segmentation fault during poppler_page_render (crashes inside _fill_xrgb32_lerp_opaque_spans)
Submitted by dra..@..ey.net
Assigned to Chris Wilson @ickle
Description
Created attachment 114208 (PDF file used in the test code that triggers the crash)
(this is using cairo 1.14.0 and poppler 0.32.0)
I've created a minimal test case that reliably reproduces the crash. It crashes on both Windows and OS X. However, on Windows it crashes at window size (1202, 931) while on OS X it crashes at window size (1207,932). It also seems to be data related because the test PDF has two pages and it only crashes when rendering page 2.
The test PDF is attached. Here is the test code:
#include <poppler.h> #include <stdio.h> // printf()
int main(int argc, char **argv) { PopplerDocument *doc; PopplerPage *page; cairo_surface_t *surface; cairo_t *cr; double x_points, y_points; // measured in points which are 1/72 inch double pdf_width, pdf_height; // measured in pixels double window_width, window_height; // measured in pixels int fit_width; double scale_factor; double x_padding; double y_padding;
#ifdef APPLE doc = poppler_document_new_from_file("file:///Users/draymond/crash/test.pdf", NULL, NULL); #else doc = poppler_document_new_from_file("file:///C:/crash/test.pdf", NULL, NULL); #endif page = poppler_document_get_page(doc, 1); // does not crash rendering page 0
for (window_width = 1200; window_width <= 1210; window_width++)
{
for (window_height = 930; window_height <= 940; window_height++)
{
printf("(%f, %f)\n", window_width, window_height);
poppler_page_get_size(page, &x_points, &y_points); // 792, 612
fit_width = (window_width / window_height) < (x_points /
y_points); scale_factor = fit_width ? (window_width / x_points) : (window_height / y_points); pdf_width = x_points * scale_factor; pdf_height = y_points * scale_factor; x_padding = fit_width ? 0 : ((window_width - pdf_width) / 2); y_padding = fit_width ? ((window_height - pdf_height) / 2) : 0;
surface = cairo_image_surface_create(CAIRO_FORMAT_ARGB32,
window_width, window_height); cr = cairo_create(surface);
cairo_translate(cr, x_padding, y_padding);
cairo_scale(cr, scale_factor, scale_factor);
poppler_page_render(page, cr);
cairo_destroy(cr);
cairo_surface_destroy(surface);
}
}
printf("success\n");
g_object_unref(page);
g_object_unref(doc);
}
Attachment 114208, "(PDF file used in the test code that triggers the crash)":
test.pdf