[cairo] Segfault with PS surface

Torsten Schoenfeld kaffeetisch at gmx.de
Sun May 6 09:22:05 PDT 2007 

Aloha,

the attached test case results in a segfault here with cairo from git.
The first fix was easy enough; attached.  Unfortunately, that wasn't
enough.  I get a new crash now:

==7477== Invalid read of size 4
==7477==    at 0x4048BBE: _cairo_output_stream_vprintf (cairo-output-stream.c:287)
==7477==    by 0x4049001: _cairo_output_stream_printf (cairo-output-stream.c:402)
==7477==    by 0x4052890: _cairo_ps_surface_finish (cairo-ps-surface.c:300)
==7477==    by 0x4041AC2: cairo_surface_finish (cairo-surface.c:504)
==7477==    by 0x4041B6F: cairo_surface_destroy (cairo-surface.c:401)
==7477==    by 0x404BD29: _cairo_paginated_surface_finish (cairo-paginated-surface.c:143)
==7477==    by 0x4041AC2: cairo_surface_finish (cairo-surface.c:504)
==7477==    by 0x4041B6F: cairo_surface_destroy (cairo-surface.c:401)
==7477==    by 0x804850C: main (ps-crash.c:15)
==7477==  Address 0x440C034 is 12 bytes inside a block of size 32 free'd
==7477==    at 0x402023A: free (vg_replace_malloc.c:233)
==7477==    by 0x4049047: _cairo_output_stream_destroy (cairo-output-stream.c:168)
==7477==    by 0x4052AF7: _cairo_ps_surface_finish (cairo-ps-surface.c:1195)
==7477==    by 0x4041AC2: cairo_surface_finish (cairo-surface.c:504)
==7477==    by 0x404BD0D: _cairo_paginated_surface_finish (cairo-paginated-surface.c:138)
==7477==    by 0x4041AC2: cairo_surface_finish (cairo-surface.c:504)
==7477==    by 0x4041B6F: cairo_surface_destroy (cairo-surface.c:401)
==7477==    by 0x804850C: main (ps-crash.c:15)

Looks like the output stream is written to after it has been freed.

-- 
Bye,
-Torsten
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ps-crash.c
Type: text/x-csrc
Size: 356 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/cairo/attachments/20070506/0c5ae887/ps-crash.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ps-crash.patch
Type: text/x-patch
Size: 1622 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/cairo/attachments/20070506/0c5ae887/ps-crash.bin

More information about the cairo mailing list