[Okular-devel] [Bug 243434] crash when painting (PagePainter::scalePixmapOnImage with no backbuffer)

hazard at hazardous-area.org hazard at hazardous-area.org
Mon Jan 24 19:24:20 CET 2011 

https://bugs.kde.org/show_bug.cgi?id=243434





--- Comment #32 from  <hazard hazardous-area org>  2011-01-24 19:24:14 ---
Created an attachment (id=56394)
 --> (http://bugs.kde.org/attachment.cgi?id=56394)
New crash information added by DrKonqi

okular (0.11.2) on KDE Platform 4.5.5 (KDE 4.5.5) using Qt 4.7.1

- What I was doing when the application crashed:

Opening any PDF.

Valgrind output below:

==18617== Memcheck, a memory error detector
==18617== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==18617== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==18617== Command: okular 02_AT_Quote_SPQ.ID.OPP-000008958.pdf
==18617== 
==18617== Conditional jump or move depends on uninitialised value(s)
==18617==    at 0x4005339: operator delete[](void*, std::nothrow_t const&)
(vg_replace_malloc.c:380)
==18617==    by 0x5B3CE7: ??? (in /usr/lib/libstdc++.so.6.0.14)
==18617==    by 0x5237C8: std::underflow_error::underflow_error(std::string
const&) (stdexcept.cc:72)
==18617==    by 0x523FAD: virtual thunk to std::strstream::~strstream() (in
/usr/lib/libstdc++.so.6.0.14)
==18617==    by 0xD21F9D: pthread_once (pthread_once.S:122)
==18617==    by 0x5240A8: std::locale::locale() (strstream.cc:369)
==18617==    by 0x520F97: std::ios_base::Init::Init() (locale_facets.h:1930)
==18617==    by 0x71B935: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0x71DBEC: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0x6FBFCF: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0xB387CB: call_init (dl-init.c:68)
==18617==    by 0xB388E8: _dl_init (dl-init.c:132)
==18617==  Uninitialised value was created by a stack allocation
==18617==    at 0x5776B1: __cxxabiv1::__class_type_info::__do_dyncast(int,
__cxxabiv1::__class_type_info::__sub_kind, __cxxabiv1::__class_type_info
const*, void const*, __cxxabiv1::__class_type_info const*, void const*,
__cxxabiv1::__class_type_info::__dyncast_result&) const (class_type_info.cc:79)
==18617== 
==18617== Invalid free() / delete / delete[]
==18617==    at 0x4005379: operator delete[](void*, std::nothrow_t const&)
(vg_replace_malloc.c:380)
==18617==    by 0x5B3CE7: ??? (in /usr/lib/libstdc++.so.6.0.14)
==18617==    by 0x5237C8: std::underflow_error::underflow_error(std::string
const&) (stdexcept.cc:72)
==18617==    by 0x523FAD: virtual thunk to std::strstream::~strstream() (in
/usr/lib/libstdc++.so.6.0.14)
==18617==    by 0xD21F9D: pthread_once (pthread_once.S:122)
==18617==    by 0x5240A8: std::locale::locale() (strstream.cc:369)
==18617==    by 0x520F97: std::ios_base::Init::Init() (locale_facets.h:1930)
==18617==    by 0x71B935: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0x71DBEC: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0x6FBFCF: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0xB387CB: call_init (dl-init.c:68)
==18617==    by 0xB388E8: _dl_init (dl-init.c:132)
==18617==  Address 0x4dfb24 is not stack'd, malloc'd or (recently) free'd
==18617== 
==18617== Use of uninitialised value of size 4
==18617==    at 0x4005388: operator delete[](void*, std::nothrow_t const&)
(vg_replace_malloc.c:380)
==18617==    by 0x5237C8: std::underflow_error::underflow_error(std::string
const&) (stdexcept.cc:72)
==18617==    by 0x523FAD: virtual thunk to std::strstream::~strstream() (in
/usr/lib/libstdc++.so.6.0.14)
==18617==    by 0xD21F9D: pthread_once (pthread_once.S:122)
==18617==    by 0x5240A8: std::locale::locale() (strstream.cc:369)
==18617==    by 0x520F97: std::ios_base::Init::Init() (locale_facets.h:1930)
==18617==    by 0x71B935: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0x71DBEC: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0x6FBFCF: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0xB387CB: call_init (dl-init.c:68)
==18617==    by 0xB388E8: _dl_init (dl-init.c:132)
==18617==    by 0xB298AE: ??? (in /lib/ld-2.12.90.so)
==18617==  Uninitialised value was created by a stack allocation
==18617==    at 0x5776B1: __cxxabiv1::__class_type_info::__do_dyncast(int,
__cxxabiv1::__class_type_info::__sub_kind, __cxxabiv1::__class_type_info
const*, void const*, __cxxabiv1::__class_type_info const*, void const*,
__cxxabiv1::__class_type_info::__dyncast_result&) const (class_type_info.cc:79)
==18617== 
==18617== Invalid read of size 1
==18617==    at 0x5B3CE8: ??? (in /usr/lib/libstdc++.so.6.0.14)
==18617==    by 0x5237C8: std::underflow_error::underflow_error(std::string
const&) (stdexcept.cc:72)
==18617==    by 0x523FAD: virtual thunk to std::strstream::~strstream() (in
/usr/lib/libstdc++.so.6.0.14)
==18617==    by 0xD21F9D: pthread_once (pthread_once.S:122)
==18617==    by 0x5240A8: std::locale::locale() (strstream.cc:369)
==18617==    by 0x520F97: std::ios_base::Init::Init() (locale_facets.h:1930)
==18617==    by 0x71B935: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0x71DBEC: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0x6FBFCF: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0xB387CB: call_init (dl-init.c:68)
==18617==    by 0xB388E8: _dl_init (dl-init.c:132)
==18617==    by 0xB298AE: ??? (in /lib/ld-2.12.90.so)
==18617==  Address 0x6a005776 is not stack'd, malloc'd or (recently) free'd
==18617== 
==18617== Invalid read of size 1
==18617==    at 0x5B3CF3: ??? (in /usr/lib/libstdc++.so.6.0.14)
==18617==    by 0x5237C8: std::underflow_error::underflow_error(std::string
const&) (stdexcept.cc:72)
==18617==    by 0x523FAD: virtual thunk to std::strstream::~strstream() (in
/usr/lib/libstdc++.so.6.0.14)
==18617==    by 0xD21F9D: pthread_once (pthread_once.S:122)
==18617==    by 0x5240A8: std::locale::locale() (strstream.cc:369)
==18617==    by 0x520F97: std::ios_base::Init::Init() (locale_facets.h:1930)
==18617==    by 0x71B935: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0x71DBEC: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0x6FBFCF: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0xB387CB: call_init (dl-init.c:68)
==18617==    by 0xB388E8: _dl_init (dl-init.c:132)
==18617==    by 0xB298AE: ??? (in /lib/ld-2.12.90.so)
==18617==  Address 0x9a005115 is not stack'd, malloc'd or (recently) free'd
==18617== 
==18617== 
==18617== Process terminating with default action of signal 11 (SIGSEGV)
==18617==  Access not within mapped region at address 0x9A005115
==18617==    at 0x5B3CF3: ??? (in /usr/lib/libstdc++.so.6.0.14)
==18617==    by 0x5237C8: std::underflow_error::underflow_error(std::string
const&) (stdexcept.cc:72)
==18617==    by 0x523FAD: virtual thunk to std::strstream::~strstream() (in
/usr/lib/libstdc++.so.6.0.14)
==18617==    by 0xD21F9D: pthread_once (pthread_once.S:122)
==18617==    by 0x5240A8: std::locale::locale() (strstream.cc:369)
==18617==    by 0x520F97: std::ios_base::Init::Init() (locale_facets.h:1930)
==18617==    by 0x71B935: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0x71DBEC: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0x6FBFCF: ??? (in /usr/lib/libstreams.so.0.7.2)
==18617==    by 0xB387CB: call_init (dl-init.c:68)
==18617==    by 0xB388E8: _dl_init (dl-init.c:132)
==18617==    by 0xB298AE: ??? (in /lib/ld-2.12.90.so)
==18617==  If you believe this happened as a result of a stack
==18617==  overflow in your program's main thread (unlikely but
==18617==  possible), you can try to increase the size of the
==18617==  main thread stack using the --main-stacksize= flag.
==18617==  The main thread stack size used in this run was 8388608.
==18617== 
==18617== HEAP SUMMARY:
==18617==     in use at exit: 0 bytes in 0 blocks
==18617==   total heap usage: 2 allocs, 3 frees, 472 bytes allocated
==18617== 
==18617== All heap blocks were freed -- no leaks are possible
==18617== 
==18617== For counts of detected and suppressed errors, rerun with: -v
==18617== ERROR SUMMARY: 5 errors from 5 contexts (suppressed: 76 from 8)

-- Backtrace (Reduced):
#7  PagePainter::scalePixmapOnImage (dest=..., src=0xa255cb0, scaledWidth=1230,
scaledHeight=1591, cropRect=..., format=QImage::Format_ARGB32_Premultiplied) at
/usr/src/debug/kdegraphics-4.5.5/okular/ui/pagepainter.cpp:755
#8  0x01067356 in PagePainter::paintCroppedPageOnPainter
(destPainter=0xbfed63bc, page=0xa24b958, pixID=3, flags=63, scaledWidth=1230,
scaledHeight=1591, limits=..., crop=...) at
/usr/src/debug/kdegraphics-4.5.5/okular/ui/pagepainter.cpp:229
#9  0x01075f30 in PageView::drawDocumentOnPainter (this=0xa045448,
contentsRect=..., p=0xbfed63bc) at
/usr/src/debug/kdegraphics-4.5.5/okular/ui/pageview.cpp:2446
#10 0x0107680d in PageView::paintEvent (this=0xa045448, pe=0xbfed6ac4) at
/usr/src/debug/kdegraphics-4.5.5/okular/ui/pageview.cpp:1212
#11 0x06f468af in QWidget::event (this=0xa045448, event=0xbfed6ac4) at
kernel/qwidget.cpp:8346

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Okular-devel mailing list