registry team mailing list archive

Thread
Date
[Bug 83744] Re: [apport] evolution crashed with SIGSEGV during print

To: registry@xxxxxxxxxxxxxxxxxxx
From: Bug Watch Updater <83744@xxxxxxxxxxxxxxxxxx>
Date: Mon, 13 Sep 2010 17:58:08 -0000
Reply-to: Bug 83744 <83744@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Launchpad has imported 4 comments from the remote bug at
http://bugs.freedesktop.org/show_bug.cgi?id=9906.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2007-02-07T12:32:45+00:00 Sebastien Bacher wrote:

That bug has been opened on https://launchpad.net/bugs/83744

"Binary package hint: evolution

When I select to print a message, Evolution crashes. I just can see the printing dialog to appear.
...
"

Debug backtrace for the crash:

711         cairo_matrix_transform_point (&gstate->target->device_transform_inverse, x, y);
(gdb) bt full
#0  0xb75e53bd in _cairo_gstate_backend_to_user (gstate=0x0, x=0xbfc9e508, y=0xbfc9e500)
    at /build/buildd/libcairo-1.3.12/src/cairo-gstate.c:711
No locals.
#1  0xb75ddd38 in *INT_cairo_get_current_point (cr=0x87c7dc0, x_ret=0x85238b8, y_ret=0x85238c0)
    at /build/buildd/libcairo-1.3.12/src/cairo.c:2828
        status = <value optimized out>
        x_fixed = 31928960
        y_fixed = 52340096
        x = 487.197265625
        y = 798.646484375
#2  0xb7684dab in _pango_cairo_do_glyph_string (cr=0x87c7dc0, font=0x85d2348, glyphs=0x8885120, do_path=0)
    at /build/buildd/pango1.0-1.15.5/./pango/pangocairo-render.c:482
        free_renderer = <value optimized out>
        crenderer = (PangoCairoRenderer *) 0x8523890
#3  0xb74cc060 in draw_glyphs (painter=0x88021f0, x=5648, y=11280, item=0x879b8a0, glyphs=0x8885120, fg=0x0, bg=0x0)
    at htmlprinter.c:632
        printer = (HTMLPrinter *) 0x88021f0
        print_x = 23.515625
        print_y = 11.015625
        log_rect = {x = 0, y = -11264, width = 439296, height = 14336}
        properties = {underline = 0, strikethrough = 0, fg_color = 0xb1e5663c, bg_color = 0x0}
        cr = (cairo_t *) 0x87c7dc0
#4  0xb74c9229 in html_painter_draw_glyphs (painter=0x88021f0, x=5648, y=11280, item=0x879b8a0, glyphs=0x8885120, fg=0x0, 
    bg=0x0) at htmlpainter.c:637
No locals.
#5  0xb74e0b2d in draw (o=0x87b6d00, p=0x88021f0, x=-528, y=5104, width=525594, height=799744, tx=5648, ty=16)
    at htmltextslave.c:789
        owner = (HTMLText *) 0xb1e4d8a0
        paint = {x = 0, y = 5104, width = 439296, height = 9232}
#6  0xb74c4172 in html_object_draw (o=0x87b6d00, p=0x88021f0, x=-528, y=5104, width=525594, height=799744, tx=5648, ty=16)
    at htmlobject.c:1042
No locals.
#7  0xb74911b6 in draw (o=0xb1e4d7c8, p=0x88021f0, x=-528, y=1473520, width=525594, height=799744, tx=5648, ty=-1468400)
    at htmlclue.c:268
        obj = (HTMLObject *) 0x87b6d00
#8  0xb74950f1 in draw (self=0xb1e4d7c8, painter=0x88021f0, x=-528, y=1473520, width=525594, height=799744, tx=5648, 
    ty=-1468400) at htmlclueflow.c:1371
No locals.
#9  0xb74c4172 in html_object_draw (o=0xb1e4d7c8, p=0x88021f0, x=-528, y=1473520, width=525594, height=799744, tx=5648, 
    ty=-1468400) at htmlobject.c:1042
No locals.
#10 0xb74911b6 in draw (o=0xb1e41300, p=0x88021f0, x=-528, y=1473520, width=525594, height=799744, tx=5648, ty=-1468400)
    at htmlclue.c:268
        obj = (HTMLObject *) 0xb1e4d7c8
...

from gdb on the frame 1:

(gdb) p *cr
$1 = {ref_count = 1, status = CAIRO_STATUS_INVALID_RESTORE, path = {op_buf_head = 0x886f9f0, op_buf_tail = 0x886f9f0, 
    arg_buf_head = 0x888e598, arg_buf_tail = 0x888e598, last_move_point = {x = 31928960, y = 52340096}, current_point = {
      x = 31928960, y = 52340096}, has_current_point = 1, has_curve_to = 0}, gstate = 0x0}

Reply at: https://bugs.launchpad.net/libcairo/+bug/83744/comments/2

------------------------------------------------------------------------
On 2007-02-15T16:55:47+00:00 Carl Worth wrote:

(In reply to comment #0)
> (gdb) p *cr
> $1 = {ref_count = 1, status = CAIRO_STATUS_INVALID_RESTORE, path = {op_buf_head
> = 0x886f9f0, op_buf_tail = 0x886f9f0, 
>     arg_buf_head = 0x888e598, arg_buf_tail = 0x888e598, last_move_point = {x =
> 31928960, y = 52340096}, current_point = {
>       x = 31928960, y = 52340096}, has_current_point = 1, has_curve_to = 0},
> gstate = 0x0}

This part is very interesting. If you've hit an INVALID_RESTORE case
then cairo_t should shut down and you shouldn't be able to get it to do
anything after that anymore, (and especially not crash).

Could you break on _cairo_error which should show you where the
INVALID_RESTORE is first happening, and then step through to see how
you're getting from there to the crash?

Thanks,

-Carl

Reply at: https://bugs.launchpad.net/libcairo/+bug/83744/comments/8

------------------------------------------------------------------------
On 2007-03-02T03:53:59+00:00 Carl Worth wrote:

(In reply to comment #1)
> Could you break on _cairo_error which should show you where the INVALID_RESTORE
> is first happening, and then step through to see how you're getting from there
> to the crash?

Oh, never mind. It's clear enough from the existing backtrace already.
Any INVALID_RESTORE condition was leaving a NULL gstate and almost any
cairo_get_* call would dererference that and trigger the crash.

I augmented cairo's test suite to exercise the crash, then I fixed the
bug.

You can see the commit I just pushed out here:

http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=6da7f140334835be9a972db75de78d99b8bd24b1

This is currently available in cairo 1.3.15 as made available in git,
and will be pushed out very shortly in the cairo 1.4 release.

Meanwhile, there's still a bug in evolution somewhere that's leading to
the INVALID_RESTORE in the first place, (that is, calling cairo_restore
without a matching call to cairo_save). This fix will prevent the crash,
and will instead replace it with cairo simply refusing to draw anything
after the invalid restore state. So you'll still want to fix that.

-Carl

Reply at: https://bugs.launchpad.net/libcairo/+bug/83744/comments/11

------------------------------------------------------------------------
On 2007-03-02T06:42:39+00:00 Sebastien Bacher wrote:

Thank you for fixing the bug Carl. I didn't update the bug with the
informations you asked for because the Ubuntu bug submitter didn't reply
to that question, he updated the bug to say it works fine for him now
though which means the evolution hackers probably also fixed their part
of the bug

Reply at: https://bugs.launchpad.net/libcairo/+bug/83744/comments/12


** Changed in: libcairo
   Importance: Unknown => Critical

-- 
[apport] evolution crashed with SIGSEGV during print
https://bugs.launchpad.net/bugs/83744
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for libcairo.