[cairo] Cairo crash with a simple stroke (win32)

Fred bca21 fredbca21 at gmail.com
Fri Oct 26 06:05:08 PDT 2012


After some additionnal debugging, it appears that the raw data pointer
(unsigned char *data;) in the destination image surface for the
compositor is invalid, hence the crash. I have not been able to find
out where this comes from yet (the multiple casts throughout the code
does not make easy for a newcomer to track this field in the image
surface). All I can say is it is valid when the fallback image for the
surface is created, at the beginning of the cairo_stroke call.

Does anybody have any clue? I feel a bit lonely on this issue :).

Thanks,

Fred.

2012/10/25 Fred bca21 <fredbca21 at gmail.com>:
> Hi,
>
> I have just tested with the latest cairo release (1.12.6), and it
> appears that the issue is still here (crash at the exact same
> location). Has anyone an idea of how to fix it? Should I maybe post
> this to the bugs mailing list?
>
> Regards,
>
> Fred.
>
>
> 2012/10/19 Fred bca21 <fredbca21 at gmail.com>:
>> Hi,
>>
>> I am new to this list but I have been using cairo and monitoring posts
>> for a couple of months now. I have a strange issue on windows when the
>> intersection between the clipping region and the drawing is very
>> small, so I am posting here with the hope that someone can help (I am
>> a bit too new to cairo's internals to debug this problem).
>>
>> Typically, the simple code below crashes (I am using a DDB bitmap for
>> the example, but it also crashes with any DC).
>>
>> #include "cairo.h"
>> #include "cairo-win32.h"
>> #include <windows.h>
>> {
>> // build a bitmap (same issue with DIB, whatever the bit depth)
>> HDC dc=::CreateCompatibleDC(NULL);
>> HBITMAP hBmp=::CreateCompatibleBitmap(dc,100,200);
>> ::SelectObject(dc,hBmp);
>>
>> // set clip region for the DC to one single line in the middle of the bitmap
>> HRGN hrgn = CreateRectRgn(0,100,100, 101);
>> SelectClipRgn(dc, hrgn);
>> ::DeleteObject(hrgn);
>>
>> // create cairo context
>> cairo_surface_t* surface=cairo_win32_surface_create(dc);
>> if(surface)
>> {
>> cairo_t* context=cairo_create(surface);
>> if(context)
>> {
>> // draw one line
>> cairo_move_to(context,1, 1);
>> cairo_line_to(context,10,120);
>> cairo_set_source_rgb(context,1,1,1);
>>
>> // CRASHES HERE (see below):
>> cairo_stroke(context);
>>
>> // cleanup
>> cairo_destroy(context);
>> }
>> cairo_surface_destroy(surface);
>> }
>> }
>>
>> The crash occurs in cairo-image-compositor.c, on line 2197, in
>> _fill_xrgb32_lerp_opaque_spans():
>>
>>                 } else while (len--) {
>>                     // On this line below, d has an invalid address
>>                     *d = lerp8x4 (r->u.fill.pixel, a, *d);
>>                     d++;
>>                 }
>>
>> If it may help, am using the static lib version of the latest release
>> (1.12.4 - pixman 26.2), and it crashes in debug or release mode, 32 or
>> 64-bit windows. It's too bad because this crash occurs all the time in
>> my code that extensively uses clipping regions!
>>
>> This crash also occurs with the previous version of cairo (1.12.2) and
>> pixman 26.0, but at a different stage (in pixman if I remember well),


More information about the cairo mailing list