[cairo-bugs] [Bug 91967] Assertion "(_cairo_atomic_int_get (&(&surface->ref_count)->ref_count) > 0)"

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue May 24 12:14:11 UTC 2016


https://bugs.freedesktop.org/show_bug.cgi?id=91967

--- Comment #20 from Alberts Muktupāvels <alberts.muktupavels at gmail.com> ---
(In reply to Jaroslav Škarvada from comment #19)
> AFAICS the &image->base is pointer to the same memory as image, it's just
> different pointer type. Maybe there is a better fix, e.g. to just BAIL or
> return some error, but this problem needs definitely to be fixed. Just
> ignoring it will not help anyone.

I think that BAIL-ing out is not solution...

Looking at code it looks like it was intention to try with shm first and if
that fails try with other methods. BAIL-ing out we will lose chance to get
image surface with other methods.

Basically this is very simple bug - double free with very simple fix. Surface
was destroyed, pointer now is invalid. Setting it to NULL makes sense.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20160524/3557d6ea/attachment.html>


More information about the cairo-bugs mailing list