[cairo-bugs] [Bug 91967] Assertion "(_cairo_atomic_int_get (&(&surface->ref_count)->ref_count) > 0)"
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Tue May 24 12:49:07 UTC 2016
https://bugs.freedesktop.org/show_bug.cgi?id=91967
--- Comment #24 from Alberts Muktupāvels <alberts.muktupavels at gmail.com> ---
(In reply to Jaroslav Škarvada from comment #23)
> But I think the proposed fix is dirty. It relies on the safety check inside
> the cairo_surface_destroy. Cleanly written code shouldn't do this. The
> control flow should never get into the cairo_surface_destroy for the second
> time, that's why I wrote "maybe there is a better fix". But this is
> definitely question for the upstream maintainers.
I don't want to agree on this.
Check what could happen if it is called this way:
_get_image_surface (..., ..., FALSE);
I am too lazy to count, but there are definitely multiple paths that could end
up calling cairo_surface_destroy (&image->base); when image is still NULL.
Think about this way - setting it to NULL after destroying is same as if that
function would have been called with try_shm = FALSE.
--
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20160524/440eaa51/attachment-0001.html>
More information about the cairo-bugs
mailing list