[cairo-bugs] [Bug 81699] Segfault sweep_line_delete on video playback (2)

Thu Aug 21 01:36:39 PDT 2014

https://bugs.freedesktop.org/show_bug.cgi?id=81699

--- Comment #7 from Chris Wilson <chris at chris-wilson.co.uk> ---
(In reply to comment #6)
> (In reply to comment #5)
> > Hi Massimo. Looks like you last patch with only 3 lines of code solved the
> > problem!
> > I applied here and no more segfault.
> > How i don't understand and i know nothing about cairo, i don't know if what
> > this patch do is the right thing or if is safe use it. All i know it is that
> > it solved, i think.
> >
> 
> To me it seems correct and safe, it only drops empty
> boxes from the list of boxes to be tessellated. 

It is. Could you please write a nice commit log, adding

Reported-by: Henrique Lengler <henriqueleng at openmailbox.org>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=81699

and submit. Ideally we would love to have a test case to hit this problem as
well. If you can capture it using cairo-trace that would be a good start.

> Empty boxes do not alter the insideness of any pixel
> because if a ray from the pixel intersects the top edge
> it also intersects the bottom edge, one from the left
> and the other from the right, so it should be correct
> for both (EVEN_ODD, WINDING) fill rules that cairo implements. 
> 
> OTOH these empty boxes are problematic as they possibly
> lead to a segfault.
> 
> It is possible that there are better places to discard
> these boxes.

That's my only worry, I am trying to remember all the call paths that enter
here and why we have empty boxes in the first place. In this case, the empty
boxes seem to be part of the clip, which is worrisome. All the zero height
boxes should have been prefiltered...

diff --git a/src/cairo-boxes.c b/src/cairo-boxes.c
index 63b68dd..90afdbd 100644
--- a/src/cairo-boxes.c
+++ b/src/cairo-boxes.c
@@ -139,6 +139,8 @@ _cairo_boxes_add_internal (cairo_boxes_t *boxes,
     if (unlikely (boxes->status))
        return;

+    assert(box->x2 > box->x1 && box->y2 > box->y1);
+
     chunk = boxes->tail;
     if (unlikely (chunk->count == chunk->size)) {
        int size;

So yes, this suggests a far deeper problem than just the tesselate failure.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20140821/ce960135/attachment.html>
