Bug 103335

Summary: Assert in _cairo_scaled_glyph_page_destroy !scaled_font->cache_frozen
Product: cairo Reporter: Carlos Garcia Campos <carlosgc>
Component: freetype font backendAssignee: David Turner <david>
Status: RESOLVED FIXED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: normal    
Priority: medium CC: ajohnson, freedesktop
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: scaled-font: Fix assert when destroying glyph page

Description Carlos Garcia Campos 2017-10-18 09:22:52 UTC 
This happens when _cairo_ft_scaled_glyph_init() returns CAIRO_INT_STATUS_UNSUPPORTED when called from _cairo_scaled_glyph_lookup(). In those cases _cairo_scaled_font_free_last_glyph() is called to release the glyph that has just been allocated. If there aren't more glyphs, _cairo_scaled_glyph_page_destroy() is called. The problem is that _cairo_scaled_glyph_lookup() should always be called with the cache frozen, and _cairo_scaled_glyph_page_destroy() without the cache frozen. A possible solution could be to thaw/freeze in _cairo_scaled_font_free_last_glyph() when num_glyphs is 0. I noticed this with WebKit, see the backtrace below.

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007fda0dc5642a in __GI_abort () at abort.c:89
#2  0x00007fda0dc4de67 in __assert_fail_base (fmt=<optimized out>, assertion=assertion@entry=0x7fda1d456bbe "!scaled_font->cache_frozen", 
    file=file@entry=0x7fda1d456b9b "cairo-scaled-font.c", line=line@entry=456, function=function@entry=0x7fda1d457060 <__PRETTY_FUNCTION__.10925> "_cairo_scaled_glyph_page_destroy")
    at assert.c:92
#3  0x00007fda0dc4df12 in __GI___assert_fail (assertion=assertion@entry=0x7fda1d456bbe "!scaled_font->cache_frozen", file=file@entry=0x7fda1d456b9b "cairo-scaled-font.c", 
    line=line@entry=456, function=function@entry=0x7fda1d457060 <__PRETTY_FUNCTION__.10925> "_cairo_scaled_glyph_page_destroy") at assert.c:101
#4  0x00007fda1d3d1b3b in _cairo_scaled_glyph_page_destroy (scaled_font=<optimized out>, page=<optimized out>) at cairo-scaled-font.c:456
#5  0x00007fda1d3d3c5b in _cairo_scaled_font_free_last_glyph (scaled_glyph=0x563abcfc6ba0, scaled_font=0x563abcfc6800) at cairo-scaled-font.c:2940
#6  _cairo_scaled_glyph_lookup (scaled_font=scaled_font@entry=0x563abcfc6800, index=<optimized out>, info=info@entry=CAIRO_SCALED_GLYPH_INFO_PATH, 
    scaled_glyph_ret=scaled_glyph_ret@entry=0x7ffe70c85aa8) at cairo-scaled-font.c:3013
#7  0x00007fda1d3d522f in _cairo_scaled_font_glyph_path (scaled_font=0x563abcfc6800, glyphs=glyphs@entry=0x7ffe70c85b10, num_glyphs=<optimized out>, path=path@entry=0x563abcb50b68)
    at cairo-scaled-font.c:2656
#8  0x00007fda1d39bba4 in _cairo_gstate_glyph_path (gstate=0x563abcb50830, glyphs=0x7ffe70c86350, num_glyphs=<optimized out>, path=0x563abcb50b68) at cairo-gstate.c:2144
#9  0x00007fda1d38dc62 in cairo_glyph_path (cr=0x563abcb50800, glyphs=<optimized out>, num_glyphs=<optimized out>) at cairo.c:3865
#10 0x00007fda1bb85aa9 in WebCore::CairoGlyphToPathTranslator::path() () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#11 0x00007fda1bb8676f in WebCore::FontCascade::dashesForIntersectionsWithRect(WebCore::TextRun const&, WebCore::FloatPoint const&, WebCore::FloatRect const&) const ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#12 0x00007fda1ba3a345 in WebCore::drawSkipInkUnderline(WebCore::GraphicsContext&, WebCore::FontCascade const&, WebCore::TextRun const&, WebCore::FloatPoint const&, WebCore::FloatPoint const&, float, float, bool, bool, WebCore::StrokeStyle) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#13 0x00007fda1ba3b651 in WebCore::TextDecorationPainter::paintTextDecoration(WebCore::TextRun const&, WebCore::FloatPoint const&, WebCore::FloatPoint const&) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#14 0x00007fda1b88128d in WebCore::InlineTextBox::paintDecoration(WebCore::GraphicsContext&, WebCore::FontCascade const&, WebCore::RenderCombineText*, WebCore::TextRun const&, WebCore::FloatPoint const&, WebCore::FloatRect const&, WebCore::TextDecoration, WebCore::TextPaintStyle, WebCore::ShadowData const*, WebCore::FloatRect const&) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#15 0x00007fda1b886f39 in WebCore::InlineTextBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#16 0x00007fda1b87ea21 in WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#17 0x00007fda1ba25d34 in WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#18 0x00007fda1b980f15 in WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#19 0x00007fda1b88ca17 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#20 0x00007fda1b899d94 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#21 0x00007fda1b889b18 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#22 0x00007fda1b9e4e7c in WebCore::RenderTableSection::paintCell(WebCore::RenderTableCell*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#23 0x00007fda1b9e51f8 in WebCore::RenderTableSection::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#24 0x00007fda1b9e5ce1 in WebCore::RenderTableSection::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#25 0x00007fda1b9cd97c in WebCore::RenderTable::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#26 0x00007fda1b9cdbcb in WebCore::RenderTable::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#27 0x00007fda1b88cb05 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#28 0x00007fda1b88ceb6 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#29 0x00007fda1b88ca04 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#30 0x00007fda1b899d94 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
---Type <return> to continue, or q <return> to quit---
#31 0x00007fda1b889b18 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#32 0x00007fda1b88cb05 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#33 0x00007fda1b88ceb6 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#34 0x00007fda1b88ca04 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#35 0x00007fda1b899d94 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#36 0x00007fda1b889b18 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#37 0x00007fda1b88cb05 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#38 0x00007fda1b88ceb6 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#39 0x00007fda1b88ca04 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#40 0x00007fda1b899d94 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#41 0x00007fda1b889b18 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#42 0x00007fda1b94d8cb in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#43 0x00007fda1b95305c in WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#44 0x00007fda1b961c6c in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#45 0x00007fda1b962b32 in WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#46 0x00007fda1b963620 in WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#47 0x00007fda1b961424 in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#48 0x00007fda1b962b32 in WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#49 0x00007fda1b962dfc in WebCore::RenderLayer::paint(WebCore::GraphicsContext&, WebCore::LayoutRect const&, WebCore::LayoutSize const&, unsigned int, WebCore::RenderObject*, unsigned int, WebCore::RenderLayer::SecurityOriginPaintPolicy) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#50 0x00007fda1b6ca361 in WebCore::FrameView::paintContents(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#51 0x00007fda1b7751a2 in WebCore::ScrollView::paint(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#52 0x00007fda1af13140 in WebKit::WebPage::drawRect(WebCore::GraphicsContext&, WebCore::IntRect const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#53 0x00007fda1b0a344f in WebKit::DrawingAreaImpl::display(WebKit::UpdateInfo&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#54 0x00007fda1b0a5168 in WebKit::DrawingAreaImpl::display() () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#55 0x00007fda17e85d5a in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.0.so.18
#56 0x00007fda133695aa in g_main_dispatch (context=0x563abc9e5f10) at gmain.c:3234
#57 g_main_context_dispatch (context=context@entry=0x563abc9e5f10) at gmain.c:3899
#58 0x00007fda13369928 in g_main_context_iterate (context=0x563abc9e5f10, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3972
#59 0x00007fda13369c42 in g_main_loop_run (loop=0x563abca27790) at gmain.c:4168
#60 0x00007fda17e86118 in WTF::RunLoop::run() () from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.0.so.18
#61 0x00007fda1b0aaa80 in WebProcessMainUnix () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
Comment 1 Carlos Garcia Campos 2017-10-18 09:42:37 UTC 
Created attachment 134905 [details] [review]
scaled-font: Fix assert when destroying glyph page

This patch fixes the issue, but I'm not sure it's the right fix, since I'm not familiar with the cairo font code.
Comment 2 Adrian Johnson 2017-10-22 01:01:34 UTC 
I've got no idea if the patch is correct. I've checked it with the test suite and it passes.

Behdad?
Comment 3 Behdad Esfahbod 2017-10-22 21:17:41 UTC 
I have no idea either.  Sounds about right though.
Comment 4 Adrian Johnson 2017-10-22 22:29:43 UTC 
This also fixes bug 85141 (which includes some dupes) so I am happy to push it out.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.