[Cairo] Odd crash in cairo-demo/xrspline

Carl Worth cworth at east.isi.edu
Tue Jul 29 17:03:23 PDT 2003

On Jul 29, Eric Christopherson wrote:
 > I've run another test after adding that, and getting librender and
 > libXrender from CVS. The end of the gdb log now looks like:

The server is crashing in the code to render trapezoids. You might
extract the trapezoid data to construct a small test case in order to
file a bug against the server.

Another interesting test might be to take that same trapezoid data,
but feed it into an IcImage rather than XRender. Since libic contains
the same trapezoid rasterization algorithm as the server, you might be
able to replicate the crash within your program, (which will be much
easier to debug than the server).

 > XRenderCompositeTrapezoids (dpy=0x804b340, op=3, src=16777224, dst=16777220,
 > maskFormat=0x804cc98, xSrc=49, ySrc=-32767, traps=0x804eb38,
 > ntrap=33) at Trap.c:42

There's one obvious piece of suspect data here. The ySrc value should
be an offset into the src image, so it should not be negative and it
should not have a value with such a large magnitude. You might track
down where that number is coming from.

Just for comparison, here's a typical call to
XRenderCompositeTrapezoids that I see when running xrspline:

XRenderCompositeTrapezoids (dpy=0x804b340, op=3, src=35651610, dst=35651606,
maskFormat=0x804caf8, xSrc=49, ySrc=53, traps=0x804fc08, ntrap=168)
at Trap.c:38


More information about the cairo mailing list