80320 – Reproducible crash on test file

Bug 80320 - Reproducible crash on test file

Summary: Reproducible crash on test file

Status:	RESOLVED FIXED

Alias:	None

Product:	ksvg
Classification:	Miscellaneous
Component:	general (show other bugs)
Version:	unspecified
Platform:	Debian testing Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Rob Buis

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-04-25 18:05 UTC by Dominique Devriese
Modified:	2004-07-30 17:31 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
A file causing the crash. (5.90 KB, image/svg+xml) 2004-04-25 18:07 UTC, Dominique Devriese	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Dominique Devriese 2004-04-25 18:05:21 UTC

Version:            (using KDE KDE 3.2.2)
Installed from:    Debian testing/unstable Packages

The svgdisplay program reproducibly crashes on the attached SVG file.  It first starts rendering some things, you see some coloured polygons appear, and then it crashes with a SIGSEGV.  I'm also attaching the backtrace, and some possibly useful debugger output I got.

Comment 1 Dominique Devriese 2004-04-25 18:07:53 UTC

Created attachment 5780 [details]
A file causing the crash.

Comment 2 Dominique Devriese 2004-04-25 18:08:35 UTC

Note: this is a forward of the following Debian bug report:
http://bugs.kde.org/245494

Comment 3 Dominique Devriese 2004-04-25 18:09:33 UTC

Here's the backtrace ( I'm running debian packages built with debugging support. )

Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 1105715584 (LWP 19287)]
0x419a73ee in __waitpid_nocancel () from /lib/tls/libpthread.so.0
#0  0x419a73ee in __waitpid_nocancel () from /lib/tls/libpthread.so.0
#1  0x4106be20 in KCrash::defaultCrashHandler () from /usr/lib/libkdecore.so.4
#2  <signal handler called>
#3  0x41aa24fd in FT_Outline_Decompose () from /usr/lib/libfreetype.so.6
#4  0x4046a814 in T2P::Converter::calcGlyph (this=0x814ea30, params=0x823eab0, 
    affine=@0xbfffd710, onlyLatin=true) at Converter.cpp:230
#5  0x40469f94 in T2P::Converter::requestGlyph (this=0x814ea30, 
    params=0x823eab0, bbox=@0xbfffd6d0, affine=@0xbfffd710, onlyLatin=true)
    at Converter.cpp:124
#6  0x4046b462 in T2P::Converter::calcString (this=0x814ea30, font=0x823e6e8, 
    text=0x823ea38, length=12, affine=@0xbfffd930, params=0x823ea08, bpath=0x0)
    at Converter.cpp:359
#7  0x403645bd in KSVG::CanvasText::createGlyphs (this=0x823e7e0, 
    textChunk=0x823e620, canvas=0x814e830, screenCTM=0x823f128, curx=319, 
    cury=260, endx=@0xbfffdab8, endy=@0xbfffdab4, bpath=0x0)
    at ../../../ksvg/core/CanvasItems.cpp:389
#8  0x4219bafd in KSVG::LibartText::init (this=0x823e7e0, screenCTM=0x823f128)
    at LibartCanvasItems.cpp:1645
#9  0x4219b5f5 in KSVG::LibartText::init (this=0x823e7e0)
    at LibartCanvasItems.cpp:1585
#10 0x4219a32e in LibartText (this=0x823e7e0, c=0x814e830, text=0x823ec90)
    at LibartCanvasItems.cpp:1389
#11 0x42191df6 in KSVG::LibartCanvas::createText (this=0x814e830, 
    text=0x823ec90) at LibartCanvas.cpp:174
#12 0x4024790e in KSVG::SVGTextElementImpl::createItem (this=0x823ec90, 
    c=0x814e830) at ../../../ksvg/impl/SVGTextElementImpl.cc:81
#13 0x4035d8b9 in KSVG::InputHandler::endElement (this=0x817a358, 
    qName=@0x817c748) at ../../../ksvg/core/KSVGReader.cc:389
#14 0x416e517a in QXmlSimpleReader::processElementETagBegin2 ()
   from /usr/lib/libqt-mt.so.3
#15 0x416e44e5 in QXmlSimpleReader::parseElement () from /usr/lib/libqt-mt.so.3
#16 0x416e635e in QXmlSimpleReader::parseContent () from /usr/lib/libqt-mt.so.3
#17 0x416e491c in QXmlSimpleReader::parseElement () from /usr/lib/libqt-mt.so.3
#18 0x416e635e in QXmlSimpleReader::parseContent () from /usr/lib/libqt-mt.so.3
#19 0x416e491c in QXmlSimpleReader::parseElement () from /usr/lib/libqt-mt.so.3
#20 0x416e635e in QXmlSimpleReader::parseContent () from /usr/lib/libqt-mt.so.3
#21 0x416e491c in QXmlSimpleReader::parseElement () from /usr/lib/libqt-mt.so.3
#22 0x416e3861 in QXmlSimpleReader::parseBeginOrContinue ()
   from /usr/lib/libqt-mt.so.3
#23 0x416e36ea in QXmlSimpleReader::parse () from /usr/lib/libqt-mt.so.3
#24 0x416e359d in QXmlSimpleReader::parse () from /usr/lib/libqt-mt.so.3
#25 0x4035e6fb in KSVG::KSVGReader::parse (this=0x8179ad0, source=0x817b540)
    at ../../../ksvg/core/KSVGReader.cc:475
#26 0x4020a700 in KSVG::SVGDocumentImpl::slotSVGContent (this=0x8140050, 
    dev=0x81795d0) at ../../../ksvg/impl/SVGDocumentImpl.cc:253
#27 0x402083b3 in KSVG::SVGDocumentImpl::qt_invoke (this=0x8140050, _id=4, 
    _o=0xbfffe2d0) at SVGDocumentImpl.moc:177
#28 0x414acd0b in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#29 0x4034e22d in KSVG::KSVGLoader::gotResult (this=0x814e318, t0=0x81795d0)
    at KSVGLoader.moc:113
#30 0x4034f29a in KSVG::KSVGLoader::slotResult (this=0x814e318, job=0x814b9b0)
    at ../../../ksvg/core/KSVGLoader.cpp:138
#31 0x4034e48e in KSVG::KSVGLoader::qt_invoke (this=0x814e318, _id=3, 
    _o=0xbfffe4d0) at KSVGLoader.moc:133
#32 0x414acd0b in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#33 0x40aa8efa in KIO::Job::result () from /usr/lib/libkio.so.4
#34 0x40a939da in KIO::Job::emitResult () from /usr/lib/libkio.so.4
#35 0x40a94ede in KIO::SimpleJob::slotFinished () from /usr/lib/libkio.so.4
#36 0x40a97d6e in KIO::TransferJob::slotFinished () from /usr/lib/libkio.so.4
#37 0x40aaa6cd in KIO::TransferJob::qt_invoke () from /usr/lib/libkio.so.4
#38 0x414acd0b in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#39 0x414acbab in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#40 0x40a89c2e in KIO::SlaveInterface::finished () from /usr/lib/libkio.so.4
#41 0x40a8888b in KIO::SlaveInterface::dispatch () from /usr/lib/libkio.so.4
#42 0x40a87e89 in KIO::SlaveInterface::dispatch () from /usr/lib/libkio.so.4
#43 0x40a8591b in KIO::Slave::gotInput () from /usr/lib/libkio.so.4
#44 0x40a875d8 in KIO::Slave::qt_invoke () from /usr/lib/libkio.so.4
#45 0x414acd0b in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#46 0x414ad05e in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#47 0x417fa055 in QSocketNotifier::activated () from /usr/lib/libqt-mt.so.3
#48 0x414ccb03 in QSocketNotifier::event () from /usr/lib/libqt-mt.so.3
#49 0x41449ba3 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3
#50 0x414490db in QApplication::notify () from /usr/lib/libqt-mt.so.3
#51 0x40fe7b29 in KApplication::notify () from /usr/lib/libkdecore.so.4
#52 0x413df3d6 in QApplication::sendEvent () from /usr/lib/libqt-mt.so.3
#53 0x414382af in QEventLoop::activateSocketNotifiers ()
   from /usr/lib/libqt-mt.so.3
#54 0x413f0ea3 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3
#55 0x4145fa75 in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3
#56 0x4145f98e in QEventLoop::exec () from /usr/lib/libqt-mt.so.3
#57 0x41449d0f in QApplication::exec () from /usr/lib/libqt-mt.so.3
#58 0x0804d2de in main (argc=2, argv=0xbffff364) at svgdisplay.cc:31

Comment 4 Dominique Devriese 2004-04-25 18:10:27 UTC

And here's some possibly interesting gdb output:

(gdb) p ftOut
$1 = (FT_Outline *) 0x824b784
(gdb) p *ftOut
$2 = {n_contours = 1, n_points = 0, points = 0xb,
  tags = 0xb <Address 0xb out of bounds>,
  contours = 0x8, flags = 4}
(gdb) p m_glyphTracer
$3 = (T2P::GlyphTracerLibart *) 0x814b978
(gdb) p glyphOutline
$4 = {px = 0x824b8a8, pn = {pi_ = 0x81fc220}}
(gdb) p glyphOutline.px
$5 = (T2P::Glyph *) 0x824b8a8
(gdb) p *glyphOutline.px
$6 = {m_affine = {m_affine = {inf, 0, 0, inf, 0, 0}},
  m_ftBbox = {{xMin = 758264130, yMin = 944722761,
      xMax = 758723896, yMax = 1668296241}, {
      xMin = 2053582438, yMin = 1091844404,
      xMax = 1091839780, yMax = 339292417}, {
      xMin = 338105409, yMin = 339095873,
      xMax = 338105409, yMax = 808988993}, {
      xMin = 338105409, yMin = -191, xMax = -1,
      yMax = -1}}, m_bezierPath = 0x824b920}
(gdb) p *glyphOutline.pn
Structure has no component named operator*.
(gdb) p *glyphOutline.pn.pi_
$7 = (myboost::detail::sp_counted_base_impl<T2P::Glyph*, myboost::checked_deleter<T2P::Glyph> >) {<myboost::detail::sp_counted_base> = {
    _vptr.sp_counted_base = 0x40478260,
    use_count_ = 1, weak_count_ = 1, mtx_ = {m_ = {
        __m_reserved = 0, __m_count = 0,
        __m_owner = 0x0, __m_kind = 0, __m_lock = {
          __status = 0, __spinlock = 0}}}},
  ptr = 0x824b8a8, del = {<No data fields>}}
(gdb)
$8 = (myboost::detail::sp_counted_base_impl<T2P::Glyph*, myboost::checked_deleter<T2P::Glyph> >) {<myboost::detail::sp_counted_base> = {
    _vptr.sp_counted_base = 0x40478260,
    use_count_ = 1, weak_count_ = 1, mtx_ = {m_ = {
        __m_reserved = 0, __m_count = 0,
        __m_owner = 0x0, __m_kind = 0, __m_lock = {
          __status = 0, __spinlock = 0}}}},
  ptr = 0x824b8a8, del = {<No data fields>}}
(gdb) p glyphOutline.get()
[Switching to Thread 1105715584 (LWP 19287)]
$9 = (T2P::Glyph *) 0x824b8a8
(gdb) p *glyphOutline.get()
$10 = {m_affine = {m_affine = {inf, 0, 0, inf, 0,
      0}}, m_ftBbox = {{xMin = 758264130,
      yMin = 944722761, xMax = 758723896,
      yMax = 1668296241}, {xMin = 2053582438,
      yMin = 1091844404, xMax = 1091839780,
      yMax = 339292417}, {xMin = 338105409,
      yMin = 339095873, xMax = 338105409,
      yMax = 808988993}, {xMin = 338105409,
      yMin = -191, xMax = -1, yMax = -1}},
  m_bezierPath = 0x824b920}
(gdb) p ftOut
$11 = (FT_Outline *) 0x824b784
(gdb) p m_glyphTracer->outlineFuncs()
$12 = (FT_Outline_Funcs *) 0x81f6928
(gdb) p *m_glyphTracer->outlineFuncs()
$13 = {
  move_to = 0x421908f8 <traceMoveto(FT_Vector_*, void*)>,
  line_to = 0x42190a6e <traceLineto(FT_Vector_*, void*)>,
  conic_to = 0x42190bc8 <traceConicBezier(FT_Vector_*, FT_Vector_*, void*)>,
  cubic_to = 0x42190e3c <traceCubicBezier(FT_Vector_*, FT_Vector_*, FT_Vector_*, void*)>, shift = 0,
  delta = 0}
(gdb) p *m_glyphTracer->outlineFuncs()->move_to
$14 = {int (FT_Vector *,
    void *)} 0x421908f8 <traceMoveto(FT_Vector_*, void*)>
(gdb) p *m_glyphTracer->outlineFuncs()->line_to
$15 = {int (FT_Vector *,
    void *)} 0x42190a6e <traceLineto(FT_Vector_*, void*)>
(gdb) p *m_glyphTracer->outlineFuncs()->conic_to
$16 = {int (FT_Vector *, FT_Vector *,
    void *)} 0x42190bc8 <traceConicBezier(FT_Vector_*, FT_Vector_*, void*)>
(gdb) p *m_glyphTracer->outlineFuncs()->cubic_to
$17 = {int (FT_Vector *, FT_Vector *, FT_Vector *,
    void *)} 0x42190e3c <traceCubicBezier(FT_Vector_*, FT_Vector_*, FT_Vector_*, void*)>
(gdb) p m_glyphTracer->outlineFuncs()->delta
$18 = 0

Comment 5 Bernhard Zwischenbrugger 2004-05-04 21:45:54 UTC

White color is displayed pink.
See: http://www.khtml.org

Comment 6 Rob Buis 2004-07-30 16:03:57 UTC

Hi,

I can't see it crash, using latest cvs.
Please let me know what your status is.
Otherwise it could be you are missing fonts or something...
Cheers,

Rob.

Comment 7 Rob Buis 2004-07-30 16:50:07 UTC

Hi again,

I think I know what your problem was. Apparently the "system" chose
bitmap fonts over scalable fonts. I moved all scalable fonts out of
my system, so libtext2path/fontconfig was forced to pick up bitmap
fonts. Then indeed I got backtraces like above. In current cvs I have
added the fix, it would be nice if you could verify.
Cheers,

Rob.

Comment 8 Dominique Devriese 2004-07-30 17:21:29 UTC

Rob Buis writes:

> Hi again,

> I think I know what your problem was. Apparently the "system" chose
> bitmap fonts over scalable fonts. I moved all scalable fonts out of
> my system, so libtext2path/fontconfig was forced to pick up bitmap
> fonts. Then indeed I got backtraces like above. In current cvs I
> have added the fix, it would be nice if you could verify.  Cheers,

Sorry, I don't have time to track CVS these days.  AFAICS, you can
close it if you think it's fixed, I'll reopen if I see it again..

cheers
domi

Comment 9 Rob Buis 2004-07-30 17:31:01 UTC

Hi,

Ok, I understand. Let's do that then. And thanks for the report!
Cheers,

Rob.