[cairo-bugs] [Bug 47605] New: Segfault on cairo_surface_destroy()

Tue Mar 20 12:06:10 PDT 2012

https://bugs.freedesktop.org/show_bug.cgi?id=47605

             Bug #: 47605
           Summary: Segfault on cairo_surface_destroy()
    Classification: Unclassified
           Product: cairo
           Version: 1.10.3
          Platform: x86 (IA32)
        OS/Version: Windows (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: win32 backend
        AssignedTo: cairo-bugs at cairographics.org
        ReportedBy: kukkerman at gmail.com
         QAContact: cairo-bugs at cairographics.org

Destroying a win32 paint surface after we're done with painting
cairo_surface_destroy() causes a segmentation fault. After further examination
the source of the problem lies in _cairo_win32_display_surface_flush in
/src/win32/cairo-win32-display-surface.c at line 520 (at least in commit
f5b5fad66e9c545f332a5f5cf8bd86c7d77caa93):

int n = cairo_region_num_rectangles (damage->region), i;

The call will fail if damage->region is a NULL pointer, so it should be checked
either in cairo_region_num_rectangles or before calling it. I've tried the
former by replacing the else block with an if statement in line 519:

} else if (damage->region != NULL) {

After that cairo_surface_destroy() behaves as expected but I haven't tested it
thoroughly, furthermore I'm not even sure that this is the right thing to do
because I'm not familiar with the internals of cairo.

The bug appears to be connected with the new compositor infrastructure
presented in commit ae3319890eacd1c8282ca6df7b263ac74abb5f8d.

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
You are the assignee for the bug.