pkgsrc-bugs: pkg/34687: firefox-gtk1 SEGVs when trying to display SVG graphics

Subject: pkg/34687: firefox-gtk1 SEGVs when trying to display SVG graphics
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <he@uninett.no>
List: pkgsrc-bugs
Date: 10/01/2006 16:15:01
>Number:         34687
>Category:       pkg
>Synopsis:       firefox-gtk1 SEGVs when trying to display SVG graphics
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Oct 01 16:15:01 +0000 2006
>Originator:     Havard Eidnes
>Release:        NetBSD 3.99.17
>Organization:
	I'm trying...
>Environment:
System: NetBSD vestlia.uninett.no 3.99.17 NetBSD 3.99.17 (VESTLIA) #6: Mon Apr 3 00:20:14 CEST 2006 he@vestlia.uninett.no:/usr/obj/sys/arch/i386/compile/VESTLIA i386
Architecture: i386
Machine: i386
>Description:
	firefox-gtk1 gets a segmentation fault when trying to display
	a web page containing SVG graphics.

	firefox-gtk1 from pkgsrc-2006Q2 died with an unresolved
	symbol:

/usr/pkg/lib/seamonkey-gtk1/components/libgklayout.so: Undefined PLT symbol "FcPatternCreate" (symnum = 15483)

	This is because that symbol was only added in version 2.4.0 of
	fontconfig, and pkgsrc-2006Q2 contains an older version of
	that package.

	firefox-gtk1 from pkgsrc-2006Q3, on the other hand, gets a
	segmentation fault.  Running it under a debugger gives:

Program received signal SIGSEGV, Segmentation fault.
[Switching to LWP 3]
0xb8373ea3 in nsSVGCairoCanvas::Init(nsIRenderingContext*, nsPresContext*, nsRect const&) () from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
(gdb) where
#0  0xb8373ea3 in nsSVGCairoCanvas::Init(nsIRenderingContext*, nsPresContext*, nsRect const&) () from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#1  0xb8373f06 in NS_NewSVGCairoCanvas(nsISVGRendererCanvas**, nsIRenderingContext*, nsPresContext*, nsRect const&) ()
   from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#2  0xb83738f6 in nsSVGRendererCairo::CreateCanvas(nsIRenderingContext*, nsPresContext*, nsRect const&, nsISVGRendererCanvas**) ()
   from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#3  0xb8313ef9 in nsSVGOuterSVGFrame::Paint(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) ()
   from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#4  0xb7fe2111 in nsContainerFrame::PaintChild(nsPresContext*, nsIRenderingContext&, nsRect const&, nsIFrame*, nsFramePaintLayer, unsigned) ()
   from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#5  0xb7fe2022 in nsContainerFrame::PaintChildren(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) ()
   from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#6  0xb7ff8262 in nsHTMLContainerFrame::Paint(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) ()
   from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#7  0xb7ff90a1 in CanvasFrame::Paint(nsPresContext*, nsIRenderingContext&, nsRect const&, nsFramePaintLayer, unsigned) ()
   from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
---Type <return> to continue, or q <return> to quit---
#8  0xb7fc6e30 in PresShell::Paint(nsIView*, nsIRenderingContext&, nsRect const&) () from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#9  0xb82551cb in nsView::Paint(nsIRenderingContext&, nsRect const&, unsigned, int&) () from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#10 0xb825a822 in nsViewManager::RenderDisplayListElement(DisplayListElement2*, nsIRenderingContext*) ()
   from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#11 0xb825a1cf in nsViewManager::RenderViews(nsView*, nsIRenderingContext&, nsRegion const&, nsIDrawingSurface*, nsVoidArray const&) ()
   from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#12 0xb825908d in nsViewManager::Refresh(nsView*, nsIRenderingContext*, nsIRegion*, unsigned) () from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#13 0xb825bcb1 in nsViewManager::DispatchEvent(nsGUIEvent*, nsEventStatus*) ()
   from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#14 0xb8254aa3 in ViewWrapper::GetInterface(nsID const&, void**) ()
   from /usr/pkg/lib/firefox-gtk1/components/libgklayout.so
#15 0xb8895aba in nsWidget::DispatchEvent(nsGUIEvent*, nsEventStatus&) ()
   from /usr/pkg/lib/firefox-gtk1/components/libwidget_gtk.so
#16 0xb889595f in nsWidget::DispatchWindowEvent(nsGUIEvent*) ()
   from /usr/pkg/lib/firefox-gtk1/components/libwidget_gtk.so
#17 0xb8898dea in nsWindow::DoPaint(nsIRegion*) ()
   from /usr/pkg/lib/firefox-gtk1/components/libwidget_gtk.so
#18 0xb8898f00 in nsWindow::Update() ()
---Type <return> to continue, or q <return> to quit---
   from /usr/pkg/lib/firefox-gtk1/components/libwidget_gtk.so
#19 0xb8898c0a in nsWindow::UpdateIdle(void*) ()
   from /usr/pkg/lib/firefox-gtk1/components/libwidget_gtk.so
#20 0xbb8f78ac in g_idle_dispatch () from /usr/pkg/lib/libglib.so.13
#21 0xbb8f6956 in g_main_dispatch () from /usr/pkg/lib/libglib.so.13
#22 0xbb8f6e09 in g_main_iterate () from /usr/pkg/lib/libglib.so.13
#23 0xbb8f7038 in g_main_run () from /usr/pkg/lib/libglib.so.13
#24 0xbb9c7a7b in gtk_main () from /usr/pkg/lib/libgtk.so.12
#25 0xb88885c4 in nsAppShell::Run() ()
   from /usr/pkg/lib/firefox-gtk1/components/libwidget_gtk.so
#26 0xb8834874 in nsAppStartup::Run() ()
   from /usr/pkg/lib/firefox-gtk1/components/libtoolkitcomps.so
#27 0x08053ded in XRE_main ()
#28 0x0804f39f in main ()
#29 0x0804f1b6 in ___start ()
(gdb) i reg
eax            0x0      0
ecx            0xbbb4fdfc       -1145766404
edx            0x8545680        139744896
ebx            0xb83aa970       -1204115088
esp            0xbfbfda1c       0xbfbfda1c
ebp            0xbfbfda98       0xbfbfda98
esi            0x8545680        139744896
edi            0x8bbf680        146536064
eip            0xb8373ea3       0xb8373ea3
eflags         0x10246  66118
cs             0x17     23
ss             0x1f     31
ds             0x1f     31
es             0x1f     31
fs             0x8      8
gs             0x8      8
fctrl          0x127f   4735
fstat          0x23     35
ftag           0xffff   65535
fiseg          0x17     23
fioff          0xb8313e98       -1204732264
foseg          0x1f     31
fooff          0xbfbfdb44       -1077945532
---Type <return> to continue, or q <return> to quit---
fop            0x35d    861
mxcsr          0x1f80   8064
(gdb) x/i 0xb8373ea3
0xb8373ea3 <_ZN16nsSVGCairoCanvas4InitEP19nsIRenderingContextP13nsPresContextRK6nsRect+711>:    pushl  0x38(%eax)
(gdb) 

	So, %eax is 0, and it tries to de-reference 0x38, which gets
	the segmentation fault.

	Recompiling libgklayout.so with debugging and installing it
	manually points to this part of the code:

(gdb) down
#0  0xb8373ea3 in nsSVGCairoCanvas::Init(nsIRenderingContext*, nsPresContext*, nsRect const&) (this=0x8803180, ctx=0x8658e00, presContext=0x855f600, 
    dirtyRect=@0xbfbfdb60) at nsSVGCairoCanvas.cpp:258
258         cairoSurf = cairo_xlib_surface_create(GDK_WINDOW_XDISPLAY(drawable),
(gdb) l
253       ctx->GetDrawingSurface((nsIDrawingSurface**)&surface);
254       if (surface) {
255         surface->GetSize(&mWidth, &mHeight);
256         GdkDrawable *drawable = surface->GetDrawable();
257         GdkVisual *visual = gdk_window_get_visual(drawable);
258         cairoSurf = cairo_xlib_surface_create(GDK_WINDOW_XDISPLAY(drawable),
259                                               GDK_WINDOW_XWINDOW(drawable),
260                                               GDK_VISUAL_XVISUAL(visual),
261                                               mWidth, mHeight);
262       }
(gdb) 
(gdb) p visual
$2 = (GdkVisual *) 0x0
(gdb) 

	The optimizer has apparently left out "drawable":

(gdb) p drawable
No symbol "drawable" in current context.
(gdb) 


>How-To-Repeat:
	Try to open any of the SVG examples at

	http://www.croczilla.com/svg/samples/

>Fix:
	Sorry, I don't know.