Re: evince segfaults in sse2_composite_over_n_8_8888, i386, Dec 12 snapshot

Sat, 22 Dec 2012 10:42:13 -0800 

On Sat, Dec 22, 2012 at 07:08:45PM +0100, Mark Kettenis wrote:
> > Date: Sat, 22 Dec 2012 18:45:31 +0100
> > From: Matthieu Herrb <matthieu.he...@laas.fr>
> > List-Owner: <mailto:owner-t...@openbsd.org>
> > 
> > On Fri, Dec 21, 2012 at 05:45:11PM +0100, Giovanni Bechis wrote:
> > 
> > [moving to tech@ since it's not a ports issue]
> > 
> > > On 12/21/12 17:40, Florian Obser wrote:
> > > > Hi,
> > > > evince-3.6.1 segfaults with this pdf:
> > > > http://gowers.files.wordpress.com/2012/02/elsevierstatementfinal.pdf
> > > > 
> > > > I tried a known good pdf (used to work in september) and get the
> > > > same bt.
> > > > 
> > > works for me with this snap:
> > > OpenBSD 5.2-current (GENERIC.MP) #2: Mon Dec 10 18:39:29 MST 2012
> > >     dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > 
> > I can reproduce it on i386 but not on amd64. It looks like an issue
> > with pixman's sse-2 code on i386. 
> 
> What instruction does it crash on?  What are the contents of the
> registers at that point?

I hope there's enough information in that gdb session transcript

Script started on Sat Dec 22 19:38:15 2012
bluenote% gdb evince
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-openbsd5.2"...(no debugging symbols 
found)

(gdb) r elsevierstatementfinal.pdf 
Starting program: /usr/local/bin/evince elsevierstatementfinal.pdf

** (evince:18904): WARNING **: Couldn't connect to accessibility bus: Failed to 
connect to socket /tmp/dbus-9LxEHkWwec: No such file or directory
[New process 18904]

Program received signal SIGSEGV, Segmentation fault.
[Switching to thread 1002687]
0x0953a657 in sse2_composite_over_n_8_8888 (imp=0x7c25b000, info=0x93d325b4) at 
emmintrin.h:584
584       return __extension__ (__m128i)(__v4si){ __q0, __q1, __q2, __q3 };
(gdb) x/i $pc
0x953a657 <sse2_composite_over_n_8_8888+393>:   movdqa 0xfffffd18(%ebp),%xmm0
(gdb) bt
#0  0x0953a657 in sse2_composite_over_n_8_8888 (imp=0x7c25b000, 
info=0x93d325b4) at emmintrin.h:584
#1  0x0947ded2 in pixman_composite_glyphs_no_mask (op=PIXMAN_OP_OVER, 
src=0x89071e00, dest=0x853aad00, src_x=0, src_y=0, dest_x=0, dest_y=0, 
cache=0x8106d000, n_glyphs=3, 
    glyphs=0x93d32710) at /usr/xenocara/lib/pixman/pixman/pixman-glyph.c:489
#2  0x0322bfc8 in composite_glyphs () from /usr/local/lib/libcairo.so.12.1
#3  0x03274de8 in composite_glyphs () from /usr/local/lib/libcairo.so.12.1
#4  0x0327675a in clip_and_composite () from /usr/local/lib/libcairo.so.12.1
#5  0x03276a23 in _cairo_traps_compositor_glyphs () from 
/usr/local/lib/libcairo.so.12.1
#6  0x0321de92 in _cairo_compositor_glyphs () from 
/usr/local/lib/libcairo.so.12.1
#7  0x03230355 in _cairo_image_surface_glyphs () from 
/usr/local/lib/libcairo.so.12.1
#8  0x03265602 in _cairo_surface_show_text_glyphs () from 
/usr/local/lib/libcairo.so.12.1
#9  0x0322694a in _cairo_gstate_show_text_glyphs () from 
/usr/local/lib/libcairo.so.12.1
#10 0x032176fe in cairo_show_glyphs () from /usr/local/lib/libcairo.so.12.1
#11 0x0d696ade in CairoOutputDev::endString () from 
/usr/local/lib/libpoppler-glib.so.11.0
#12 0x028b7150 in Gfx::doShowText () from /usr/local/lib/libpoppler.so.15.0
#13 0x028bcbfc in Gfx::opShowSpaceText () from /usr/local/lib/libpoppler.so.15.0
#14 0x028ae490 in Gfx::execOp () from /usr/local/lib/libpoppler.so.15.0
#15 0x028aeb81 in Gfx::go () from /usr/local/lib/libpoppler.so.15.0
#16 0x028af2df in Gfx::display () from /usr/local/lib/libpoppler.so.15.0
#17 0x02909d1c in Page::displaySlice () from /usr/local/lib/libpoppler.so.15.0
#18 0x0d68ce25 in _poppler_page_render () from 
/usr/local/lib/libpoppler-glib.so.11.0
#19 0x0d68d059 in poppler_page_render () from 
/usr/local/lib/libpoppler-glib.so.11.0
#20 0x0b2c2aa7 in pdf_page_render () from 
/usr/local/lib/evince/4/backends/libpdfdocument.so
#21 0x0b2c2e13 in pdf_document_render () from 
/usr/local/lib/evince/4/backends/libpdfdocument.so
#22 0x01f49058 in ev_document_render () from 
/usr/local/lib/libevdocument3.so.0.0
#23 0x0f6b8a71 in ev_job_render_run () from /usr/local/lib/libevview3.so.0.0
#24 0x0f6b4d11 in ev_job_run () from /usr/local/lib/libevview3.so.0.0
#25 0x0f6b9547 in ev_job_thread_proxy () from /usr/local/lib/libevview3.so.0.0
#26 0x0a07a362 in g_thread_proxy () from /usr/local/lib/libglib-2.0.so.3400.0
#27 0x0534a10e in _rthread_start (v=0x81e5f900) at 
/usr/src/lib/librthread/rthread.c:122
#28 0x09233809 in __tfork_thread () at 
/usr/src/lib/libc/arch/i386/sys/tfork_thread.S:92
(gdb) info all-registers 
eax            0xff000000       -16777216
ecx            0xff000000       -16777216
edx            0xff000000       -16777216
ebx            0x292bf84c       690747468
esp            0x93d316bc       0x93d316bc
ebp            0x93d32564       0x93d32564
esi            0xff000000       -16777216
edi            0x813fa800       -2126534656
eip            0x953a657        0x953a657
eflags         0x210282 2163330
cs             0x2b     43
ss             0x33     51
ds             0x33     51
es             0x33     51
fs             0x5b     91
gs             0x63     99
st0            0        (raw 0x00000000000000000000)
st1            75.53452979493147267930908128619194      (raw 
0x40059711ade3a7efc000)
st2            75.53452979493147267930908128619194      (raw 
0x40059711ade3a7efc000)
st3            1        (raw 0x3fff8000000000000000)
st4            1        (raw 0x3fff8000000000000000)
st5            1        (raw 0x3fff8000000000000000)
st6            224.02685878095147131716657895594835     (raw 
0x4006e006e03791cc0800)
st7            76       (raw 0x40059800000000000000)
fctrl          0x37f    895
fstat          0x4020   16416
ftag           0xffff   65535
fiseg          0x2b     43
fioff          0x322bc87        52608135
foseg          0x33     51
fooff          0x93d3272c       -1814878420
fop            0x35f    863
xmm0           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x4, 0x0, 0x0, 0x20, 0x4, 0x0, 0x0, 0x20, 0x4, 0x0, 0x0, 0x20, 0x4, 
0x0, 0x0, 0x20}, 
  v8_int16 = {0x4, 0x2000, 0x4, 0x2000, 0x4, 0x2000, 0x4, 0x2000}, v4_int32 = 
{0x20000004, 0x20000004, 0x20000004, 0x20000004}, v2_int64 = 
{0x2000000420000004, 
    0x2000000420000004}, uint128 = 0x20000004200000042000000420000004}
xmm1           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0}, 
  v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
xmm2           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0}, 
  v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
xmm3           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0}, 
  v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
xmm4           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0}, 
  v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
xmm5           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0}, 
  v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
xmm6           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0}, 
  v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
xmm7           {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0}, 
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x0}, 
  v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 = 
0x00000000000000000000000000000000}
mxcsr          0x1f80   8064
mm0            {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0, 0x0, 
0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1            {uint64 = 0x9711ade3a7efc000, v2_int32 = {0xa7efc000, 
0x9711ade3}, v4_int16 = {0xc000, 0xa7ef, 0xade3, 0x9711}, v8_int8 = {0x0, 0xc0, 
0xef, 0xa7, 0xe3, 
    0xad, 0x11, 0x97}}
mm2            {uint64 = 0x9711ade3a7efc000, v2_int32 = {0xa7efc000, 
0x9711ade3}, v4_int16 = {0xc000, 0xa7ef, 0xade3, 0x9711}, v8_int8 = {0x0, 0xc0, 
0xef, 0xa7, 0xe3, 
    0xad, 0x11, 0x97}}
mm3            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, 
v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x80}}
mm4            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, 
v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x80}}
mm5            {uint64 = 0x8000000000000000, v2_int32 = {0x0, 0x80000000}, 
v4_int16 = {0x0, 0x0, 0x0, 0x8000}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x80}}
mm6            {uint64 = 0xe006e03791cc0800, v2_int32 = {0x91cc0800, 
0xe006e037}, v4_int16 = {0x800, 0x91cc, 0xe037, 0xe006}, v8_int8 = {0x0, 0x8, 
0xcc, 0x91, 0x37, 0xe0, 
    0x6, 0xe0}}
mm7            {uint64 = 0x9800000000000000, v2_int32 = {0x0, 0x98000000}, 
v4_int16 = {0x0, 0x0, 0x0, 0x9800}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 
0x0, 0x98}}
(gdb) q
The program is running.  Exit anyway? (y or n) y
bluenote% ^Dexit

Script done on Sat Dec 22 19:38:58 2012

-- 
Matthieu Herrb

Reply via email to