Bug 11734

Summary: XRender crashes due to NULL pointer from Cairo on SGI O2
Product: cairo Reporter: Michael Lorenz <macallan>
Component: xlib backendAssignee: Carl Worth <cworth>
Status: RESOLVED FIXED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: critical    
Priority: medium    
Version: 1.4.10   
Hardware: SGI   
OS: NetBSD   
Whiteboard:
i915 platform: i915 features:

Description Michael Lorenz 2007-07-26 11:28:27 UTC
On an SGI O2 Cairo passes a NULL pointer as pixel format to XRenderCreatePicture() which leads to a SEGFAULT. This is apparently triggered by the O2's pixel format - it uses 32bit RGBA. To verify that I had a GTK2 app running on the O2 open its window on a different machine which uses ARGB pixels - no problem. The other way around, program running on a different machine opening its display on the O2 - crash.
Other software doesn't seem to have this problem, KDE3, WindowMaker etc. work fine.
The O2 is running NetBSD -current and XFree86.
Comment 1 Behdad Esfahbod 2007-09-04 18:30:05 UTC
Can you give us a stacktrace of where it's crashing?
Comment 2 Michael Lorenz 2007-09-16 17:51:25 UTC
Here's a stack trace of gtk-demo trying to open its window on an O2:
program received signal SIGSEGV, Segmentation fault.
0x000000004390551c in XRenderCreatePicture () from /usr/pkg/lib/libXrender.so.1
(gdb) bt
#0  0x000000004390551c in XRenderCreatePicture ()
   from /usr/pkg/lib/libXrender.so.1
#1  0x0000000042b48524 in _cairo_xlib_surface_ensure_dst_picture ()
   from /usr/pkg/lib/libcairo.so.2
#2  0x0000000042b499c0 in _cairo_xlib_surface_fill_rectangles ()
   from /usr/pkg/lib/libcairo.so.2
#3  0x0000000042b24b54 in _cairo_surface_fill_rectangles ()
   from /usr/pkg/lib/libcairo.so.2
#4  0x0000000042b24d48 in _cairo_surface_fill_region ()
   from /usr/pkg/lib/libcairo.so.2
#5  0x0000000042b2793c in _clip_and_composite_trapezoids ()
   from /usr/pkg/lib/libcairo.so.2
#6  0x0000000042b27b00 in _cairo_surface_fallback_fill ()
   from /usr/pkg/lib/libcairo.so.2
#7  0x0000000042b25574 in _cairo_surface_fill ()
   from /usr/pkg/lib/libcairo.so.2
#8  0x0000000042b180dc in _cairo_gstate_fill () from /usr/pkg/lib/libcairo.so.2
#9  0x0000000042b10f04 in cairo_fill_preserve ()
   from /usr/pkg/lib/libcairo.so.2
#10 0x0000000042b10f2c in cairo_fill () from /usr/pkg/lib/libcairo.so.2
#11 0x000000004073ffcc in gdk_window_set_user_data ()
   from /usr/pkg/lib/libgdk-x11-2.0.so.0
#12 0x0000000040741644 in gdk_window_begin_paint_region ()
   from /usr/pkg/lib/libgdk-x11-2.0.so.0
#13 0x0000000040ab8904 in gtk_main_do_event ()
   from /usr/pkg/lib/libgtk-x11-2.0.so.0
#14 0x0000000040741aa4 in gdk_window_is_viewable ()
   from /usr/pkg/lib/libgdk-x11-2.0.so.0
#15 0x0000000040741d48 in gdk_window_process_all_updates ()
   from /usr/pkg/lib/libgdk-x11-2.0.so.0
#16 0x0000000040a22204 in gtk_container_check_resize ()
   from /usr/pkg/lib/libgtk-x11-2.0.so.0
#17 0x000000004273c3d4 in g_source_is_destroyed ()
   from /usr/pkg/lib/libglib-2.0.so.0
#18 0x000000004273c3d4 in g_source_is_destroyed ()
   from /usr/pkg/lib/libglib-2.0.so.0

As I said, the problem isn't XRender - other applications like WindowMaker or anything KDE don't have this problem. The SEGFAULT comes from trying to read the pixel format which is a NULL pointer.
Comment 3 Chris Wilson 2008-10-10 06:06:35 UTC
Looking at that stack trace it becomes apparent that our checks are insufficient in that we only look at the XRender extension version without regards as to whether XRender actually supports the target surface.

Fixed with:
  commit 2ac5869f208001320bf23b4e028cd6a39adc2474
  Author: Chris Wilson <chris@chris-wilson.co.uk>
  Date:   Fri Oct 10 14:00:32 2008 +0100
will push to 1.8 shortly.

Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.