<html> <head> <base href="https://bugs.freedesktop.org/"> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_NEW " title="NEW - Assert in _cairo_scaled_glyph_page_destroy !scaled_font->cache_frozen" href="https://bugs.freedesktop.org/show_bug.cgi?id=103335">103335</a> </td> </tr> <tr> <th>Summary</th> <td>Assert in _cairo_scaled_glyph_page_destroy !scaled_font->cache_frozen </td> </tr> <tr> <th>Product</th> <td>cairo </td> </tr> <tr> <th>Version</th> <td>unspecified </td> </tr> <tr> <th>Hardware</th> <td>Other </td> </tr> <tr> <th>OS</th> <td>All </td> </tr> <tr> <th>Status</th> <td>NEW </td> </tr> <tr> <th>Severity</th> <td>normal </td> </tr> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Component</th> <td>freetype font backend </td> </tr> <tr> <th>Assignee</th> <td>david@freetype.org </td> </tr> <tr> <th>Reporter</th> <td>carlosgc@gnome.org </td> </tr> <tr> <th>QA Contact</th> <td>cairo-bugs@cairographics.org </td> </tr></table> <p> <div> <pre>This happens when _cairo_ft_scaled_glyph_init() returns CAIRO_INT_STATUS_UNSUPPORTED when called from _cairo_scaled_glyph_lookup(). In those cases _cairo_scaled_font_free_last_glyph() is called to release the glyph that has just been allocated. If there aren't more glyphs, _cairo_scaled_glyph_page_destroy() is called. The problem is that _cairo_scaled_glyph_lookup() should always be called with the cache frozen, and _cairo_scaled_glyph_page_destroy() without the cache frozen. A possible solution could be to thaw/freeze in _cairo_scaled_font_free_last_glyph() when num_glyphs is 0. I noticed this with WebKit, see the backtrace below. #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007fda0dc5642a in __GI_abort () at abort.c:89 #2 0x00007fda0dc4de67 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x7fda1d456bbe "!scaled_font->cache_frozen", file=file@entry=0x7fda1d456b9b "cairo-scaled-font.c", line=line@entry=456, function=function@entry=0x7fda1d457060 <__PRETTY_FUNCTION__.10925> "_cairo_scaled_glyph_page_destroy") at assert.c:92 #3 0x00007fda0dc4df12 in __GI___assert_fail (assertion=assertion@entry=0x7fda1d456bbe "!scaled_font->cache_frozen", file=file@entry=0x7fda1d456b9b "cairo-scaled-font.c", line=line@entry=456, function=function@entry=0x7fda1d457060 <__PRETTY_FUNCTION__.10925> "_cairo_scaled_glyph_page_destroy") at assert.c:101 #4 0x00007fda1d3d1b3b in _cairo_scaled_glyph_page_destroy (scaled_font=<optimized out>, page=<optimized out>) at cairo-scaled-font.c:456 #5 0x00007fda1d3d3c5b in _cairo_scaled_font_free_last_glyph (scaled_glyph=0x563abcfc6ba0, scaled_font=0x563abcfc6800) at cairo-scaled-font.c:2940 #6 _cairo_scaled_glyph_lookup (scaled_font=scaled_font@entry=0x563abcfc6800, index=<optimized out>, info=info@entry=CAIRO_SCALED_GLYPH_INFO_PATH, scaled_glyph_ret=scaled_glyph_ret@entry=0x7ffe70c85aa8) at cairo-scaled-font.c:3013 #7 0x00007fda1d3d522f in _cairo_scaled_font_glyph_path (scaled_font=0x563abcfc6800, glyphs=glyphs@entry=0x7ffe70c85b10, num_glyphs=<optimized out>, path=path@entry=0x563abcb50b68) at cairo-scaled-font.c:2656 #8 0x00007fda1d39bba4 in _cairo_gstate_glyph_path (gstate=0x563abcb50830, glyphs=0x7ffe70c86350, num_glyphs=<optimized out>, path=0x563abcb50b68) at cairo-gstate.c:2144 #9 0x00007fda1d38dc62 in cairo_glyph_path (cr=0x563abcb50800, glyphs=<optimized out>, num_glyphs=<optimized out>) at cairo.c:3865 #10 0x00007fda1bb85aa9 in WebCore::CairoGlyphToPathTranslator::path() () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #11 0x00007fda1bb8676f in WebCore::FontCascade::dashesForIntersectionsWithRect(WebCore::TextRun const&, WebCore::FloatPoint const&, WebCore::FloatRect const&) const () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #12 0x00007fda1ba3a345 in WebCore::drawSkipInkUnderline(WebCore::GraphicsContext&, WebCore::FontCascade const&, WebCore::TextRun const&, WebCore::FloatPoint const&, WebCore::FloatPoint const&, float, float, bool, bool, WebCore::StrokeStyle) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #13 0x00007fda1ba3b651 in WebCore::TextDecorationPainter::paintTextDecoration(WebCore::TextRun const&, WebCore::FloatPoint const&, WebCore::FloatPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #14 0x00007fda1b88128d in WebCore::InlineTextBox::paintDecoration(WebCore::GraphicsContext&, WebCore::FontCascade const&, WebCore::RenderCombineText*, WebCore::TextRun const&, WebCore::FloatPoint const&, WebCore::FloatRect const&, WebCore::TextDecoration, WebCore::TextPaintStyle, WebCore::ShadowData const*, WebCore::FloatRect const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #15 0x00007fda1b886f39 in WebCore::InlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #16 0x00007fda1b87ea21 in WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #17 0x00007fda1ba25d34 in WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #18 0x00007fda1b980f15 in WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #19 0x00007fda1b88ca17 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #20 0x00007fda1b899d94 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #21 0x00007fda1b889b18 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #22 0x00007fda1b9e4e7c in WebCore::RenderTableSection::paintCell(WebCore::RenderTableCell*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #23 0x00007fda1b9e51f8 in WebCore::RenderTableSection::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #24 0x00007fda1b9e5ce1 in WebCore::RenderTableSection::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #25 0x00007fda1b9cd97c in WebCore::RenderTable::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #26 0x00007fda1b9cdbcb in WebCore::RenderTable::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #27 0x00007fda1b88cb05 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #28 0x00007fda1b88ceb6 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #29 0x00007fda1b88ca04 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #30 0x00007fda1b899d94 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 ---Type <return> to continue, or q <return> to quit--- #31 0x00007fda1b889b18 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #32 0x00007fda1b88cb05 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #33 0x00007fda1b88ceb6 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #34 0x00007fda1b88ca04 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #35 0x00007fda1b899d94 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #36 0x00007fda1b889b18 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #37 0x00007fda1b88cb05 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #38 0x00007fda1b88ceb6 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #39 0x00007fda1b88ca04 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #40 0x00007fda1b899d94 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #41 0x00007fda1b889b18 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #42 0x00007fda1b94d8cb in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #43 0x00007fda1b95305c in WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #44 0x00007fda1b961c6c in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #45 0x00007fda1b962b32 in WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #46 0x00007fda1b963620 in WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #47 0x00007fda1b961424 in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #48 0x00007fda1b962b32 in WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #49 0x00007fda1b962dfc in WebCore::RenderLayer::paint(WebCore::GraphicsContext&, WebCore::LayoutRect const&, WebCore::LayoutSize const&, unsigned int, WebCore::RenderObject*, unsigned int, WebCore::RenderLayer::SecurityOriginPaintPolicy) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #50 0x00007fda1b6ca361 in WebCore::FrameView::paintContents(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #51 0x00007fda1b7751a2 in WebCore::ScrollView::paint(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #52 0x00007fda1af13140 in WebKit::WebPage::drawRect(WebCore::GraphicsContext&, WebCore::IntRect const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #53 0x00007fda1b0a344f in WebKit::DrawingAreaImpl::display(WebKit::UpdateInfo&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #54 0x00007fda1b0a5168 in WebKit::DrawingAreaImpl::display() () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37 #55 0x00007fda17e85d5a in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.0.so.18 #56 0x00007fda133695aa in g_main_dispatch (context=0x563abc9e5f10) at gmain.c:3234 #57 g_main_context_dispatch (context=context@entry=0x563abc9e5f10) at gmain.c:3899 #58 0x00007fda13369928 in g_main_context_iterate (context=0x563abc9e5f10, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3972 #59 0x00007fda13369c42 in g_main_loop_run (loop=0x563abca27790) at gmain.c:4168 #60 0x00007fda17e86118 in WTF::RunLoop::run() () from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.0.so.18 #61 0x00007fda1b0aaa80 in WebProcessMainUnix () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the QA Contact for the bug.</li> </ul> </body> </html>