsets.c:1067)
==7173==    by 0x6CC20D7: _cairo_pdf_surface_emit_font_subsets
(cairo-pdf-surface.c:5956)
==7173==    by 0x6CC20D7: _cairo_pdf_surface_finish (cairo-pdf-surface.c:2031)
==7173==    by 0x6C68EC5: _cairo_surface_finish (cairo-surface.c:1033)
==7173==    by 0x6C69AD6: cairo_surface_finish (cairo-surface.c:1080)
==7173==    by 0x6C3DC8E: _cairo_paginated_surface_finish
(cairo-paginated-surface.c:213)
==7173==    by 0x6C68EC5: _cairo_surface_finish (cairo-surface.c:1033)
==7173==    by 0x6C69AD6: cairo_surface_finish (cairo-surface.c:1080)
==7173==    by 0x5B0DB16: unix_end_run (gtkprintoperation-unix.c:373)
==7173==    by 0x59DF5F7: print_pages_idle (gtkprintoperation.c:2935)
==7173==    by 0x6097B8F: gdk_threads_dispatch (gdk.c:743)
==7173==    by 0x776ADE4: g_main_context_dispatch (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==7173==    by 0x776B1AF: ??? (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==7173==    by 0x776B23B: g_main_context_iteration (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.5400.0)
==7173==    by 0x6FAEBEC: g_application_run (in
/usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.5400.0)
==7173==    by 0x127C97: main (main.c:316)

let me know if you need more debug info</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the QA Contact for the bug.</li>
      </ul>
    </body>
</html>