Bug 572676 - [abrt] crash in evince-2.28.2-1.fc12: Process /usr/bin/evince was killed by signal 8 (SIGFPE)
Summary: [abrt] crash in evince-2.28.2-1.fc12: Process /usr/bin/evince was killed by s...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: cairo
Version: 12
Hardware: i686
OS: Linux
low
medium
Target Milestone: ---
Assignee: Benjamin Otte
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:6c775280cbedd6427da8a22b4ba...
: 557388 591621 591623 629146 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-03-11 20:19 UTC by Jérôme Audu
Modified: 2010-09-11 03:32 UTC (History)
8 users (show)

Fixed In Version: cairo-1.10.0-1.fc14
Clone Of:
Environment:
Last Closed: 2010-09-11 03:32:01 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: backtrace (68.35 KB, text/plain)
2010-03-11 20:19 UTC, Jérôme Audu
no flags Details
This patch add some check for NULL size of cairo_image_surface_t *src (428 bytes, patch)
2010-03-19 15:34 UTC, Jérôme Audu
no flags Details | Diff

Description Jérôme Audu 2010-03-11 20:19:20 UTC
abrt 1.0.8 detected a crash.

architecture: i686
Attached file: backtrace
cmdline: evince LDDE_Training-2.3_2010.pdf
component: evince
executable: /usr/bin/evince
kernel: 2.6.32.9-70.fc12.i686
package: evince-2.28.2-1.fc12
rating: 4
reason: Process /usr/bin/evince was killed by signal 8 (SIGFPE)
release: Fedora release 12 (Constantine)

comment
-----
Here the "core" file generated during my session (45Mb)
http://jau.free.fr/core.3669

I tried to debug evince (with debuginfo) and I cannot really say where is the issue:
pixman or cairo ? the error is raise in pixman (probably a % by 0) 
*coord = MOD (*coord, size);  - see thread 1 / #0 entry (pixman-bits-image.c)
but maybe cairo ask something wrong to pixman... 
I've try to upgrade to the latest pixman-0.17.10-1 & cairo-1.8.10-1 (from koji & rebuild for F12)
but it doesn't improve (same error at same place)
I also try to open this PDF from F13alpha using evince, and same crash at same place.
I have no problem to use this PDF using evince on CentOS-5.4 !

The only workarround I have now is to upgrade to cairo-1.9.6 (on F12)
=> no crash, no error...
And I don't see (yet) any bad artefact due to cairo-1.9.6 usage on the desktop.

The PDF was generated using OOo 2.3 / Impress (PDF v1.4)

How to reproduce
-----
1. Open a specific PDF (sorry, I cannot share this one...) using evince
2. scroll up/down from page 14 to page 13 
3. crash evince: Floating point exception (core dumped)

Comment 1 Jérôme Audu 2010-03-11 20:19:23 UTC
Created attachment 399441 [details]
File: backtrace

Comment 2 Jérôme Audu 2010-03-18 19:35:40 UTC
Error seem due to (bad ?) usage of SSE in pixmap implementation.
I've also use "valgrind evince ./LDDE_Training-2.3_2010.pdf" to check
error, but, he never crash !! 
=> that's why I think that an SSE issue (I'm not sure but I 
don't think valgrind emulate SSE)

Comment 3 Søren Sandmann Pedersen 2010-03-18 20:45:36 UTC
Seems similar to 

   https://bugs.freedesktop.org/show_bug.cgi?id=24693

Comment 4 Jérôme Audu 2010-03-19 15:28:24 UTC
(In reply to comment #3)
> Seems similar to 
> 
>    https://bugs.freedesktop.org/show_bug.cgi?id=24693    


Thanks for the link.
It's clearly the same problem I have.

Finally,  I added one check into "cairo" to 
avoid the calling pixmap when src->width & src->height is NULL

It fix my issue with my PDF (and also for the PDF in freedesktop bugzilla)

Comment 5 Jérôme Audu 2010-03-19 15:34:21 UTC
Created attachment 401271 [details]
This patch add some check for NULL size of cairo_image_surface_t *src

Comment 6 Jérôme Audu 2010-03-19 16:45:21 UTC
(In reply to comment #5)
> Created an attachment (id=401271) [details]
> This patch add some check for NULL size of cairo_image_surface_t *src    

Then clean way is probably to check this in _cairo_surface_clone_similar(..., cairo_surface_t **clone_out) - cairo-surface.c

!(*clone_out->width) &&  !(*clone_out->heigth)

But, I think it's better to ask to "cairo" developer to avoid breaking something.

Comment 7 Marek Kašík 2010-04-16 13:24:43 UTC
Hi Audu,

I'm confirming that the cairo upstream patch from the bug #24693 fixes this crash. I'm reassigning this to cairo.

Thank you for your informations

Marek

Comment 8 Marek Kašík 2010-04-16 13:35:17 UTC
*** Bug 557388 has been marked as a duplicate of this bug. ***

Comment 9 Marek Kašík 2010-05-13 08:51:19 UTC
*** Bug 591621 has been marked as a duplicate of this bug. ***

Comment 10 Marek Kašík 2010-05-13 08:51:28 UTC
*** Bug 591623 has been marked as a duplicate of this bug. ***

Comment 11 Fedora Admin XMLRPC Client 2010-06-17 15:24:05 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 12 Fedora Update System 2010-09-08 00:07:45 UTC
cairo-1.10.0-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/cairo-1.10.0-1.fc14

Comment 13 Fedora Update System 2010-09-08 03:17:51 UTC
cairo-1.10.0-1.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update cairo'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/cairo-1.10.0-1.fc14

Comment 14 Benjamin Otte 2010-09-08 14:14:34 UTC
*** Bug 629146 has been marked as a duplicate of this bug. ***

Comment 15 Fedora Update System 2010-09-11 03:31:38 UTC
cairo-1.10.0-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.