[cairo] Bug: Crash in cairo-1.9.8

cu cairouser at yahoo.com
Wed Jun 16 07:53:15 PDT 2010 

I reconfigured and recompiled just the pixman and the cairo.

Here are the options used for configure (from config.log):
pixman: ./configure --prefix=/tmp/u --disable-shared --enable-sse2
cairo: ./configure --prefix=/tmp/u --disable-xcb --disable-xcb-shm
--disable-quartz --disable-script --disable-quartz-font
--disable-quartz-image --disable-win32 --disable-win32-font
--disable-beos --disable-os2 --disable-glitz --disable-directfb
--disable-gl --enable-pthread --disable-svg --disable-xml
--disable-test-surfaces --disable-script --enable-interpreter=no
--disable-full-testing --disable-ft --disable-shared --disable-xlib
--disable-xlib-xrender --disable-pdf --disable-ps --disable-fc
Cairo also has pixman flags set to point to the right pixman:
pixman_CFLAGS=-I/tmp/u/include/pixman-1
pixman_LIBS='-L/tmp/u/lib -lpixman-1'

I set cflags CFLAGS='-O0 -g', so, the compilation was without
optimization and with full debug symbols. This is a native MacOS
architecture - i.e. 64 bit
The compiler is Mac's own gcc version 4.2.1 (i.e. gcc as supplied by
Apple, I don't have another gcc on this machine nor would it be very
useful since gcc from macports is missing a number of options).

Here is what I get in gdb during crash (a bit long):
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x00000001005e9000
0x00000001001435b3 in save_128_aligned [inlined] () at
/private/tmp/pixman-0.18.2/pixman/pixman-sse2.c:2662
2662        return _mm_set_epi32 (mask0, mask1, mask0, mask1);
(gdb) bt
#0  0x00000001001435b3 in save_128_aligned [inlined] () at
/private/tmp/pixman-0.18.2/pixman/pixman-sse2.c:2662
#1  0x00000001001435b3 in pixman_fill_sse2 (bits=0x100400000,
stride=4000, bpp=32, x=0, y=280, width=16777215, height=0,
data=4294901760) at pixman-sse2.c:4037
#2  0x00000001001587dd in sse2_fill (imp=0x100801e00, bits=0x100400000,
stride=1000, bpp=32, x=0, y=280, width=16777215, height=1,
xor=4294901760) at pixman-sse2.c:4037
#3  0x000000010007b558 in _pixman_implementation_fill (imp=0x100801e00,
bits=0x100400000, stride=1000, bpp=32, x=0, y=280, width=16777215,
height=1, xor=4294901760) at pixman-implementation.c:4037
#4  0x000000010009ad50 in pixman_fill (bits=0x100400000, stride=1000,
bpp=32, x=0, y=280, width=16777215, height=1, xor=4294901760) at
pixman.c:4037
#5  0x0000000100025509 in _composite_boxes (dst=0x1003001b0,
op=CAIRO_OPERATOR_OVER, pattern=0x7fff5fbff7c0, boxes=0x7fff5fbfeab0,
antialias=CAIRO_ANTIALIAS_NONE, clip=0x0, extents=0x7fff5fbff670) at
cairo-image-surface.c:4037
#6  0x0000000100025b36 in _clip_and_composite_boxes (dst=0x1003001b0,
op=CAIRO_OPERATOR_OVER, src=0x7fff5fbff7c0, boxes=0x7fff5fbfeab0,
antialias=CAIRO_ANTIALIAS_NONE, extents=0x7fff5fbff670, clip=0x0) at
cairo-image-surface.c:4037
#7  0x0000000100026202 in _clip_and_composite_trapezoids
(dst=0x1003001b0, op=CAIRO_OPERATOR_OVER, src=0x7fff5fbff7c0,
traps=0x7fff5fbfed70, antialias=CAIRO_ANTIALIAS_NONE,
extents=0x7fff5fbff670, clip=0x0) at cairo-image-surface.c:4037
#8  0x0000000100026f4c in _clip_and_composite_polygon (dst=0x1003001b0,
op=CAIRO_OPERATOR_OVER, src=0x7fff5fbff7c0, polygon=0x7fff5fbff080,
fill_rule=CAIRO_FILL_RULE_WINDING, antialias=CAIRO_ANTIALIAS_NONE,
extents=0x7fff5fbff670, clip=0x0) at cairo-image-surface.c:4037
#9  0x0000000100027570 in _cairo_image_surface_fill
(abstract_surface=0x1003001b0, op=CAIRO_OPERATOR_OVER,
source=0x7fff5fbff7c0, path=0x100182558,
fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001,
antialias=CAIRO_ANTIALIAS_NONE, clip=0x0) at cairo-image-surface.c:4037
#10 0x000000010005186d in _cairo_surface_fill (surface=0x1003001b0,
op=CAIRO_OPERATOR_OVER, source=0x7fff5fbff7c0, path=0x100182558,
fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001,
antialias=CAIRO_ANTIALIAS_NONE, clip=0x0) at cairo-surface.c:4037
#11 0x000000010001b6c4 in _cairo_gstate_fill (gstate=0x100182230,
path=0x100182558) at cairo-gstate.c:4037
#12 0x000000010000d79c in cairo_fill_preserve (cr=0x100182200) at
cairo.c:4037
#13 0x000000010000d762 in cairo_fill (cr=0x100182200) at cairo.c:4037
#14 0x0000000100000c4a in main () at a.c:4037



I also re-tested with i386 architecture (i.e. -arch i386 added to
CFLAGS), the crash is still there, here is the backtrace:

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x004e9000
0x001508cc in save_128_aligned [inlined] () at
/private/tmp/pixman-0.18.2/pixman/pixman-sse2.c:2662
2662        return _mm_set_epi32 (mask0, mask1, mask0, mask1);
(gdb) bt
#0  0x001508cc in save_128_aligned [inlined] () at
/private/tmp/pixman-0.18.2/pixman/pixman-sse2.c:2662
#1  0x001508cc in pixman_fill_sse2 (bits=0x300000, stride=4000, bpp=32,
x=0, y=280, width=16777215, height=0, data=4294901760) at pixman-sse2.c:4037
#2  0x00165716 in sse2_fill (imp=0x801200, bits=0x300000, stride=1000,
bpp=32, x=0, y=280, width=16777215, height=1, xor=4294901760) at
pixman-sse2.c:4037
#3  0x000737f9 in _pixman_implementation_fill (imp=0x801200,
bits=0x300000, stride=1000, bpp=32, x=0, y=280, width=16777215,
height=1, xor=4294901760) at pixman-implementation.c:4037
#4  0x0009d36b in pixman_fill (bits=0x300000, stride=1000, bpp=32, x=0,
y=280, width=16777215, height=1, xor=4294901760) at pixman.c:4037
#5  0x00023a09 in _composite_boxes (dst=0x2001f0,
op=CAIRO_OPERATOR_OVER, pattern=0xbffff82c, boxes=0xbfffebb0,
antialias=CAIRO_ANTIALIAS_NONE, clip=0x0, extents=0xbffff70c) at
cairo-image-surface.c:4037
#6  0x00023fa1 in _clip_and_composite_boxes (dst=0x2001f0,
op=CAIRO_OPERATOR_OVER, src=0xbffff82c, boxes=0xbfffebb0,
antialias=CAIRO_ANTIALIAS_NONE, extents=0xbffff70c, clip=0x0) at
cairo-image-surface.c:4037
#7  0x00024565 in _clip_and_composite_trapezoids (dst=0x2001f0,
op=CAIRO_OPERATOR_OVER, src=0xbffff82c, traps=0xbfffee40,
antialias=CAIRO_ANTIALIAS_NONE, extents=0xbffff70c, clip=0x0) at
cairo-image-surface.c:4037
#8  0x000251ed in _clip_and_composite_polygon (dst=0x2001f0,
op=CAIRO_OPERATOR_OVER, src=0xbffff82c, polygon=0xbffff12c,
fill_rule=CAIRO_FILL_RULE_WINDING, antialias=CAIRO_ANTIALIAS_NONE,
extents=0xbffff70c, clip=0x0) at cairo-image-surface.c:4037
#9  0x000257e1 in _cairo_image_surface_fill (abstract_surface=0x2001f0,
op=CAIRO_OPERATOR_OVER, source=0xbffff82c, path=0x16ffcc,
fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001,
antialias=CAIRO_ANTIALIAS_NONE, clip=0x0) at cairo-image-surface.c:4037
#10 0x0004cd4d in _cairo_surface_fill (surface=0x2001f0,
op=CAIRO_OPERATOR_OVER, source=0xbffff82c, path=0x16ffcc,
fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001,
antialias=CAIRO_ANTIALIAS_NONE, clip=0x0) at cairo-surface.c:4037
#11 0x0001a500 in _cairo_gstate_fill (gstate=0x16fd40, path=0x16ffcc) at
cairo-gstate.c:4037
#12 0x0000e021 in cairo_fill_preserve (cr=0x16fd20) at cairo.c:4037
#13 0x0000dfe9 in cairo_fill (cr=0x16fd20) at cairo.c:4037
#14 0x000023dd in main () at a.c:4037



 
Chris Wilson wrote:
> On Wed, 16 Jun 2010 09:27:02 -0400, cu <cairouser at yahoo.com> wrote:
>   
>> Note: this does not happen on Linux. Also, the code is compiled using
>> arch of i386 on Mac (i.e. not 64 bit) - not sure if this makes a difference.
>>     
>
> A stacktrace of the crash is vital. As it seems mostly likely to be a
> difference in compilation between OS/X and linux, can you first check that
> the crash still occurs if you disable optimisations and enable full
> debugging, and switch to gcc if using the native compiler. Just trying to
> identify the exact circumstances under which it crashes and get as
> information as possible...
>
> Thanks for the bug report,
> -ickle
>
>

More information about the cairo mailing list