[prev in list] [next in list] [prev in thread] [next in thread]
List: cairo-bugs
Subject: [cairo-bugs] [Bug 89521] New: segmentation fault during poppler_page_render (crashes inside _fill_xr
From: bugzilla-daemon () freedesktop ! org
Date: 2015-03-10 18:25:28
Message-ID: bug-89521-4039 () http ! bugs ! freedesktop ! org/
[Download RAW message or body]
--1426011929.3e8b70E210.4873
Date: Tue, 10 Mar 2015 18:25:29 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
https://bugs.freedesktop.org/show_bug.cgi?id=89521
Bug ID: 89521
Summary: segmentation fault during poppler_page_render (crashes
inside _fill_xrgb32_lerp_opaque_spans)
Product: cairo
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: medium
Component: general
Assignee: chris@chris-wilson.co.uk
Reporter: draymond@foxvalley.net
QA Contact: cairo-bugs@cairographics.org
Created attachment 114208
--> https://bugs.freedesktop.org/attachment.cgi?id=114208&action=edit
(PDF file used in the test code that triggers the crash)
(this is using cairo 1.14.0 and poppler 0.32.0)
I've created a minimal test case that reliably reproduces the crash. It
crashes on both Windows and OS X. However, on Windows it crashes at
window size (1202, 931) while on OS X it crashes at window size
(1207,932). It also seems to be data related because the test PDF has
two pages and it only crashes when rendering page 2.
The test PDF is attached. Here is the test code:
#include <poppler.h>
#include <stdio.h> // printf()
int main(int argc, char **argv)
{
PopplerDocument *doc;
PopplerPage *page;
cairo_surface_t *surface;
cairo_t *cr;
double x_points, y_points; // measured in points which are
1/72 inch
double pdf_width, pdf_height; // measured in pixels
double window_width, window_height; // measured in pixels
int fit_width;
double scale_factor;
double x_padding;
double y_padding;
#ifdef __APPLE__
doc =
poppler_document_new_from_file("file:///Users/draymond/crash/test.pdf",
NULL, NULL);
#else
doc = poppler_document_new_from_file("file:///C:/crash/test.pdf",
NULL, NULL);
#endif
page = poppler_document_get_page(doc, 1); // does not crash
rendering page 0
for (window_width = 1200; window_width <= 1210; window_width++)
{
for (window_height = 930; window_height <= 940; window_height++)
{
printf("(%f, %f)\n", window_width, window_height);
poppler_page_get_size(page, &x_points, &y_points); // 792, 612
fit_width = (window_width / window_height) < (x_points /
y_points);
scale_factor = fit_width ? (window_width / x_points) :
(window_height / y_points);
pdf_width = x_points * scale_factor;
pdf_height = y_points * scale_factor;
x_padding = fit_width ? 0 : ((window_width - pdf_width) / 2);
y_padding = fit_width ? ((window_height - pdf_height) / 2) : 0;
surface = cairo_image_surface_create(CAIRO_FORMAT_ARGB32,
window_width, window_height);
cr = cairo_create(surface);
cairo_translate(cr, x_padding, y_padding);
cairo_scale(cr, scale_factor, scale_factor);
poppler_page_render(page, cr);
cairo_destroy(cr);
cairo_surface_destroy(surface);
}
}
printf("success\n");
g_object_unref(page);
g_object_unref(doc);
}
--
You are receiving this mail because:
You are the QA Contact for the bug.
--1426011929.3e8b70E210.4873
Date: Tue, 10 Mar 2015 18:25:29 +0000
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
<html>
<head>
<base href="https://bugs.freedesktop.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - segmentation fault during poppler_page_render (crashes inside \
_fill_xrgb32_lerp_opaque_spans)" \
href="https://bugs.freedesktop.org/show_bug.cgi?id=89521">89521</a> </td>
</tr>
<tr>
<th>Summary</th>
<td>segmentation fault during poppler_page_render (crashes inside \
_fill_xrgb32_lerp_opaque_spans) </td>
</tr>
<tr>
<th>Product</th>
<td>cairo
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>critical
</td>
</tr>
<tr>
<th>Priority</th>
<td>medium
</td>
</tr>
<tr>
<th>Component</th>
<td>general
</td>
</tr>
<tr>
<th>Assignee</th>
<td>chris@chris-wilson.co.uk
</td>
</tr>
<tr>
<th>Reporter</th>
<td>draymond@foxvalley.net
</td>
</tr>
<tr>
<th>QA Contact</th>
<td>cairo-bugs@cairographics.org
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=114208" \
name="attach_114208" title="(PDF file used in the test code that triggers the \
crash)">attachment 114208</a> <a href="attachment.cgi?id=114208&action=edit" \
title="(PDF file used in the test code that triggers the crash)">[details]</a></span> \
(PDF file used in the test code that triggers the crash)
(this is using cairo 1.14.0 and poppler 0.32.0)
I've created a minimal test case that reliably reproduces the crash. It
crashes on both Windows and OS X. However, on Windows it crashes at
window size (1202, 931) while on OS X it crashes at window size
(1207,932). It also seems to be data related because the test PDF has
two pages and it only crashes when rendering page 2.
The test PDF is attached. Here is the test code:
#include <poppler.h>
#include <stdio.h> // printf()
int main(int argc, char **argv)
{
PopplerDocument *doc;
PopplerPage *page;
cairo_surface_t *surface;
cairo_t *cr;
double x_points, y_points; // measured in points which are
1/72 inch
double pdf_width, pdf_height; // measured in pixels
double window_width, window_height; // measured in pixels
int fit_width;
double scale_factor;
double x_padding;
double y_padding;
#ifdef __APPLE__
doc =
poppler_document_new_from_file("file:///Users/draymond/crash/test.pdf",
NULL, NULL);
#else
doc = poppler_document_new_from_file("file:///C:/crash/test.pdf",
NULL, NULL);
#endif
page = poppler_document_get_page(doc, 1); // does not crash
rendering page 0
for (window_width = 1200; window_width <= 1210; window_width++)
{
for (window_height = 930; window_height <= 940; window_height++)
{
printf("(%f, %f)\n", window_width, window_height);
poppler_page_get_size(page, &x_points, &y_points); // 792, 612
fit_width = (window_width / window_height) < (x_points /
y_points);
scale_factor = fit_width ? (window_width / x_points) :
(window_height / y_points);
pdf_width = x_points * scale_factor;
pdf_height = y_points * scale_factor;
x_padding = fit_width ? 0 : ((window_width - pdf_width) / 2);
y_padding = fit_width ? ((window_height - pdf_height) / 2) : 0;
surface = cairo_image_surface_create(CAIRO_FORMAT_ARGB32,
window_width, window_height);
cr = cairo_create(surface);
cairo_translate(cr, x_padding, y_padding);
cairo_scale(cr, scale_factor, scale_factor);
poppler_page_render(page, cr);
cairo_destroy(cr);
cairo_surface_destroy(surface);
}
}
printf("success\n");
g_object_unref(page);
g_object_unref(doc);
}</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the QA Contact for the bug.</li>
</ul>
</body>
</html>
--1426011929.3e8b70E210.4873--
[Attachment #3 (text/plain)]
_______________________________________________
cairo-bugs mailing list
cairo-bugs@lists.cairographics.org
http://lists.cairographics.org/mailman/listinfo/cairo-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic