Subject: pkg/34687: firefox-gtk1 SEGVs when trying to display SVG graphics
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <he@uninett.no>
List: pkgsrc-bugs
Date: 10/01/2006 16:15:01
>Number: 34687
>Category: pkg
>Synopsis: firefox-gtk1 SEGVs when trying to display SVG graphics
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Oct 01 16:15:01 +0000 2006
>Originator: Havard Eidnes
>Release: NetBSD 3.99.17
>Organization:
I'm trying...
>Environment:
System: NetBSD vestlia.uninett.no 3.99.17 NetBSD 3.99.17 (VESTLIA) #6: Mon Apr 3 00:20:14 CEST 2006 he@vestlia.uninett.no:/usr/obj/sys/arch/i386/compile/VESTLIA i386
Architecture: i386
Machine: i386
>Description:
firefox-gtk1 gets a segmentation fault when trying to display
a web page containing SVG graphics.
firefox-gtk1 from pkgsrc-2006Q2 died with an unresolved
symbol:
/usr/pkg/lib/seamonkey-gtk1/components/libgklayout.so: Undefined PLT symbol "FcPatternCreate" (symnum = 15483)
This is because that symbol was only added in version 2.4.0 of
fontconfig, and pkgsrc-2006Q2 contains an older version of
that package.
firefox-gtk1 from pkgsrc-2006Q3, on the other hand, gets a
segmentation fault. Running it under a debugger gives:
Program received signal SIGSEGV, Segmentation fault.
[Switching to LWP 3]
0xb8373ea3 in nsSVGCairoCanvas::Init(nsIRenderingContext*, nsPresContext*, nsRect const&) () from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
(gdb) where
#0 0xb8373ea3 in nsSVGCairoCanvas::Init(nsIRenderingContext*, nsPresContext*, nsRect const&) () from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#1 0xb8373f06 in NS_NewSVGCairoCanvas(nsISVGRendererCanvas**, nsIRenderingContext*, nsPresContext*, nsRect const&) ()
from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#2 0xb83738f6 in nsSVGRendererCairo::CreateCanvas(nsIRenderingContext*, nsPresContext*, nsRect const&, nsISVGRendererCanvas**) ()
from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#3 0xb8313ef9 in nsSVGOuterSVGFrame::Paint(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) ()
from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#4 0xb7fe2111 in nsContainerFrame::PaintChild(nsPresContext*, nsIRenderingContext&, nsRect const&, nsIFrame*, nsFramePaintLayer, unsigned) ()
from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#5 0xb7fe2022 in nsContainerFrame::PaintChildren(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) ()
from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#6 0xb7ff8262 in nsHTMLContainerFrame::Paint(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) ()
from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#7 0xb7ff90a1 in CanvasFrame::Paint(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) ()
from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
---Type <return> to continue, or q <return> to quit---
#8 0xb7fc6e30 in PresShell::Paint(nsIView*, nsIRenderingContext&, nsRect const&) () from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#9 0xb82551cb in nsView::Paint(nsIRenderingContext&, nsRect const&, unsigned, int&) () from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#10 0xb825a822 in nsViewManager::RenderDisplayListElement(DisplayListElement2*, nsIRenderingContext*) ()
from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#11 0xb825a1cf in nsViewManager::RenderViews(nsView*, nsIRenderingContext&, nsRegion const&, nsIDrawingSurface*, nsVoidArray const&) ()
from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#12 0xb825908d in nsViewManager::Refresh(nsView*, nsIRenderingContext*, nsIRegion*, unsigned) () from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#13 0xb825bcb1 in nsViewManager::DispatchEvent(nsGUIEvent*, nsEventStatus*) ()
from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#14 0xb8254aa3 in ViewWrapper::GetInterface(nsID const&, void**) ()
from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#15 0xb8895aba in nsWidget::DispatchEvent(nsGUIEvent*, nsEventStatus&) ()
from /usr/pkg/lib/firefox-gtk1/components/libwidget_gtk.so
#16 0xb889595f in nsWidget::DispatchWindowEvent(nsGUIEvent*) ()
from /usr/pkg/lib/firefox-gtk1/components/libwidget_gtk.so
#17 0xb8898dea in nsWindow::DoPaint(nsIRegion*) ()
from /usr/pkg/lib/firefox-gtk1/components/libwidget_gtk.so
#18 0xb8898f00 in nsWindow::Update() ()
---Type <return> to continue, or q <return> to quit---
from /usr/pkg/lib/firefox-gtk1/components/libwidget_gtk.so
#19 0xb8898c0a in nsWindow::UpdateIdle(void*) ()
from /usr/pkg/lib/firefox-gtk1/components/libwidget_gtk.so
#20 0xbb8f78ac in g_idle_dispatch () from /usr/pkg/lib/libglib.so.13
#21 0xbb8f6956 in g_main_dispatch () from /usr/pkg/lib/libglib.so.13
#22 0xbb8f6e09 in g_main_iterate () from /usr/pkg/lib/libglib.so.13
#23 0xbb8f7038 in g_main_run () from /usr/pkg/lib/libglib.so.13
#24 0xbb9c7a7b in gtk_main () from /usr/pkg/lib/libgtk.so.12
#25 0xb88885c4 in nsAppShell::Run() ()
from /usr/pkg/lib/firefox-gtk1/components/libwidget_gtk.so
#26 0xb8834874 in nsAppStartup::Run() ()
from /usr/pkg/lib/firefox-gtk1/components/libtoolkitcomps.so
#27 0x08053ded in XRE_main ()
#28 0x0804f39f in main ()
#29 0x0804f1b6 in ___start ()
(gdb) i reg
eax 0x0 0
ecx 0xbbb4fdfc -1145766404
edx 0x8545680 139744896
ebx 0xb83aa970 -1204115088
esp 0xbfbfda1c 0xbfbfda1c
ebp 0xbfbfda98 0xbfbfda98
esi 0x8545680 139744896
edi 0x8bbf680 146536064
eip 0xb8373ea3 0xb8373ea3
eflags 0x10246 66118
cs 0x17 23
ss 0x1f 31
ds 0x1f 31
es 0x1f 31
fs 0x8 8
gs 0x8 8
fctrl 0x127f 4735
fstat 0x23 35
ftag 0xffff 65535
fiseg 0x17 23
fioff 0xb8313e98 -1204732264
foseg 0x1f 31
fooff 0xbfbfdb44 -1077945532
---Type <return> to continue, or q <return> to quit---
fop 0x35d 861
mxcsr 0x1f80 8064
(gdb) x/i 0xb8373ea3
0xb8373ea3 <_ZN16nsSVGCairoCanvas4InitEP19nsIRenderingContextP13nsPresContextRK6nsRect+711>: pushl 0x38(%eax)
(gdb)
So, %eax is 0, and it tries to de-reference 0x38, which gets
the segmentation fault.
Recompiling libgklayout.so with debugging and installing it
manually points to this part of the code:
(gdb) down
#0 0xb8373ea3 in nsSVGCairoCanvas::Init(nsIRenderingContext*, nsPresContext*, nsRect const&) (this=0x8803180, ctx=0x8658e00, presContext=0x855f600,
dirtyRect=@0xbfbfdb60) at nsSVGCairoCanvas.cpp:258
258 cairoSurf = cairo_xlib_surface_create(GDK_WINDOW_XDISPLAY(drawable),
(gdb) l
253 ctx->GetDrawingSurface((nsIDrawingSurface**)&surface);
254 if (surface) {
255 surface->GetSize(&mWidth, &mHeight);
256 GdkDrawable *drawable = surface->GetDrawable();
257 GdkVisual *visual = gdk_window_get_visual(drawable);
258 cairoSurf = cairo_xlib_surface_create(GDK_WINDOW_XDISPLAY(drawable),
259 GDK_WINDOW_XWINDOW(drawable),
260 GDK_VISUAL_XVISUAL(visual),
261 mWidth, mHeight);
262 }
(gdb)
(gdb) p visual
$2 = (GdkVisual *) 0x0
(gdb)
The optimizer has apparently left out "drawable":
(gdb) p drawable
No symbol "drawable" in current context.
(gdb)
>How-To-Repeat:
Try to open any of the SVG examples at
http://www.croczilla.com/svg/samples/
>Fix:
Sorry, I don't know.