Closed Bug 429678 Opened 12 years ago Closed 12 years ago

Crash [@ _cairo_surface_set_clip_path_recursive] with failed printing of outset border with transparency

Categories

(Core :: Graphics, defect, critical)

x86
All
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: martijn.martijn, Assigned: mats)

References

Details

(Keywords: crash, regression, testcase, Whiteboard: [sg:critical?][have patch])

Crash Data

Attachments

(4 files)

See testcase, you need to download the testcase to your computer, because of the use of enhanced privileges.

This seems to have regressed between 2008-03-31 and 2008-04-01:
http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2008-03-31+04&maxdate=2008-04-01+15&cvsroot=%2Fcvsroot
Not sure what could have caused it.
http://crash-stats.mozilla.com/report/index/798518f5-0d4e-11dd-9d76-001321b13766
0  	xul.dll  	_cairo_surface_set_clip_path_recursive  	 mozilla/gfx/cairo/cairo/src/cairo-surface.c:1904
1 	xul.dll 	_cairo_surface_set_clip_path 	mozilla/gfx/cairo/cairo/src/cairo-surface.c:1947
2 	xul.dll 	_cairo_surface_set_clip 	mozilla/gfx/cairo/cairo/src/cairo-surface.c:2033
3 	xul.dll 	_cairo_pdf_surface_emit_meta_surface 	mozilla/gfx/cairo/cairo/src/cairo-pdf-surface.c:1549
4 	xul.dll 	nsFileOutputStream::Write 	mozilla/netwerk/base/src/nsFileStreams.cpp:414
5 	xul.dll 	nsBufferedOutputStream::Release 	mozilla/security/manager/boot/src/nsEntropyCollector.cpp:61
6 	xul.dll 	write_func 	mozilla/gfx/thebes/src/gfxPDFSurface.cpp:54
7 	firefox.exe 	_IsNonwritableInCurrentImage 	
8 	kernel32.dll 	GetCodePageFileInfo 	
Attachment #316440 - Attachment description: testcase, using enhanced privileges → Windows testcase, using enhanced privileges (overwrites C:\\test.pdf)
The first testcase triggers an unrelated crash on Linux: bug 429707.
Same as the first testcase except for the filename.
OS: Windows XP → All
Version: unspecified → Trunk
Oops, yeah, I forgot to mention about the windows specific filewrite.
_cairo_meta_surface_replay_internal() is setting the clip to a local
stack variable:
http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/gfx/cairo/cairo/src/cairo-meta-surface.c&rev=1.30&root=/cvsroot&mark=691#652
and then returns with that clip still in place so at a later point we're
using random data from the stack as clip data.
Flags: blocking1.9?
Whiteboard: [sg:critical?]
Attached patch Like so?Splinter Review
This fixes the crash for me on Linux.
Attachment #316535 - Flags: superreview?(vladimir)
Attachment #316535 - Flags: review?(vladimir)
Mats, you really should subscribe to the cairo list with all the patches to it you've been doing :)  Take a look at the thread starting at http://lists.cairographics.org/archives/cairo/2008-April/013813.html
Flags: blocking1.9? → blocking1.9+
Blocks: 429071
Mats, you might want to submit that patch to the list and see what they say.
Assignee: nobody → mats.palmgren
Whiteboard: [sg:critical?] → [sg:critical?][have patch]
While we should push this up stream, is the patch something we could take now, and then once it gets into Cairo proper, revert in a dot release?  Not optimal I know, but we gotta get the RC out the door.
It's fixed in Cairo now:
http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=ea6dbfd36f2182fda16cb82bca92007e0f7b8d77;hp=a2c4fd057217b70c74a66076acc4f42f676192ae

Vlad, will you merge that directly? or should I make a matching patch?
Attachment #316535 - Flags: superreview?(vladimir)
Attachment #316535 - Flags: review?(vladimir)
I can pull it in later this morning.  (Doing it now, actually.)
Checked in from upstream patch.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Crash Signature: [@ _cairo_surface_set_clip_path_recursive]
You need to log in before you can comment on or make changes to this bug.