[cairo-bugs] [Bug 16116] New: Firefox crash [@ _de_casteljau] due to infinite recursion of [@ _cairo_spline_decompose_into]

Tue May 27 08:16:11 PDT 2008

http://bugs.freedesktop.org/show_bug.cgi?id=16116

           Summary: Firefox crash [@ _de_casteljau] due to infinite
                    recursion of [@ _cairo_spline_decompose_into]
           Product: cairo
           Version: 1.6.5
          Platform: x86 (IA32)
        OS/Version: Windows (All)
            Status: NEW
          Severity: critical
          Priority: medium
         Component: general
        AssignedTo: cworth at cworth.org
        ReportedBy: mats.palmgren at bredband.net
         QAContact: cairo-bugs at cairographics.org
                CC: vladimir at pobox.com

We have multiple reports of Firefox 3.0 RC1 crashing on Windows
due to infinite recursion of _cairo_spline_decompose_into().
Is it a Cairo bug?

Originally filed in b.m.o.
https://bugzilla.mozilla.org/show_bug.cgi?id=435756

Example crash reports:
bp-e902c5b8-2769-11dd-a5b8-0013211cbf8a
bp-0cb6bee3-25ba-11dd-bca0-0013211cbf8a
bp-6fda3d66-2a4a-11dd-93ee-001a4bd46e84
bp-2a222bc7-25b3-11dd-9514-0013211cbf8a

Stack:
_de_casteljau                 mozilla/gfx/cairo/cairo/src/cairo-spline.c:167
_cairo_spline_decompose_into  mozilla/gfx/cairo/cairo/src/cairo-spline.c:255 
_cairo_spline_decompose_into  mozilla/gfx/cairo/cairo/src/cairo-spline.c:257
          ... repeat a few thousand times ...
_cairo_spline_decompose_into  mozilla/gfx/cairo/cairo/src/cairo-spline.c:257
_cairo_spline_decompose_into  mozilla/gfx/cairo/cairo/src/cairo-spline.c:261
_cairo_spline_decompose       mozilla/gfx/cairo/cairo/src/cairo-spline.c:278
_cairo_filler_curve_to        mozilla/gfx/cairo/cairo/src/cairo-path-fill.c:132
_cairo_path_fixed_interpret  
mozilla/gfx/cairo/cairo/src/cairo-path-fixed.c:524
_cairo_path_fixed_fill_to_traps
mozilla/gfx/cairo/cairo/src/cairo-path-fill.c:185
_cairo_surface_fallback_fill 
mozilla/gfx/cairo/cairo/src/cairo-surface-fallback.c:898
_cairo_surface_fill           mozilla/gfx/cairo/cairo/src/cairo-surface.c:1626
_cairo_gstate_fill            mozilla/gfx/cairo/cairo/src/cairo-gstate.c:1015
_moz_cairo_fill_preserve      mozilla/gfx/cairo/cairo/src/cairo.c:2177
gfxContext::Fill              mozilla/gfx/thebes/src/gfxContext.cpp:136
FillFastBorderPath            mozilla/layout/base/nsCSSRendering.cpp:1574
DrawBorderSides               mozilla/layout/base/nsCSSRendering.cpp:2209
DrawBorders                   mozilla/layout/base/nsCSSRendering.cpp:2629
nsCSSRendering::PaintBorder   mozilla/layout/base/nsCSSRendering.cpp:2836 
...

http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/gfx/cairo/cairo/src/cairo-spline.c&rev=1.14&mark=255,257,261#261

http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/gfx/cairo/cairo/src/cairo-spline.c&rev=1.14&root=/cvsroot&mark=154,161#153

-- 
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.