[cairo] crash copying recording surface to PDF surface with tags

Ben Pfaff blp at cs.stanford.edu
Sat Dec 26 18:12:32 UTC 2020 

On Sat, Dec 26, 2020 at 1:57 AM Uli Schlachter <psychon at znc.in> wrote:
> thanks for this great report. It is always great to read:

Thanks so much for the two patches!  I locally applied them to the
Debian packaging for Cairo and they fixed the crashes.

When I invoke my test program as:
    valgrind --leak-check=full ./cairo-test --no-extents

I do still see the following use of an uninitialized value (I forgot
to report this before, sorry!):

    Conditional jump or move depends on uninitialised value(s)
       at 0x494E67B: _cairo_pdf_surface_emit_recording_surface
(cairo-pdf-surface.c:3375)
       by 0x494E67B: _cairo_pdf_surface_emit_surface (cairo-pdf-surface.c:3489)
       by 0x49523BC:
_cairo_pdf_surface_write_patterns_and_smask_groups
(cairo-pdf-surface.c:6845)
       by 0x49525F2: _cairo_pdf_surface_finish (cairo-pdf-surface.c:2216)
       by 0x48F0BB1: _cairo_surface_finish (cairo-surface.c:1030)
       by 0x48F198A: cairo_surface_finish (cairo-surface.c:1079)
       by 0x48F198A: cairo_surface_finish (cairo-surface.c:1063)
       by 0x48BCDFB: _cairo_paginated_surface_finish
(cairo-paginated-surface.c:214)
       by 0x48F0BB1: _cairo_surface_finish (cairo-surface.c:1030)
       by 0x48F174F: cairo_surface_destroy (cairo-surface.c:970)
       by 0x1094F4: main (cairo-test.c:66)

and the following memory leak:

    3,032 (384 direct, 2,648 indirect) bytes in 1 blocks are
definitely lost in loss record 19 of 19
       at 0x483877F: malloc (vg_replace_malloc.c:307)
       by 0x48ED979: _cairo_surface_snapshot (cairo-surface-snapshot.c:265)
       by 0x48CB5AB: _cairo_pattern_init_snapshot (cairo-pattern.c:422)
       by 0x48DA157: _cairo_recording_surface_paint
(cairo-recording-surface.c:743)
       by 0x48F2367: _cairo_surface_paint (cairo-surface.c:2198)
       by 0x48F2367: _cairo_surface_paint (cairo-surface.c:2198)
       by 0x48A7C15: _cairo_gstate_paint (cairo-gstate.c:1061)
       by 0x49002E9: cairo_paint (cairo.c:2220)
       by 0x10930C: copy_surface (cairo-test.c:25)
       by 0x1094CA: main (cairo-test.c:57)

I'm happy to report those separately through the bug tracker, if you
like (I had been misled through the website before and thought that
the mailing list was the preferred place).

More information about the cairo mailing list