Bug 19655

Summary: Cairo asserts on font-face destroy (SIGABRT)
Product: cairo Reporter: Arjan Molenaar <gaphor>
Component: generalAssignee: Carl Worth <cworth>
Status: RESOLVED MOVED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: major    
Priority: high CC: boenzlip, erik-freedesktop-bugzilla, gaphor, graham.westlake, pgroce, sw
Version: 1.8.6Keywords: have-backtrace
Hardware: x86 (IA32)   
OS: Mac OS X (All)   
URL: http://gaphor.devjavu.com/ticket/158
Whiteboard:
i915 platform: i915 features:

Description Arjan Molenaar 2009-01-19 12:08:21 UTC
I'm using Cairo + PyCairo + GTK+ on Mac OS X 10.5.6. When loading a large file or in my modeling tool or doing some testing with the canvas library at a certain point the application crashes with the following message:

Assertion failed: (CAIRO_REFERENCE_COUNT_HAS_REFERENCE (&font_face->ref_count)), function cairo_font_face_destroy, file cairo-font-face.c, line 191.
Abort trap (core dumped)

All stack traces produced look like this:

0   libSystem.B.dylib             	0x90c53e42 __kill + 10
1   libSystem.B.dylib             	0x90cc623a raise + 26
2   libSystem.B.dylib             	0x90cd2679 abort + 73
3   libSystem.B.dylib             	0x90cc73db __assert_rtn + 101
4   libcairo.2.dylib              	0x0120e9a6 cairo_font_face_destroy + 150 (cairo-font-face.c:191)
5   libcairo.2.dylib              	0x01225481 _cairo_scaled_font_fini_internal + 65 (cairo-scaled-font.c:725)
6   libcairo.2.dylib              	0x012258ba cairo_scaled_font_destroy + 154 (cairo-scaled-font.c:1066)
7   libcairo.2.dylib              	0x01227da3 cairo_scaled_font_create + 643 (cairo-scaled-font.c:917)
8   libcairo.2.dylib              	0x012117ff _cairo_gstate_ensure_scaled_font + 111 (cairo-gstate.c:1489)
9   libcairo.2.dylib              	0x012118fe _cairo_gstate_text_to_glyphs + 78 (cairo-gstate.c:1531)
10  libcairo.2.dylib              	0x0120ce36 cairo_text_extents + 198 (cairo.c:2983)
11  _cairo.so                     	0x007e331c pycairo_text_extents + 60 (pycairo-context.c:1271)
12  org.python.python             	0x00239b2b PyEval_EvalFrameEx + 25131


It appears that the problem is that the ref_count of the font_face reaches 0 and then is destroyed again.
The font being destroyed seems to come from the font_map used to store scaled donts (cairo_scaled_font_destroy).


#4  0x0120e9a6 in cairo_font_face_destroy (font_face=<value temporarily unavailable, due to optimizations>) at cairo-font-face.c:191
191	    assert (CAIRO_REFERENCE_COUNT_HAS_REFERENCE (&font_face->ref_count));
(gdb) l
186	{
187	    if (font_face == NULL ||
188		    CAIRO_REFERENCE_COUNT_IS_INVALID (&font_face->ref_count))
189		return;
190	
191	    assert (CAIRO_REFERENCE_COUNT_HAS_REFERENCE (&font_face->ref_count));
192	
193	    if (! _cairo_reference_count_dec_and_test (&font_face->ref_count))
194		return;
195	
(gdb) p font_face->ref_count
$1 = {
  ref_count = 0
}
(gdb) p font_face
$2 = <value temporarily unavailable, due to optimizations>
(gdb) p *font_face
$3 = {
  hash_entry = {
    hash = 0
  }, 
  status = CAIRO_STATUS_SUCCESS, 
  ref_count = {
    ref_count = 0
  }, 
  user_data = {
    size = 0, 
    num_elements = 0, 
    element_size = 0, 
    elements = 0x0, 
    is_snapshot = 0
  }, 
  backend = 0x0
}

IMHO this is not the desired behaviour. I haven;t been able to create a test case that triggers this behaviour though.

Some library versions (compiled with MacPorts, although I recompiled Cairo and PyCairo with debugging symbols):

  cairo @1.8.6_2+macosx (active)
  freetype @2.3.8_0+macosx (active)
  gtk2 @2.14.7_0+x11 (active)
  py25-cairo @1.8.0_0+darwin_9 (active)
  py25-gobject @2.16.0_0+darwin_9 (active)
  py25-gtk @2.12.1_0+darwin_9 (active)
  python25 @2.5.4_0+darwin_9+macosx (active)

Regards,

Arjan Molenaar
http://gaphor.devjavu.com
Comment 1 Arjan Molenaar 2009-02-04 04:29:00 UTC
I ave no problems with the latest code from GIT, so it's probably just a glitch.

Comment 2 Patrick Boenzli 2009-02-11 08:08:52 UTC
Hi, 
I hope I'm not doing something wrong by reopening this bug. On my system and on all other systems we have in our company (Mac OSX 10.5.6) we have the same problem.

cairo @1.8.6_3+macosx

code:
ctx.set_source_rgb(color[1][0], color[1][1], color[1][2])
ctx.select_font_face("Arial",
cairo.FONT_SLANT_NORMAL, cairo.FONT_WEIGHT_NORMAL)
ctx.set_font_size(int(min(self.icon_width_, self.icon_height_) / 1.5))
        x_bearing, y_bearing, width, height = ctx.text_extents(str(line_number))[:4] # this is where the problem happens


unfortunately alone, the bug doesn't show up. only after executing this code in a loop for several 1000 times, always using a new ctx.
Comment 3 Patrick Boenzli 2009-02-11 10:19:32 UTC
I have created a minimal test to reproduce this bug:

    while True:
        surface = cairo.ImageSurface(cairo.FORMAT_ARGB32, 256, 256)
        ctx = cairo.Context(surface)
        
        ctx.show_text("asdf")


After some iterations it will fail (here takes not more than 10 seconds).



Comment 4 Arjan Molenaar 2009-02-11 12:04:45 UTC
This looks similar to my use case. I can't reproduce the error with the latest version from Git, though.


Comment 5 Patrick Boenzli 2009-02-12 02:00:01 UTC
installed newest source from git. problem fixed.
Comment 6 Chris Wilson 2009-02-12 02:35:56 UTC
Thank you for your testing. May I inquire as to whether the problem still occurs in the 1.8 branch or MacPorts?

To switch to the 1.8 branch, you can use "git checkout -b 1.8 origin/1.8".
Comment 7 Patrick Boenzli 2009-02-12 05:01:38 UTC
The problem is still present in the newset version of the cairo macport (cairo @1.8.6_3+macosx). Didn't have a chance to test with your repository directly.
Comment 8 Erik van Pienbroek 2009-06-21 02:06:09 UTC
This bug is still present in cairo 1.8.8 in a GTK-Quartz based program:

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Crashed Thread:  0

Thread 0 Crashed:
0   libSystem.B.dylib                   0x94831e42 __kill + 10
1   libSystem.B.dylib                   0x948a423a raise + 26
2   libSystem.B.dylib                   0x948b0679 abort + 73
3   libcairo.2.dylib                    0x002a8194 __eprintf + 84
4   libcairo.2.dylib                    0x0025fc5a cairo_font_face_destroy + 154
5   libcairo.2.dylib                    0x00275af2 _cairo_scaled_font_fini_internal + 34
6   libcairo.2.dylib                    0x00275be0 cairo_scaled_font_destroy + 144
7   libcairo.2.dylib                    0x0027831c cairo_scaled_font_create  
+ 396
8   libcairo.2.dylib                    0x00260d8f _cairo_gstate_ensure_scaled_font + 111
9   libcairo.2.dylib                    0x00263bf5 _cairo_gstate_show_text_glyphs + 101
10  libcairo.2.dylib                    0x0025b67d cairo_show_glyphs + 93
11  libpangocairo-1.0.0.dylib           0x00208091 pango_cairo_renderer_show_text_glyphs + 721
12  libpangocairo-1.0.0.dylib           0x002084b5 pango_cairo_renderer_draw_glyphs + 69
13  libpango-1.0.0.dylib                0x0022f9ea pango_renderer_draw_glyphs + 90
14  libpangocairo-1.0.0.dylib           0x00206c91 _pango_cairo_do_glyph_string + 209
15  libpango-1.0.0.dylib                0x0022f9ea pango_renderer_draw_glyphs + 90
16  libpango-1.0.0.dylib                0x002301a6 pango_renderer_draw_layout_line + 1526
17  libpango-1.0.0.dylib                0x00230549 pango_renderer_draw_layout + 249
18  libgdk-quartz-2.0.0.dylib           0x0015757c gdk_draw_layout_with_colors + 412
19  libgdk-quartz-2.0.0.dylib           0x00157736 gdk_draw_layout + 214
20  libgtk-quartz-2.0.0.dylib           0x005af599 gtk_default_draw_layout  
+ 137
21  libgtk-quartz-2.0.0.dylib           0x0046749d gtk_cell_renderer_text_render + 365
22  libgtk-quartz-2.0.0.dylib           0x00643602 gtk_tree_view_column_cell_process_action + 1266
23  libgtk-quartz-2.0.0.dylib           0x0064439c _gtk_tree_view_column_cell_render + 188
24  libgtk-quartz-2.0.0.dylib           0x0063ffef gtk_tree_view_expose +  
4943
25  libgtk-quartz-2.0.0.dylib           0x00523a5e _gtk_marshal_BOOLEAN__BOXED + 126
26  libgobject-2.0.0.dylib              0x009329d8 g_closure_invoke + 296
27  libgobject-2.0.0.dylib              0x00948503 signal_emit_unlocked_R +  
2963
28  libgobject-2.0.0.dylib              0x00949b9d g_signal_emit_valist +  
1437
29  libgobject-2.0.0.dylib              0x0094a219 g_signal_emit + 41
30  libgtk-quartz-2.0.0.dylib           0x00653395 gtk_widget_event_internal + 645
31  libgtk-quartz-2.0.0.dylib           0x0051c5c9 gtk_main_do_event + 1673
32  libgdk-quartz-2.0.0.dylib           0x0017ab4a -[GdkQuartzView drawRect:] + 650
33  com.apple.AppKit                    0x91dd422c -[NSView _drawRect:clip:] + 3853
34  com.apple.AppKit                    0x91dd1a9d -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView 
:] + 1819
35  com.apple.AppKit                    0x91dcdadf -[NSView _displayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] +  
3090
36  com.apple.AppKit                    0x91d0e4b3 -[NSView displayIfNeeded] + 933
37  libgdk-quartz-2.0.0.dylib           0x0016efbb gdk_window_quartz_process_updates_internal + 203
38  libgdk-quartz-2.0.0.dylib           0x00173b67 gdk_window_quartz_update_idle + 151
39  libgdk-quartz-2.0.0.dylib           0x0014bfcb gdk_threads_dispatch + 91
40  libglib-2.0.0.dylib                 0x0099c640 g_main_context_dispatch + 352
41  libglib-2.0.0.dylib                 0x0099f3e4 g_main_context_iterate + 852
42  libglib-2.0.0.dylib                 0x0099f697 g_main_loop_run + 423
43  libgtk-quartz-2.0.0.dylib           0x0051c811 gtk_main + 177
44  nntpgrab_gui                        0x0000dbb1 main + 1567
45  nntpgrab_gui                        0x000023a3 _start + 209
46  nntpgrab_gui                        0x000022d1 start + 41
Comment 9 Graham Westlake 2009-10-05 06:19:14 UTC
I'm also seeing this bug on Snow Leopard (10.6.1) using Cairo 1.8.8. Exactly the same stack.

I'm writing an app to evaluate Cairo performance. I find that the crash is triggered after a large number of pieces of text are drawn into the same window. My repeatable case does the following

Upon window update event: 
-- create cairo surface and context from the supplied CGContext
-- for many text items, using the same font name but a new size:
---- draw text using cairo_select_font_face and cairo_show_text

I generate an update event by resizing the window and the crash will occur within a few resizes.

Comment 10 Graham Westlake 2009-10-12 08:48:20 UTC
Bug is also occurring in 1.9.2 snapshot
Comment 11 Phil Groce 2010-03-16 15:34:44 UTC
We're seeing this bug in Cairo 1.8.8 on OSX 10.5.8. (Specifically, it's the 1.8.8-2 package from fink.) A workaround (in Python) seems to be to call ctx.select_font_face("sans-serif").

This script will tickle this bug; the commented-out line will un-tickle it.

import cairo
s = cairo.ImageSurface(cairo.FORMAT_RGB24, 300, 300)
ctx = cairo.Context(s)
# This line makes the problem go away
#ctx.select_font_face('sans-serif')
while True:
    txt = "hi!"
    x, y = (140, 140)
    ctx.save()
    try:
        ctx.text_path(txt)
        ctx.fill()
    finally:
        ctx.restore()
Comment 12 Tor-björn Claesson 2010-05-14 00:54:17 UTC
I get this bug with 1.8.10 but not in 1.9.6 built using gtk-osx jhbuild modulesets.
Comment 13 Alexander Kojevnikov 2010-06-17 04:04:43 UTC
I'm also hitting this bug on the 1.8 branch. Switching to git master fixes it completely.
Comment 14 Uli Schlachter 2012-02-10 12:55:10 UTC
Latest comments say that this was fixed with 1.10. Can anyone still reproduce the problem?
Comment 15 GitLab Migration User 2018-08-25 13:59:02 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/cairo/cairo/issues/301.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.