Found while fuzzing m-c 20210430-8be68465a851 (--enable-address-sanitizer --enable-fuzzing)
```
/gecko/gfx/cairo/cairo/src/cairo-image-surface.c:1255:50: runtime error: applying zero offset to null pointer
#0 0x7fbb17d5a981 in _cairo_image_compute_color /gecko/gfx/cairo/cairo/src/cairo-image-surface.c:1255:50
#1 0x7fbb17c9fbc8 in _cairo_pdf_surface_emit_image /gecko/gfx/cairo/cairo/src/cairo-pdf-surface.c:2718:13
#2 0x7fbb17c9697b in _cairo_pdf_surface_emit_surface /gecko/gfx/cairo/cairo/src/cairo-pdf-surface.c:3518:11
#3 0x7fbb17c94019 in _cairo_pdf_surface_write_patterns_and_smask_groups /gecko/gfx/cairo/cairo/src/cairo-pdf-surface.c:6841:15
#4 0x7fbb17c8a8ea in _cairo_pdf_surface_write_page /gecko/gfx/cairo/cairo/src/cairo-pdf-surface.c:6986:14
#5 0x7fbb17c8a8ea in _cairo_pdf_surface_show_page /gecko/gfx/cairo/cairo/src/cairo-pdf-surface.c:5091:14
#6 0x7fbb17dd48f3 in _moz_cairo_surface_show_page /gecko/gfx/cairo/cairo/src/cairo-surface.c:2555:40
#7 0x7fbb17d78e64 in _cairo_paginated_surface_show_page /gecko/gfx/cairo/cairo/src/cairo-paginated-surface.c:587:5
#8 0x7fbb17dd48f3 in _moz_cairo_surface_show_page /gecko/gfx/cairo/cairo/src/cairo-surface.c:2555:40
#9 0x7fbb10ffa5af in mozilla::gfx::PrintTargetPDF::EndPage() /gecko/gfx/thebes/PrintTargetPDF.cpp:63:3
#10 0x7fbb1094cb6d in nsDeviceContext::EndPage() /gecko/gfx/src/nsDeviceContext.cpp:582:31
#11 0x7fbb16ae02c3 in mozilla::layout::RemotePrintJobParent::PrintPage(mozilla::layout::PRFileDescStream&, nsRefCountedHashtable<nsUint64HashKey, RefPtr<mozilla::gfx::RecordedDependentSurface> >*) /gecko/layout/printing/ipc/RemotePrintJobParent.cpp:171:29
#12 0x7fbb16ae01cb in mozilla::layout::RemotePrintJobParent::FinishProcessingPage(nsRefCountedHashtable<nsUint64HashKey, RefPtr<mozilla::gfx::RecordedDependentSurface> >*) /gecko/layout/printing/ipc/RemotePrintJobParent.cpp:146:17
#13 0x7fbb16ae004b in mozilla::layout::RemotePrintJobParent::RecvProcessPage(nsTArray<unsigned long>&&) /gecko/layout/printing/ipc/RemotePrintJobParent.cpp:121:5
#14 0x7fbb0fda483b in mozilla::layout::PRemotePrintJobParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PRemotePrintJobParent.cpp:301:28
#15 0x7fbb0f939b43 in mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PContentParent.cpp:6629:32
#16 0x7fbb0f66135a in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /gecko/ipc/glue/MessageChannel.cpp:2152:25
#17 0x7fbb0f65da88 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /gecko/ipc/glue/MessageChannel.cpp:2076:9
#18 0x7fbb0f65f3e5 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /gecko/ipc/glue/MessageChannel.cpp:1924:3
#19 0x7fbb0f65ff4b in mozilla::ipc::MessageChannel::MessageTask::Run() /gecko/ipc/glue/MessageChannel.cpp:1955:13
#20 0x7fbb0e465462 in mozilla::RunnableTask::Run() /gecko/xpcom/threads/TaskController.cpp:482:16
#21 0x7fbb0e431e30 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /gecko/xpcom/threads/TaskController.cpp:766:26
#22 0x7fbb0e42f937 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /gecko/xpcom/threads/TaskController.cpp:621:15
#23 0x7fbb0e42fd8d in mozilla::TaskController::ProcessPendingMTTask(bool) /gecko/xpcom/threads/TaskController.cpp:405:36
#24 0x7fbb0e46ee11 in operator() /gecko/xpcom/threads/TaskController.cpp:138:37
#25 0x7fbb0e46ee11 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() /gecko/xpcom/threads/nsThreadUtils.h:534:5
#26 0x7fbb0e44c758 in nsThread::ProcessNextEvent(bool, bool*) /gecko/xpcom/threads/nsThread.cpp:1159:16
#27 0x7fbb0e45750c in NS_ProcessNextEvent(nsIThread*, bool) /gecko/xpcom/threads/nsThreadUtils.cpp:548:10
#28 0x7fbb0f668adf in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /gecko/ipc/glue/MessagePump.cpp:85:21
#29 0x7fbb0f573561 in RunInternal /gecko/ipc/chromium/src/base/message_loop.cc:335:10
#30 0x7fbb0f573561 in RunHandler /gecko/ipc/chromium/src/base/message_loop.cc:328:3
#31 0x7fbb0f573561 in MessageLoop::Run() /gecko/ipc/chromium/src/base/message_loop.cc:310:3
#32 0x7fbb15d08e67 in nsBaseAppShell::Run() /gecko/widget/nsBaseAppShell.cpp:137:27
#33 0x7fbb19725967 in nsAppStartup::Run() /gecko/toolkit/components/startup/nsAppStartup.cpp:273:30
#34 0x7fbb1992a467 in XREMain::XRE_mainRun() /gecko/toolkit/xre/nsAppRunner.cpp:5364:22
#35 0x7fbb1992c4be in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /gecko/toolkit/xre/nsAppRunner.cpp:5555:8
#36 0x7fbb1992d213 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /gecko/toolkit/xre/nsAppRunner.cpp:5614:21
#37 0x562fb1694fda in do_main /gecko/browser/app/nsBrowserApp.cpp:224:22
#38 0x562fb1694fda in main /gecko/browser/app/nsBrowserApp.cpp:351:16
#39 0x7fbb2ecaa0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#40 0x562fb15e58c9 in _start (/home/worker/builds/try-20210430033625-fuzzing-asan-opt/firefox+0x5b8c9)
```
Bug 1709441 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Found while fuzzing m-c 20210501-cd81489560e4 (--enable-address-sanitizer --enable-fuzzing)
```
/gecko/gfx/cairo/cairo/src/cairo-image-surface.c:1255:50: runtime error: applying zero offset to null pointer
#0 0x7fbb17d5a981 in _cairo_image_compute_color /gecko/gfx/cairo/cairo/src/cairo-image-surface.c:1255:50
#1 0x7fbb17c9fbc8 in _cairo_pdf_surface_emit_image /gecko/gfx/cairo/cairo/src/cairo-pdf-surface.c:2718:13
#2 0x7fbb17c9697b in _cairo_pdf_surface_emit_surface /gecko/gfx/cairo/cairo/src/cairo-pdf-surface.c:3518:11
#3 0x7fbb17c94019 in _cairo_pdf_surface_write_patterns_and_smask_groups /gecko/gfx/cairo/cairo/src/cairo-pdf-surface.c:6841:15
#4 0x7fbb17c8a8ea in _cairo_pdf_surface_write_page /gecko/gfx/cairo/cairo/src/cairo-pdf-surface.c:6986:14
#5 0x7fbb17c8a8ea in _cairo_pdf_surface_show_page /gecko/gfx/cairo/cairo/src/cairo-pdf-surface.c:5091:14
#6 0x7fbb17dd48f3 in _moz_cairo_surface_show_page /gecko/gfx/cairo/cairo/src/cairo-surface.c:2555:40
#7 0x7fbb17d78e64 in _cairo_paginated_surface_show_page /gecko/gfx/cairo/cairo/src/cairo-paginated-surface.c:587:5
#8 0x7fbb17dd48f3 in _moz_cairo_surface_show_page /gecko/gfx/cairo/cairo/src/cairo-surface.c:2555:40
#9 0x7fbb10ffa5af in mozilla::gfx::PrintTargetPDF::EndPage() /gecko/gfx/thebes/PrintTargetPDF.cpp:63:3
#10 0x7fbb1094cb6d in nsDeviceContext::EndPage() /gecko/gfx/src/nsDeviceContext.cpp:582:31
#11 0x7fbb16ae02c3 in mozilla::layout::RemotePrintJobParent::PrintPage(mozilla::layout::PRFileDescStream&, nsRefCountedHashtable<nsUint64HashKey, RefPtr<mozilla::gfx::RecordedDependentSurface> >*) /gecko/layout/printing/ipc/RemotePrintJobParent.cpp:171:29
#12 0x7fbb16ae01cb in mozilla::layout::RemotePrintJobParent::FinishProcessingPage(nsRefCountedHashtable<nsUint64HashKey, RefPtr<mozilla::gfx::RecordedDependentSurface> >*) /gecko/layout/printing/ipc/RemotePrintJobParent.cpp:146:17
#13 0x7fbb16ae004b in mozilla::layout::RemotePrintJobParent::RecvProcessPage(nsTArray<unsigned long>&&) /gecko/layout/printing/ipc/RemotePrintJobParent.cpp:121:5
#14 0x7fbb0fda483b in mozilla::layout::PRemotePrintJobParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PRemotePrintJobParent.cpp:301:28
#15 0x7fbb0f939b43 in mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PContentParent.cpp:6629:32
#16 0x7fbb0f66135a in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /gecko/ipc/glue/MessageChannel.cpp:2152:25
#17 0x7fbb0f65da88 in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /gecko/ipc/glue/MessageChannel.cpp:2076:9
#18 0x7fbb0f65f3e5 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /gecko/ipc/glue/MessageChannel.cpp:1924:3
#19 0x7fbb0f65ff4b in mozilla::ipc::MessageChannel::MessageTask::Run() /gecko/ipc/glue/MessageChannel.cpp:1955:13
#20 0x7fbb0e465462 in mozilla::RunnableTask::Run() /gecko/xpcom/threads/TaskController.cpp:482:16
#21 0x7fbb0e431e30 in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /gecko/xpcom/threads/TaskController.cpp:766:26
#22 0x7fbb0e42f937 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /gecko/xpcom/threads/TaskController.cpp:621:15
#23 0x7fbb0e42fd8d in mozilla::TaskController::ProcessPendingMTTask(bool) /gecko/xpcom/threads/TaskController.cpp:405:36
#24 0x7fbb0e46ee11 in operator() /gecko/xpcom/threads/TaskController.cpp:138:37
#25 0x7fbb0e46ee11 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_0>::Run() /gecko/xpcom/threads/nsThreadUtils.h:534:5
#26 0x7fbb0e44c758 in nsThread::ProcessNextEvent(bool, bool*) /gecko/xpcom/threads/nsThread.cpp:1159:16
#27 0x7fbb0e45750c in NS_ProcessNextEvent(nsIThread*, bool) /gecko/xpcom/threads/nsThreadUtils.cpp:548:10
#28 0x7fbb0f668adf in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /gecko/ipc/glue/MessagePump.cpp:85:21
#29 0x7fbb0f573561 in RunInternal /gecko/ipc/chromium/src/base/message_loop.cc:335:10
#30 0x7fbb0f573561 in RunHandler /gecko/ipc/chromium/src/base/message_loop.cc:328:3
#31 0x7fbb0f573561 in MessageLoop::Run() /gecko/ipc/chromium/src/base/message_loop.cc:310:3
#32 0x7fbb15d08e67 in nsBaseAppShell::Run() /gecko/widget/nsBaseAppShell.cpp:137:27
#33 0x7fbb19725967 in nsAppStartup::Run() /gecko/toolkit/components/startup/nsAppStartup.cpp:273:30
#34 0x7fbb1992a467 in XREMain::XRE_mainRun() /gecko/toolkit/xre/nsAppRunner.cpp:5364:22
#35 0x7fbb1992c4be in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /gecko/toolkit/xre/nsAppRunner.cpp:5555:8
#36 0x7fbb1992d213 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /gecko/toolkit/xre/nsAppRunner.cpp:5614:21
#37 0x562fb1694fda in do_main /gecko/browser/app/nsBrowserApp.cpp:224:22
#38 0x562fb1694fda in main /gecko/browser/app/nsBrowserApp.cpp:351:16
#39 0x7fbb2ecaa0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#40 0x562fb15e58c9 in _start (/home/worker/builds/try-20210430033625-fuzzing-asan-opt/firefox+0x5b8c9)
```