[cairo] Bug: Crash in cairo-1.9.8

cu cairouser at yahoo.com
Wed Jun 16 14:21:36 PDT 2010 

This fixed the immediate crash of the test application. However, it
would appear that this fix introduced a new problem.
The main application now crashes pretty much instantly with the
following stack trace on invalid "free":

#0  0x90d3b072 in malloc_error_break ()
#1  0x90d3c218 in szone_error ()
#2  0x90d3c38b in free_list_checksum_botch ()
#3  0x90c4e828 in small_free_list_remove_ptr ()
#4  0x90c4b2e6 in szone_free_definite_size ()
#5  0x90c4a388 in free ()
#6  0x002946ad in pixman_image_unref () at toplevel.h:356
#7  0x00243ae5 in _composite_unaligned_boxes (dst=0x17e377b0,
op=CAIRO_OPERATOR_OVER, pattern=0xbffff32c, boxes=0xbfffec2c,
extents=0xbffff21c) at cairo-image-surface.c:2832
#8  0x00243c36 in _composite_boxes (dst=0x17e377b0,
op=CAIRO_OPERATOR_OVER, pattern=0xbffff32c, boxes=0xbfffec2c,
antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0x0, extents=0xbffff21c) at
cairo-image-surface.c:2878
#9  0x00244320 in _clip_and_composite_boxes (dst=0x17e377b0,
op=CAIRO_OPERATOR_OVER, src=0xbffff32c, boxes=0xbfffec2c,
antialias=CAIRO_ANTIALIAS_DEFAULT, extents=0xbffff21c, clip=0x0) at
cairo-image-surface.c:2995
#10 0x00245978 in _cairo_image_surface_fill
(abstract_surface=0x17e377b0, op=CAIRO_OPERATOR_OVER, source=0xbffff32c,
path=0x81e878, fill_rule=CAIRO_FILL_RULE_WINDING,
tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT,
clip=0x0) at cairo-image-surface.c:3671
#11 0x0026d9f1 in _cairo_surface_fill (surface=0x17e377b0,
op=CAIRO_OPERATOR_OVER, source=0xbffff32c, path=0x81e878,
fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001,
antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0x0) at cairo-surface.c:2172
#12 0x0023acf4 in _cairo_gstate_fill (gstate=0x81e5ec, path=0x81e878) at
cairo-gstate.c:1290
#13 0x0022e8b4 in cairo_fill_preserve (cr=0x81e5cc) at cairo.c:2385
#14 0x0022e87c in cairo_fill (cr=0x81e5cc) at cairo.c:2361


It is worth noting that it was working previously past this location in
the code (and it would again if I remove the fix, but then it will crash
subsequently on specific set of drawing operations as previously isolated).


Andrea Canciani wrote:
> On Wed, Jun 16, 2010 at 10:12 PM, cu <cairouser at yahoo.com> wrote:
>   
>> I can look into differences of converter macros between 1.9.6 and 1.9.8
>> but would someone please confirm first that the x = -128 input is
>> actually meaningful and that it is meant to be converted to 0 (as it did
>> with 1.9.6)?
>>
>> I do know that MacOS compiler is "shift sensitive" (I've hit a few other
>> places where shifting values did things differently from
>> Linux/Windows/anywhere else) and may need to be handled with some care.
>>     
> It was actually doing the right thing.
> Could you please try git master or 1.9.8 patched with
> http://cgit.freedesktop.org/cairo/commit/?id=3cd07559328b60e3da85debb805cb4a3fc4abc22
> ?
> Thank you for your bug report
> Andrea Canciani
> --
> cairo mailing list
> cairo at cairographics.org
> http://lists.cairographics.org/mailman/listinfo/cairo
>

More information about the cairo mailing list