[cairo-bugs] [Bug 102966] CAIRO_STATUS_NO_MEMORY after filling with pattern and large translation

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Sep 29 15:38:33 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=102966

--- Comment #2 from Uli Schlachter <psychon at znc.in> ---
Created attachment 134570
  --> https://bugs.freedesktop.org/attachment.cgi?id=134570&action=edit
Reproducing C program

The code from comment #1 as a C program. It seems to reproduce the error here.

The following gdb session shows backtraces for calls to _cairo_error:

> (gdb) break main
> Breakpoint 1 at 0xb72: file test.c, line 6.
> (gdb) run
> Starting program: /tmp/a.out 
> b[Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> 
> Breakpoint 1, main () at test.c:6
> 6	cairo_surface_t *surfacep = cairo_image_surface_create (CAIRO_FORMAT_ARGB32,
> (gdb) break _cairo_error 
> Breakpoint 2 at 0x7ffff7aa38e0: file cairo-error.c, line 68.
> (gdb) cont
> Continuing.
> 
> Breakpoint 2, _cairo_error (status=status at entry=CAIRO_STATUS_INVALID_MATRIX) at cairo-error.c:68
> 68	    assert (_cairo_status_is_error (status));
> (gdb) bt
> #0  _cairo_error (status=status at entry=CAIRO_STATUS_INVALID_MATRIX) at cairo-error.c:68
> #1  0x00007ffff7ac27da in _cairo_matrix_to_pixman_matrix (yc=50, xc=50, pixman_transform=0x7fffffffda50, matrix=<synthetic pointer>) at cairo-matrix.c:996
> #2  _cairo_matrix_to_pixman_matrix_offset (matrix=matrix at entry=0x7fffffffe3a0, filter=<optimized out>, xc=50, yc=50, out_transform=out_transform at entry=0x7fffffffda50, 
>     x_offset=x_offset at entry=0x7fffffffdc30, y_offset=y_offset at entry=0x7fffffffdc40) at cairo-matrix.c:1210
> #3  0x00007ffff7ab9463 in _pixman_image_set_properties (pixman_image=pixman_image at entry=0x5555557659b0, pattern=pattern at entry=0x7fffffffe360, extents=extents at entry=0x7fffffffe31c, 
>     ix=ix at entry=0x7fffffffdc30, iy=iy at entry=0x7fffffffdc40) at cairo-image-source.c:900
> #4  0x00007ffff7abd424 in _pixman_image_for_surface (iy=0x7fffffffdc40, ix=0x7fffffffdc30, sample=<optimized out>, extents=0x7fffffffe31c, is_mask=<optimized out>, pattern=0x7fffffffe360, 
>     dst=<optimized out>) at cairo-image-source.c:1424
> #5  _pixman_image_for_pattern (ty=0x7fffffffdc40, tx=0x7fffffffdc30, sample=<optimized out>, extents=0x7fffffffe31c, is_mask=<optimized out>, pattern=0x7fffffffe360, dst=<optimized out>)
>     at cairo-image-source.c:1557
> #6  _cairo_image_source_create_for_pattern (dst=<optimized out>, pattern=0x7fffffffe360, is_mask=<optimized out>, extents=0x7fffffffe31c, sample=<optimized out>, src_x=0x7fffffffdc30, 
>     src_y=0x7fffffffdc40) at cairo-image-source.c:1602
> #7  0x00007ffff7b08e9d in composite_aligned_boxes (boxes=0x7fffffffe060, extents=0x7fffffffe2e0, compositor=0x7ffff7dd7320 <spans>) at cairo-spans-compositor.c:678
> #8  clip_and_composite_boxes (compositor=compositor at entry=0x7ffff7dd7320 <spans>, extents=extents at entry=0x7fffffffe2e0, boxes=boxes at entry=0x7fffffffe060) at cairo-spans-compositor.c:882
> #9  0x00007ffff7b0933e in clip_and_composite_boxes (boxes=0x7fffffffe060, extents=0x7fffffffe2e0, compositor=0x7ffff7dd7320 <spans>) at cairo-spans-compositor.c:1003
> #10 _cairo_spans_compositor_mask (_compositor=0x7ffff7dd7320 <spans>, extents=0x7fffffffe2e0) at cairo-spans-compositor.c:999
> #11 0x00007ffff7a9f8c9 in _cairo_compositor_paint (compositor=0x7ffff7dd7320 <spans>, surface=0x555555765120, op=<optimized out>, source=<optimized out>, clip=<optimized out>)
>     at cairo-compositor.c:65
> #12 0x00007ffff7b0e391 in _cairo_surface_paint (surface=0x555555765120, op=op at entry=CAIRO_OPERATOR_OVER, source=source at entry=0x7fffffffe640, clip=0x0) at cairo-surface.c:2120
> #13 0x00007ffff7aa9cd9 in _cairo_gstate_fill (gstate=0x5555557652e0, path=path at entry=0x555555765618) at cairo-gstate.c:1313
> #14 0x00007ffff7aa1bd9 in _cairo_default_context_fill (abstract_cr=0x5555557652b0) at cairo-default-context.c:1055
> #15 0x00007ffff7a97c2a in cairo_fill (cr=0x5555557652b0) at cairo.c:2423
> #16 0x0000555555554cc7 in main () at test.c:23
> (gdb) cont
> Continuing.
> 
> Breakpoint 2, _cairo_error (status=CAIRO_STATUS_NO_MEMORY) at cairo-error.c:68
> 68	    assert (_cairo_status_is_error (status));
> (gdb) bt
> #0  _cairo_error (status=CAIRO_STATUS_NO_MEMORY) at cairo-error.c:68
> #1  0x00007ffff7b0e3e8 in _cairo_surface_set_error (status=<optimized out>, surface=0x555555765120) at cairo-surface.c:201
> #2  _cairo_surface_paint (surface=0x555555765120, op=op at entry=CAIRO_OPERATOR_OVER, source=source at entry=0x7fffffffe640, clip=0x0) at cairo-surface.c:2126
> #3  0x00007ffff7aa9cd9 in _cairo_gstate_fill (gstate=0x5555557652e0, path=path at entry=0x555555765618) at cairo-gstate.c:1313
> #4  0x00007ffff7aa1bd9 in _cairo_default_context_fill (abstract_cr=0x5555557652b0) at cairo-default-context.c:1055
> #5  0x00007ffff7a97c2a in cairo_fill (cr=0x5555557652b0) at cairo.c:2423
> #6  0x0000555555554cc7 in main () at test.c:23
> (gdb) cont
> Continuing.
> 
> Breakpoint 2, _cairo_error (status=status at entry=CAIRO_STATUS_NO_MEMORY) at cairo-error.c:68
> 68	    assert (_cairo_status_is_error (status));
> (gdb) bt
> #0  _cairo_error (status=status at entry=CAIRO_STATUS_NO_MEMORY) at cairo-error.c:68
> #1  0x00007ffff7a97c47 in _cairo_set_error (status=CAIRO_STATUS_NO_MEMORY, cr=0x5555557652b0) at cairo.c:400
> #2  cairo_fill (cr=0x5555557652b0) at cairo.c:2425
> #3  0x0000555555554cc7 in main () at test.c:23
> (gdb) cont
> Continuing.
> 
> Breakpoint 2, _cairo_error (status=status at entry=CAIRO_STATUS_NO_MEMORY) at cairo-error.c:68
> 68	    assert (_cairo_status_is_error (status));
> (gdb) bt
> #0  _cairo_error (status=status at entry=CAIRO_STATUS_NO_MEMORY) at cairo-error.c:68
> #1  0x00007ffff7a97c53 in _cairo_set_error (status=CAIRO_STATUS_NO_MEMORY, cr=0x5555557652b0) at cairo.c:400
> #2  cairo_fill (cr=0x5555557652b0) at cairo.c:2425
> #3  0x0000555555554cc7 in main () at test.c:23
> (gdb) cont
> Continuing.
> cairo_status: out of memory
> [Inferior 1 (process 4459) exited normally]

I'm not sure how CAIRO_STATUS_INVALID_MATRIX turns into CAIRO_STATUS_NO_MEMORY,
but the original error is that the code comes up with a transformation where
some value exceeds PIXMAN_MAX_INT. I'm sure that this is a duplicate of some
other bug, but right now I don't know which one.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20170929/81bdf30f/attachment.html>

More information about the cairo-bugs mailing list