registry team mailing list archive
-
registry team
-
Mailing list archive
-
Message #14929
[Bug 256508] Re: nautilus crashed with SIGSEGV in cairo_surface_get_font_options()
Launchpad has imported 4 comments from the remote bug at
http://bugs.freedesktop.org/show_bug.cgi?id=17096.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
------------------------------------------------------------------------
On 2008-08-12T13:05:19+00:00 Pedro Villavicencio wrote:
this report has been filed here:
https://bugs.edge.launchpad.net/ubuntu/+source/cairo/+bug/256508
".
Thread 3 (process 7638):
#0 0xb8092424 in __kernel_vsyscall ()
#1 0xb73a3392 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2 0xb772913d in g_cond_timed_wait_posix_impl (cond=0x8d365b0, entered_mutex=0x80, abs_time=0x7)
at /build/buildd/glib2.0-2.17.6/gthread/gthread-posix.c:242
result = <value optimized out>
end_time = {tv_sec = 1218329403, tv_nsec = 179362000}
timed_out = <value optimized out>
__PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl"
#3 0xb75d21f9 in g_async_queue_pop_intern_unlocked (queue=0x8885600, try=<value optimized out>,
end_time=0xb6926324) at /build/buildd/glib2.0-2.17.6/glib/gasyncqueue.c:365
retval = <value optimized out>
__PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked"
#4 0xb75d22f7 in IA__g_async_queue_timed_pop (queue=0x8885600, end_time=0xb6926324)
at /build/buildd/glib2.0-2.17.6/glib/gasyncqueue.c:491
retval = <value optimized out>
__PRETTY_FUNCTION__ = "IA__g_async_queue_timed_pop"
#5 0xb7624953 in g_thread_pool_thread_proxy (data=0x88c5620)
at /build/buildd/glib2.0-2.17.6/glib/gthreadpool.c:121
task = <value optimized out>
pool = (GRealThreadPool *) 0x0
#6 0xb762334f in g_thread_create_proxy (data=0x88c5698) at /build/buildd/glib2.0-2.17.6/glib/gthread.c:635
__PRETTY_FUNCTION__ = "g_thread_create_proxy"
#7 0xb739f4ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#8 0xb731c64e in clone () from /lib/tls/i686/cmov/libc.so.6
.
Thread 2 (process 7637):
#0 0xb8092424 in __kernel_vsyscall ()
#1 0xb7311de7 in poll () from /lib/tls/i686/cmov/libc.so.6
#2 0xb75fbd12 in g_main_context_iterate (context=0x8884d90, block=1, dispatch=1, self=0x8855408)
at /build/buildd/glib2.0-2.17.6/glib/gmain.c:3033
max_priority = 2147483647
timeout = 500
some_ready = <value optimized out>
nfds = 16
allocated_nfds = <value optimized out>
fds = (GPollFD *) 0x8acdde8
__PRETTY_FUNCTION__ = "g_main_context_iterate"
#3 0xb75fc3a2 in IA__g_main_loop_run (loop=0x88e1278) at /build/buildd/glib2.0-2.17.6/glib/gmain.c:2928
self = (GThread *) 0x8855408
__PRETTY_FUNCTION__ = "IA__g_main_loop_run"
#4 0xb7a17ce9 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#5 0x080803ab in main (argc=5, argv=0xbfcae824) at nautilus-main.c:581
kill_shell = 0
restart_shell = 0
no_default_window = 0
browser_window = 0
no_desktop = 0
autostart_mode = 0
startup_id = <value optimized out>
autostart_id = <value optimized out>
startup_id_copy = 0x88a4b48 "My Book.volume"
session_to_load = 0x0
geometry = (gchar *) 0x0
remaining = (const gchar **) 0x0
perform_self_check = 0
context = <value optimized out>
application = (NautilusApplication *) 0x8881850
program = (GnomeProgram *) 0x8868858
options = {{long_name = 0x8161b5c "check", short_name = 99 'c', flags = 0, arg = G_OPTION_ARG_NONE,
arg_data = 0xbfcae6f0, description = 0x8161bcc "Perform a quick set of self-check tests.",
arg_description = 0x0}, {long_name = 0x81657cf "geometry", short_name = 103 'g', flags = 0,
arg = G_OPTION_ARG_STRING, arg_data = 0xbfcae6f8,
description = 0x8161bf8 "Create the initial window with the given geometry.",
arg_description = 0x81619e9 "GEOMETRY"}, {long_name = 0x81619f2 "no-default-window",
short_name = 110 'n', flags = 0, arg = G_OPTION_ARG_NONE, arg_data = 0xbfcae708,
description = 0x8161c2c "Only create windows for explicitly specified URIs.", arg_description = 0x0}, {
long_name = 0x8161a04 "no-desktop", short_name = 0 '\0', flags = 0, arg = G_OPTION_ARG_NONE,
arg_data = 0xbfcae700,
description = 0x8161c60 "Do not manage the desktop (ignore the preference set in the preferences dialog).", arg_description = 0x0}, {long_name = 0x81648fe "browser", short_name = 0 '\0', flags = 0,
arg = G_OPTION_ARG_NONE, arg_data = 0xbfcae704, description = 0x8161a0f "open a browser window.",
arg_description = 0x0}, {long_name = 0x8161b64 "quit", short_name = 113 'q', flags = 0,
arg = G_OPTION_ARG_NONE, arg_data = 0xbfcae710, description = 0x8161a26 "Quit Nautilus.",
arg_description = 0x0}, {long_name = 0x8161b6b "restart", short_name = 0 '\0', flags = 1,
arg = G_OPTION_ARG_NONE, arg_data = 0xbfcae70c, description = 0x8161a35 "Restart Nautilus.",
arg_description = 0x0}, {long_name = 0x8166ae8 "", short_name = 0 '\0', flags = 0,
arg = G_OPTION_ARG_STRING_ARRAY, arg_data = 0xbfcae6f4, description = 0x0,
arg_description = 0x8161a47 "[URI...]"}, {long_name = 0x815e000 "load-session", short_name = 108 'l',
flags = 0, arg = G_OPTION_ARG_STRING, arg_data = 0xbfcae6fc,
description = 0x8161cb4 "Load a saved session from the specified file. Implies \"--no-default-window\".",
arg_description = 0x8161a50 "FILENAME"}, {long_name = 0x0, short_name = 0 '\0', flags = 0,
arg = G_OPTION_ARG_NONE, arg_data = 0x0, description = 0x0, arg_description = 0x0}}
.
Thread 1 (process 7671):
#0 *INT_cairo_surface_get_font_options (surface=0xb78086a0, options=0x9688e80)
at /build/buildd/cairo-1.6.4/src/cairo-surface.c:633
No locals.
#1 0xb7228c00 in _pango_cairo_update_context (cr=0x8e36808, context=0x8dd3cf0)
at /build/buildd/pango1.0-1.21.3/pango/pangocairo-context.c:104
info = (PangoCairoContextInfo *) 0x98c9840
cairo_matrix = {xx = -1.667335739498894e-41, yx = 2.6629322274470552e-267,
xy = -4.2458933122252789e-43, yy = 5.6672479863462401e-266, x0 = -4.1600285101525437e-43,
y0 = 1.4580379106921624e-267}
target = (cairo_surface_t *) 0xb78086a0
pango_matrix = {xx = -9.9323417509544179e-42, xy = 1.4580379094910454e-267,
yx = -8.8070004422276986e-42, yy = 2.1927140174974026e-314, x0 = -1.6658621865824984e-41,
y0 = 5.6672479902668967e-266}
current_matrix = <value optimized out>
merged_options = <value optimized out>
old_merged_options = <value optimized out>
changed = <value optimized out>
identity_matrix = {xx = 1, xy = 0, yx = 0, yy = 1, x0 = 0, y0 = 0}
#2 0xb7ea4586 in rsvg_cairo_create_pango_context (ctx=0x969e878) at rsvg-cairo-draw.c:467
fontmap = <value optimized out>
context = (PangoContext *) 0x8dd3cf0
render = (RsvgCairoRender *) 0x8e9c360
#3 0xb7e9cea4 in rsvg_text_render_text (ctx=0x969e878, text=0x9568440 "", x=0xb21f0d58, y=0xb21f0d50)
at rsvg-text.c:847
context = <value optimized out>
layout = <value optimized out>
iter = <value optimized out>
state = (RsvgState *) 0x8b57bd8
w = <value optimized out>
h = 21
#4 0xb7e9d2c0 in _rsvg_node_text_type_children (self=0x97ba4f0, ctx=0x969e878, x=0xb21f0d58, y=0xb21f0d50,
lastwasspace=0xb21f0d64) at rsvg-text.c:178
str = (GString *) 0x99fc3d0
node = (RsvgNode *) 0x97ba760
i = 0
#5 0xb7e9d60c in _rsvg_node_text_draw (self=0x97ba4f0, ctx=0x969e878, dominate=0) at rsvg-text.c:253
x = 0
y = 2
lastwasspace = 1
#6 0xb7e966e1 in rsvg_node_draw (self=0x9688e80, ctx=0x969e878, dominate=0) at rsvg-structure.c:53
state = (RsvgState *) 0xb7808ff4
stacksave = (GSList *) 0x0
#7 0xb7e9693a in _rsvg_node_draw_children (self=0x97b3828, ctx=0x969e878, dominate=0) at rsvg-structure.c:69
i = 32
#8 0xb7e966e1 in rsvg_node_draw (self=0x9688e80, ctx=0x969e878, dominate=0) at rsvg-structure.c:53
state = (RsvgState *) 0xb7808ff4
stacksave = (GSList *) 0x0
#9 0xb7e9693a in _rsvg_node_draw_children (self=0x95513c8, ctx=0x969e878, dominate=0) at rsvg-structure.c:69
i = 16
#10 0xb7e966e1 in rsvg_node_draw (self=0x9688e80, ctx=0x969e878, dominate=0) at rsvg-structure.c:53
state = (RsvgState *) 0xb7808ff4
stacksave = (GSList *) 0x0
#11 0xb7e971da in rsvg_node_svg_draw (self=0x8de8e50, ctx=0x969e878, dominate=0) at rsvg-structure.c:309
state = <value optimized out>
affine = {0.99999999999998979, 0, 0, 1.0000000001779179, 0, 0}
affine_old = {0.14562002275312855, 0, 0, 0.14562002275312855, 0, 0}
affine_new = {0.14562002275312705, 0, 0, 0.14562002277903696, 0, 0}
i = 8
nx = 0
ny = 0
nw = 878.90999999999099
nh = 878.916425156375
#12 0xb7e966e1 in rsvg_node_draw (self=0x9688e80, ctx=0x969e878, dominate=0) at rsvg-structure.c:53
state = (RsvgState *) 0xb7808ff4
stacksave = (GSList *) 0x0
#13 0xb7ea4abf in rsvg_handle_render_cairo_sub (handle=0x8dd1ea0, cr=0x8e36808, id=0x0)
at rsvg-cairo-render.c:228
drawsub = (RsvgNode *) 0x8b572c8
__PRETTY_FUNCTION__ = "rsvg_handle_render_cairo_sub"
#14 0xb7ea501e in rsvg_handle_get_pixbuf_sub (handle=0x8dd1ea0, id=0x0) at rsvg.c:100
dimensions = {width = 128, height = 128, em = 879, ex = 879}
output = <value optimized out>
surface = (cairo_surface_t *) 0x90d7250
cr = (cairo_t *) 0x8e36808
rowstride = 512
__PRETTY_FUNCTION__ = "rsvg_handle_get_pixbuf_sub"
#15 0xb7ea50f5 in rsvg_handle_get_pixbuf (handle=0x8dd1ea0) at rsvg.c:133
No locals.
#16 0xb45bcaea in gdk_pixbuf__svg_image_stop_load (data=0x8e624e0, error=0xb21f11d8) at io-svg.c:154
pixbuf = <value optimized out>
#17 0xb7814467 in IA__gdk_pixbuf_loader_close (loader=0x8e35810, error=0x0)
at /build/buildd/gtk+2.0-2.13.6/gdk-pixbuf/gdk-pixbuf-loader.c:724
tmp = (GError *) 0x0
priv = (GdkPixbufLoaderPrivate *) 0x8e9bf30
retval = 1
__PRETTY_FUNCTION__ = "IA__gdk_pixbuf_loader_close"
#18 0xb7e260b8 in gnome_gdk_pixbuf_new_from_uri_at_scale (uri=0x8e0eee8 "file:///tmp/output-13437-z14.svg",
width=128, height=128, preserve_aspect_ratio=1) at gnome-vfs-util.c:231
result = GNOME_VFS_OK
buffer = ">\n <text x=\"1263.548\" y=\"981.392052543109\" k=\"name\" class=\"place-caption locality-caption\">Obernberg</text>\n <text x=\"503.789000000001\" y=\"664.527611808224\" k=\"name\" class=\"caption-cas"...
bytes_read = <value optimized out>
loader = (GdkPixbufLoader *) 0x8e35810
pixbuf = <value optimized out>
animation = <value optimized out>
iter = (GdkPixbufAnimationIter *) 0x80
info = {width = 128, height = 128, input_width = 879, input_height = 879, preserve_aspect_ratio = 1}
file = (GFile *) 0x8de8f80
file_input_stream = (GFileInputStream *) 0x8dda2f0
__PRETTY_FUNCTION__ = "gnome_gdk_pixbuf_new_from_uri_at_scale"
#19 0xb7e151dc in gnome_thumbnail_factory_generate_thumbnail (factory=0x8e03e40,
uri=0x8e0eee8 "file:///tmp/output-13437-z14.svg", mime_type=0x8e37010 "image/svg+xml")
at gnome-thumbnail.c:660
pixbuf = (GdkPixbuf *) 0x0
scaled = <value optimized out>
tmp_pixbuf = <value optimized out>
expanded_script = 0x0
width = <value optimized out>
height = <value optimized out>
size = 128
original_width = -1207245208
original_height = -1306582272
dimension = "\\ÑÜ·ô_\030\b\000\000\000"
scale = 0
exit_status = 5
tmpname = 0x8186a9c "\020Pá·Z\\\006\bj\\\006\bz\\\006\b\212\\\006\b\232\\\006\bª\\\006\b`3j·Ê\\\006\bÚ\\\006\bàÝm·ú\\\006\b\n]\006\b\032]\006\b*]\006\bàÆ¥·J]\006\bZ]\006\bÀÝ\207·P&¡·0\n\206·\232]\006\bª]\006\bº]\006\bÊ]\006\bP\026¶·ê]\006\bú]\006\b\n^\006\b\200Ð\207·*^\006\bÐÛ¶·Ð)\225·Z^\006\bàý^·\220»o·\212^\006\b\232^\006\b \207a·°g_·Ê^\006\bÐ=¶·ê^\006\bú^\006\bp\vH·"
__PRETTY_FUNCTION__ = "gnome_thumbnail_factory_generate_thumbnail"
#20 0x0814c27e in thumbnail_thread_start (data=0x0) at nautilus-thumbnails.c:981
info = (NautilusThumbnailInfo *) 0x8ddafe8
pixbuf = (GdkPixbuf *) 0x0
current_orig_mtime = 1218328193
current_time = 1218329387
__PRETTY_FUNCTION__ = "thumbnail_thread_start"
#21 0xb739f4ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#22 0xb731c64e in clone () from /lib/tls/i686/cmov/libc.so.6"
SVG file:
http://launchpadlibrarian.net/16728228/output-7043-z15.svg
Thanks,
Reply at: https://bugs.launchpad.net/libcairo/+bug/256508/comments/4
------------------------------------------------------------------------
On 2008-08-12T13:33:33+00:00 Chris Wilson wrote:
My educated guess is that 0xb78086a0 is an error surface, on which we
attempt to initialize the font_options, hence the SIGSEGV.
Can you test this? (If I am right, you still won't see the desired
result but the crash should be resolved.)
commit c73b3e43e120065e40d8fc48c9bdbd88ebe8ab40
Author: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
Date: Tue Aug 12 21:21:20 2008 +0100
[cairo-surface] Check for the error surface in _get_font_options()
cairo_surface_get_font_options() has the side effect of initialising the
font options on the surface, but fails to check that the surface is
valid first. Therefore if we are passed a read-only error object, we will
trigger a segmentation fault.
Most likely this is the bug behind:
http://bugs.freedesktop.org/show_bug.cgi?id=17096.
Reply at: https://bugs.launchpad.net/libcairo/+bug/256508/comments/5
------------------------------------------------------------------------
On 2008-09-12T15:48:57+00:00 John Clemens wrote:
Verified that the above patch fixed the problem in that it at least
prevents the segfault and the thumbnail even works.
Verified by compiling the cairo from the commit just before this one,
and then running firefox with the compiled library LD_LIBRARY_PATH'd in.
doing File->Open File, and navigating to the directory with the bad
file. With the commit before this, firefox crashes.. with this fix, it
works.
So, this fixes the bug in cairo, but should error surfaces be getting
down this far? i.e., does this point to another bug in librsvg or pango?
Thanks for the fix.
Reply at: https://bugs.launchpad.net/libcairo/+bug/256508/comments/9
------------------------------------------------------------------------
On 2008-10-10T11:06:00+00:00 Chris Wilson wrote:
Given the identification that it was indeed an error surface that we
tried to write to, it is indicative that the caller could check for an
error early (if they so desire) although they are free to just check for
any errors after all the operations are completion.
Reply at: https://bugs.launchpad.net/libcairo/+bug/256508/comments/13
** Changed in: libcairo
Importance: Unknown => Medium
--
nautilus crashed with SIGSEGV in cairo_surface_get_font_options()
https://bugs.launchpad.net/bugs/256508
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for libcairo.
