<html>
    <head>
      <base href="https://bugs.freedesktop.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - evince segfault when opening this pdf (calling cairo_set_dash())"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=100164">100164</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>evince segfault when opening this pdf (calling cairo_set_dash())
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>poppler
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>x86-64 (AMD64)
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux (All)
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>cairo backend
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>poppler-bugs@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>wiml@hhhh.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>evince crashes while rendering this pdf. The window appears, it chews cpu for a
few seconds, then segfaults before displaying anything from the file.

I'm using debian's version, which is old, but this may be useful information
anyway.

<a href="http://www2.census.gov/geo/maps/blk2000/st02_Alaska/Place/0218675_Deltana/CBP0218675_001.pdf">http://www2.census.gov/geo/maps/blk2000/st02_Alaska/Place/0218675_Deltana/CBP0218675_001.pdf</a>


versions:
  evince 3.14.1-2+deb8u1
  poppler 0.26.5-2+deb8u1
  cairo  1.14.0-2.1+deb8u2


(gdb) run /tmp/mozilla_wiml0/CBP0218675_001.pdf 
Starting program: /usr/bin/evince /tmp/mozilla_wiml0/CBP0218675_001.pdf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffee0aa700 (LWP 9970)]
[New Thread 0x7fffed8a9700 (LWP 9971)]
[New Thread 0x7fffed0a8700 (LWP 9975)]
[New Thread 0x7fffdffff700 (LWP 9976)]
[New Thread 0x7fffdf7fe700 (LWP 9977)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffdf7fe700 (LWP 9977)]
0x00007ffff5efd789 in _cairo_gstate_set_dash (gstate=0x7fffd00a3870, dash=0x0,
num_dashes=8, offset=4.7430302000759668e-322)
    at ../../../../src/cairo-gstate.c:542
542     ../../../../src/cairo-gstate.c: No such file or directory.
(gdb) bt
#0  0x00007ffff5efd789 in _cairo_gstate_set_dash (gstate=0x7fffd00a3870,
dash=0x0, num_dashes=8, offset=4.7430302000759668e-322)
    at ../../../../src/cairo-gstate.c:542
#1  0x00007ffff5ef0f82 in cairo_set_dash (cr=0x7fffd04b2c40,
dashes=0x7fffd0000038, num_dashes=-800379904, offset=4.7430302000759668e-322)
    at ../../../../src/cairo.c:1080
#2  0x00007fffdeddd4bc in CairoOutputDev::fillToStrokePathClip
(this=this@entry=0x7fffd0042da0, state=state@entry=0x7fffd04b3a50)
    at CairoOutputDev.cc:1163
#3  0x00007fffdedddaf7 in CairoOutputDev::tilingPatternFill
(this=0x7fffd0042da0, state=0x7fffd04b3a50, gfxA=<optimized out>,
cat=<optimized out>, 
    str=<optimized out>, pmat=<optimized out>, paintType=2,
resDict=0x7fffd05ff7a0, mat=0x7fffdf7fd640, bbox=0x7fffd05fd438, x0=316,
y0=224, x1=329, 
    y1=228, xStep=<optimized out>, yStep=<optimized out>) at
CairoOutputDev.cc:896
#4  0x00007fffde504156 in Gfx::doTilingPatternFill (this=0x7fffd00d2900,
tPat=0x7fffd05fd420, stroke=<optimized out>, eoFill=<optimized out>, 
    text=<optimized out>) at Gfx.cc:2279
#5  0x00007fffde504e0d in Gfx::opCloseEOFillStroke (this=0x7fffd00d2900,
args=<optimized out>, numArgs=<optimized out>) at Gfx.cc:1987
#6  0x00007fffde500e78 in Gfx::go (this=this@entry=0x7fffd00d2900,
topLevel=topLevel@entry=true) at Gfx.cc:762
#7  0x00007fffde501378 in Gfx::display (this=this@entry=0x7fffd00d2900,
obj=obj@entry=0x7fffdf7fdad0, topLevel=topLevel@entry=true) at Gfx.cc:728
#8  0x00007fffde549375 in Page::displaySlice (this=0x7fffd005b200,
out=out@entry=0x7fffd0042da0, hDPI=hDPI@entry=72, vDPI=vDPI@entry=72, 
    rotate=rotate@entry=0, useMediaBox=useMediaBox@entry=false,
crop=crop@entry=true, sliceX=sliceX@entry=-1, sliceY=-1, sliceW=-1, sliceH=-1, 
    printing=false, abortCheckCbk=0x0, abortCheckCbkData=0x0,
annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at
Page.cc:585
#9  0x00007fffdedc9e52 in _poppler_page_render (page=0xb98e80, cairo=0xb6c9a0,
printing=<optimized out>, print_flags=<optimized out>)
    at poppler-page.cc:362
#10 0x00007fffec05cb93 in pdf_page_render (page=page@entry=0xb98e80,
width=2355, height=2157, rc=rc@entry=0xb98ec0)
    at /build/evince-3.14.1/./backend/pdf/ev-poppler.cc:415
#11 0x00007fffec05cdd1 in pdf_document_render (document=<optimized out>,
rc=0xb98ec0) at /build/evince-3.14.1/./backend/pdf/ev-poppler.cc:442
#12 0x00007ffff7969342 in ev_job_render_run (job=0x7fffd000be00) at
/build/evince-3.14.1/./libview/ev-jobs.c:638
#13 0x00007ffff796b19a in ev_job_thread (job=0x7fffd000be00) at
/build/evince-3.14.1/./libview/ev-job-scheduler.c:184
#14 ev_job_thread_proxy (data=<optimized out>) at
/build/evince-3.14.1/./libview/ev-job-scheduler.c:217
#15 0x00007ffff4de9845 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x00007ffff4648064 in start_thread (arg=0x7fffdf7fe700) at
pthread_create.c:309
#17 0x00007ffff437d62d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb) x/10i $pc
=> 0x7ffff5efd789 <_cairo_gstate_set_dash+89>:  movsd  (%rbx),%xmm0
   0x7ffff5efd78d <_cairo_gstate_set_dash+93>:  ucomisd %xmm0,%xmm2
   0x7ffff5efd791 <_cairo_gstate_set_dash+97>:  ja     0x7ffff5efd960
<_cairo_gstate_set_dash+560>
   0x7ffff5efd797 <_cairo_gstate_set_dash+103>: movapd %xmm2,%xmm5
   0x7ffff5efd79b <_cairo_gstate_set_dash+107>: movapd %xmm2,%xmm1
   0x7ffff5efd79f <_cairo_gstate_set_dash+111>: movapd %xmm2,%xmm4
   0x7ffff5efd7a3 <_cairo_gstate_set_dash+115>: xor    %ecx,%ecx
   0x7ffff5efd7a5 <_cairo_gstate_set_dash+117>: xor    %eax,%eax
   0x7ffff5efd7a7 <_cairo_gstate_set_dash+119>: movapd %xmm2,%xmm3
   0x7ffff5efd7ab <_cairo_gstate_set_dash+123>: xor    %r9d,%r9d
(gdb) inf reg
rax            0x7fffd04b2c00   140736687975424
rbx            0x0      0
rcx            0x7fffd0000020   140736683048992
rdx            0x7fffd04b2c00   140736687975424
rsi            0x7fffd0000038   140736683049016
rdi            0x7fffd04b2c40   140736687975488
rbp            0x7fffd00a3870   0x7fffd00a3870
rsp            0x7fffdf7fd3f0   0x7fffdf7fd3f0
r8             0x3      3
r9             0x7fffd04b2c00   140736687975424
r10            0x0      0
r11            0x7ffff4401f90   140737291231120
r12            0x8      8
r13            0x7fffdf7fd640   140736943085120
r14            0x7fffd04b3a50   140736687979088
r15            0xb6cf40 11980608
rip            0x7ffff5efd789   0x7ffff5efd789 <_cairo_gstate_set_dash+89>
eflags         0x10202  [ IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>