[cairo] Random crashes in polygon code
Krzysztof Kosiński
tweenk.pl at gmail.com
Fri Sep 2 06:50:27 PDT 2011
Hello
Recently a bug has been reported against Inkscape when used with Cairo
from master. It appears there are some crash bugs in the polygon code.
These crashes do not appear in 1.10.2 and are not related to
multithreading. Attached is one of the backtraces. I'm not reporting
this to the bug tracker because I don't have a reduced test case yet.
I can reproduce the crash fairly reliably by moving the mouse while a
certain image is being drawn. I'll try to capture a backtrace of that
as well. Moving the mouse causes a different part of the image to be
rendered and therefore probably changes the memory placement of some
objects - it is not related to mouse event processing.
Regards, Krzysztof
-------------- next part --------------
Starting program: /home/vlada/Public/install/bin/inkscape
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffe3353700 (LWP 28036)]
[Thread 0x7fffe3353700 (LWP 28036) exited]
Program received signal SIGABRT, Aborted.
0x00007fffef4ffd05 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#0 0x00007fffef4ffd05 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007fffef503ab6 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007fffef538d7b in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007fffef544a8f in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x00007fffef5470e4 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#5 0x00007fffef548b19 in realloc () from /lib/x86_64-linux-gnu/libc.so.6
#6 0x00007ffff0db4a06 in _cairo_polygon_grow (polygon=0x7fffffffd2e0, p1=0x7fffffffd1a8, p2=0x7fffffffd298, top=<value optimized out>, bottom=<value optimized out>, dir=<value optimized out>)
at cairo-polygon.c:220
#7 _add_edge (polygon=0x7fffffffd2e0, p1=0x7fffffffd1a8, p2=0x7fffffffd298, top=<value optimized out>, bottom=<value optimized out>, dir=<value optimized out>) at cairo-polygon.c:247
#8 0x00007ffff0db4bc0 in _add_clipped_edge (polygon=0x7fffffffd2e0, p1=0x7fffffffd1a8, p2=0x7fffffffd298, top=147703, bottom=<value optimized out>, dir=-1) at cairo-polygon.c:401
#9 0x00007ffff0db5239 in _cairo_polygon_add_external_edge (polygon=0x7fffffffd2e0, p1=<value optimized out>, p2=<value optimized out>) at cairo-polygon.c:442
#10 0x00007ffff0da5b53 in _cairo_filler_line_to (closure=0x7fffffffd290, point=0x7fffffffd1a8) at cairo-path-fill.c:59
#11 0x00007ffff0dc52ac in _cairo_spline_add_point (spline=0x7fffffffd180, tolerance=<value optimized out>) at cairo-spline.c:85
#12 _cairo_spline_decompose (spline=0x7fffffffd180, tolerance=<value optimized out>) at cairo-spline.c:216
#13 0x00007ffff0da66e6 in _cpf_curve_to (closure=0x7fffffffd250, p1=<value optimized out>, p2=<value optimized out>, p3=0x72a0e38) at cairo-path-fixed.c:1140
#14 0x00007ffff0da7808 in _cairo_path_fixed_interpret (path=0x7230d38, move_to=0x7ffff0da6650 <_cpf_move_to>, line_to=0x7ffff0da6670 <_cpf_line_to>, curve_to=0x7ffff0da66a0 <_cpf_curve_to>,
close_path=0x7ffff0da6690 <_cpf_close_path>, closure=0x7fffffffd250) at cairo-path-fixed.c:831
#15 0x00007ffff0da7ef7 in _cairo_path_fixed_interpret_flat (path=<value optimized out>, move_to=<value optimized out>, line_to=<value optimized out>, close_path=<value optimized out>,
closure=<value optimized out>, tolerance=<value optimized out>) at cairo-path-fixed.c:1175
#16 0x00007ffff0da5c8f in _cairo_path_fixed_fill_to_polygon (path=<value optimized out>, tolerance=<value optimized out>, polygon=<value optimized out>) at cairo-path-fill.c:111
#17 0x00007ffff0d9da3a in _cairo_image_surface_fill (abstract_surface=0x729f1a0, op=CAIRO_OPERATOR_OVER, source=0x7fffffffd7d0, path=0x7230d38, fill_rule=CAIRO_FILL_RULE_WINDING,
tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0x41de510) at cairo-image-surface.c:3975
#18 0x00007ffff0dc8136 in _cairo_surface_fill (surface=0x729f1a0, op=CAIRO_OPERATOR_OVER, source=0x7fffffffd7d0, path=0x7230d38, fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001,
antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0x41de510) at cairo-surface.c:2495
#19 0x00007ffff0d96528 in _cairo_gstate_fill (gstate=0x7230b98, path=0x7230d38) at cairo-gstate.c:1256
#20 0x00007ffff0d8bf05 in *INT_cairo_fill_preserve (cr=0x72309d0) at cairo.c:2123
#21 0x000000000058e38e in nr_arena_glyphs_group_render (ct=0x72309d0, item=0x1784db0, area=<value optimized out>) at display/nr-arena-glyphs.cpp:343
#22 0x000000000059419d in nr_arena_item_invoke_render (ct=0x72309d0, item=0x1784db0, area=0x7fffffffdb30, pb=0x0, flags=0) at display/nr-arena-item.cpp:439
#23 0x000000000058f6fd in nr_arena_group_render (ct=0x72309d0, item=<value optimized out>, area=0x7fffffffdb30, pb=0x0, flags=0) at display/nr-arena-group.cpp:228
#24 0x000000000059419d in nr_arena_item_invoke_render (ct=0x72309d0, item=0x17bb330, area=0x7fffffffdc30, pb=0x0, flags=0) at display/nr-arena-item.cpp:439
#25 0x000000000058f6fd in nr_arena_group_render (ct=0x72309d0, item=<value optimized out>, area=0x7fffffffdc30, pb=0x0, flags=0) at display/nr-arena-group.cpp:228
#26 0x000000000059419d in nr_arena_item_invoke_render (ct=0x72309d0, item=0x17fc4c8, area=0x7fffffffdd30, pb=0x0, flags=0) at display/nr-arena-item.cpp:439
#27 0x000000000058f6fd in nr_arena_group_render (ct=0x72309d0, item=<value optimized out>, area=0x7fffffffdd30, pb=0x0, flags=0) at display/nr-arena-group.cpp:228
#28 0x000000000059419d in nr_arena_item_invoke_render (ct=0x72309d0, item=0x17fc660, area=0x7fffffffde30, pb=0x0, flags=0) at display/nr-arena-item.cpp:439
#29 0x000000000058f6fd in nr_arena_group_render (ct=0x72309d0, item=<value optimized out>, area=0x7fffffffde30, pb=0x0, flags=0) at display/nr-arena-group.cpp:228
#30 0x000000000059419d in nr_arena_item_invoke_render (ct=0x72309d0, item=0x17fccc0, area=0x7fffffffdee0, pb=0x0, flags=0) at display/nr-arena-item.cpp:439
#31 0x000000000098d136 in sp_canvas_arena_render_cache (item=<value optimized out>, buf=0x7fffffffe0a0) at display/canvas-arena.cpp:256
#32 sp_canvas_arena_render (item=<value optimized out>, buf=0x7fffffffe0a0) at display/canvas-arena.cpp:218
#33 0x00000000005ac6f6 in sp_canvas_group_render (item=<value optimized out>, buf=0x7fffffffe0a0) at display/sp-canvas.cpp:874
#34 0x00000000005ac6f6 in sp_canvas_group_render (item=<value optimized out>, buf=0x7fffffffe0a0) at display/sp-canvas.cpp:874
#35 0x00000000005abaee in sp_canvas_paint_single_buffer (setup=<value optimized out>, this_rect=...) at display/sp-canvas.cpp:1680
#36 sp_canvas_paint_rect_internal (setup=<value optimized out>, this_rect=...) at display/sp-canvas.cpp:1796
#37 0x00000000005aeca9 in sp_canvas_paint_rect (canvas=0x3233020) at display/sp-canvas.cpp:1903
#38 paint (canvas=0x3233020) at display/sp-canvas.cpp:2053
#39 do_update (canvas=0x3233020) at display/sp-canvas.cpp:2090
#40 0x00000000005aeeb2 in idle_handler (data=<value optimized out>) at display/sp-canvas.cpp:2112
#41 0x00007ffff0261bcd in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#42 0x00007ffff02623a8 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#43 0x00007ffff02629f2 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#44 0x00007ffff5bfaaf7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#45 0x0000000000450a2c in sp_main_gui (argc=1, argv=0x7fffffffe708) at main.cpp:978
#46 0x00007fffef4eaeff in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#47 0x000000000044ece9 in _start ()
#0 0x00007fffef4ffd05 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007fffef503ab6 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007fffef538d7b in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007fffef544a8f in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x00007fffef5470e4 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#5 0x00007fffef548b19 in realloc () from /lib/x86_64-linux-gnu/libc.so.6
#6 0x00007ffff0db4a06 in _cairo_polygon_grow (polygon=0x7fffffffd2e0, p1=0x7fffffffd1a8, p2=0x7fffffffd298, top=<value optimized out>, bottom=<value optimized out>, dir=<value optimized out>)
at cairo-polygon.c:220
#7 _add_edge (polygon=0x7fffffffd2e0, p1=0x7fffffffd1a8, p2=0x7fffffffd298, top=<value optimized out>, bottom=<value optimized out>, dir=<value optimized out>) at cairo-polygon.c:247
#8 0x00007ffff0db4bc0 in _add_clipped_edge (polygon=0x7fffffffd2e0, p1=0x7fffffffd1a8, p2=0x7fffffffd298, top=147703, bottom=<value optimized out>, dir=-1) at cairo-polygon.c:401
#9 0x00007ffff0db5239 in _cairo_polygon_add_external_edge (polygon=0x7fffffffd2e0, p1=<value optimized out>, p2=<value optimized out>) at cairo-polygon.c:442
#10 0x00007ffff0da5b53 in _cairo_filler_line_to (closure=0x7fffffffd290, point=0x7fffffffd1a8) at cairo-path-fill.c:59
#11 0x00007ffff0dc52ac in _cairo_spline_add_point (spline=0x7fffffffd180, tolerance=<value optimized out>) at cairo-spline.c:85
#12 _cairo_spline_decompose (spline=0x7fffffffd180, tolerance=<value optimized out>) at cairo-spline.c:216
#13 0x00007ffff0da66e6 in _cpf_curve_to (closure=0x7fffffffd250, p1=<value optimized out>, p2=<value optimized out>, p3=0x72a0e38) at cairo-path-fixed.c:1140
#14 0x00007ffff0da7808 in _cairo_path_fixed_interpret (path=0x7230d38, move_to=0x7ffff0da6650 <_cpf_move_to>, line_to=0x7ffff0da6670 <_cpf_line_to>, curve_to=0x7ffff0da66a0 <_cpf_curve_to>,
close_path=0x7ffff0da6690 <_cpf_close_path>, closure=0x7fffffffd250) at cairo-path-fixed.c:831
#15 0x00007ffff0da7ef7 in _cairo_path_fixed_interpret_flat (path=<value optimized out>, move_to=<value optimized out>, line_to=<value optimized out>, close_path=<value optimized out>,
closure=<value optimized out>, tolerance=<value optimized out>) at cairo-path-fixed.c:1175
#16 0x00007ffff0da5c8f in _cairo_path_fixed_fill_to_polygon (path=<value optimized out>, tolerance=<value optimized out>, polygon=<value optimized out>) at cairo-path-fill.c:111
#17 0x00007ffff0d9da3a in _cairo_image_surface_fill (abstract_surface=0x729f1a0, op=CAIRO_OPERATOR_OVER, source=0x7fffffffd7d0, path=0x7230d38, fill_rule=CAIRO_FILL_RULE_WINDING,
tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0x41de510) at cairo-image-surface.c:3975
#18 0x00007ffff0dc8136 in _cairo_surface_fill (surface=0x729f1a0, op=CAIRO_OPERATOR_OVER, source=0x7fffffffd7d0, path=0x7230d38, fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001,
antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0x41de510) at cairo-surface.c:2495
#19 0x00007ffff0d96528 in _cairo_gstate_fill (gstate=0x7230b98, path=0x7230d38) at cairo-gstate.c:1256
#20 0x00007ffff0d8bf05 in *INT_cairo_fill_preserve (cr=0x72309d0) at cairo.c:2123
#21 0x000000000058e38e in nr_arena_glyphs_group_render (ct=0x72309d0, item=0x1784db0, area=<value optimized out>) at display/nr-arena-glyphs.cpp:343
#22 0x000000000059419d in nr_arena_item_invoke_render (ct=0x72309d0, item=0x1784db0, area=0x7fffffffdb30, pb=0x0, flags=0) at display/nr-arena-item.cpp:439
#23 0x000000000058f6fd in nr_arena_group_render (ct=0x72309d0, item=<value optimized out>, area=0x7fffffffdb30, pb=0x0, flags=0) at display/nr-arena-group.cpp:228
#24 0x000000000059419d in nr_arena_item_invoke_render (ct=0x72309d0, item=0x17bb330, area=0x7fffffffdc30, pb=0x0, flags=0) at display/nr-arena-item.cpp:439
#25 0x000000000058f6fd in nr_arena_group_render (ct=0x72309d0, item=<value optimized out>, area=0x7fffffffdc30, pb=0x0, flags=0) at display/nr-arena-group.cpp:228
#26 0x000000000059419d in nr_arena_item_invoke_render (ct=0x72309d0, item=0x17fc4c8, area=0x7fffffffdd30, pb=0x0, flags=0) at display/nr-arena-item.cpp:439
#27 0x000000000058f6fd in nr_arena_group_render (ct=0x72309d0, item=<value optimized out>, area=0x7fffffffdd30, pb=0x0, flags=0) at display/nr-arena-group.cpp:228
#28 0x000000000059419d in nr_arena_item_invoke_render (ct=0x72309d0, item=0x17fc660, area=0x7fffffffde30, pb=0x0, flags=0) at display/nr-arena-item.cpp:439
#29 0x000000000058f6fd in nr_arena_group_render (ct=0x72309d0, item=<value optimized out>, area=0x7fffffffde30, pb=0x0, flags=0) at display/nr-arena-group.cpp:228
#30 0x000000000059419d in nr_arena_item_invoke_render (ct=0x72309d0, item=0x17fccc0, area=0x7fffffffdee0, pb=0x0, flags=0) at display/nr-arena-item.cpp:439
#31 0x000000000098d136 in sp_canvas_arena_render_cache (item=<value optimized out>, buf=0x7fffffffe0a0) at display/canvas-arena.cpp:256
#32 sp_canvas_arena_render (item=<value optimized out>, buf=0x7fffffffe0a0) at display/canvas-arena.cpp:218
#33 0x00000000005ac6f6 in sp_canvas_group_render (item=<value optimized out>, buf=0x7fffffffe0a0) at display/sp-canvas.cpp:874
#34 0x00000000005ac6f6 in sp_canvas_group_render (item=<value optimized out>, buf=0x7fffffffe0a0) at display/sp-canvas.cpp:874
#35 0x00000000005abaee in sp_canvas_paint_single_buffer (setup=<value optimized out>, this_rect=...) at display/sp-canvas.cpp:1680
#36 sp_canvas_paint_rect_internal (setup=<value optimized out>, this_rect=...) at display/sp-canvas.cpp:1796
#37 0x00000000005aeca9 in sp_canvas_paint_rect (canvas=0x3233020) at display/sp-canvas.cpp:1903
#38 paint (canvas=0x3233020) at display/sp-canvas.cpp:2053
#39 do_update (canvas=0x3233020) at display/sp-canvas.cpp:2090
#40 0x00000000005aeeb2 in idle_handler (data=<value optimized out>) at display/sp-canvas.cpp:2112
#41 0x00007ffff0261bcd in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#42 0x00007ffff02623a8 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#43 0x00007ffff02629f2 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#44 0x00007ffff5bfaaf7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#45 0x0000000000450a2c in sp_main_gui (argc=1, argv=0x7fffffffe708) at main.cpp:978
#46 0x00007fffef4eaeff in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#47 0x000000000044ece9 in _start ()
Kill the program being debugged? (y or n)
More information about the cairo
mailing list