Bug 13303

Summary: Crash (_cairo_pen_find_active_cw_vertex_index: Assertion `i < pen->num_vertices' failed) with CAIRO_LINE_CAP_ROUND and a degenerate transform matrix.
Product: cairo Reporter: Riccardo Magliocchetti <riccardo.magliocchetti>
Component: generalAssignee: Carl Worth <cworth>
Status: RESOLVED FIXED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: normal    
Priority: medium CC: proski
Version: 1.4.10   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: Minimal test case

Description Riccardo Magliocchetti 2007-11-19 12:47:20 UTC 
First of all i'm very sorry for the problem i've caused with bug 10231.

I'm getting this crash with swfdec git 7c377ba3852ca8c66e5d42bbdec7662ca9b7a4fd
while loading http://www.labottegadellabici.it/index.swf in firefox.

Without installing the mozilla plugin you can reproduce by:
swfdec-dir/player/swfplay http://www.labottegadellabici.it/link.swf

Loading stream: http://www.labottegadellabici.it/index.swf
SWFDEC: FIXME: swfdec_pattern.c(448): swfdec_pattern_do_parse: CAIRO_EXTEND_PAD is not yet implemented
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish: fillstyle 0 has no path
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish: fillstyle 0 has no path
SWFDEC: WARN : swfdec_as_interpret.c(568): swfdec_player_get_movie_from_string: "_level100" does not reference a movie
Loading stream: http://www.labottegadellabici.it/link.swf
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish: fillstyle 0 has no path
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish: fillstyle 1 has no path
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish: fillstyle 2 has no path
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish: fillstyle 3 has no path
firefox-bin: /home/rm/swfdec/cairo/libcairo-1.4.10/src/cairo-pen.c:324: _cairo_pen_find_active_cw_vertex_index: Asserzione `i < pen->num_vertices' fallita.

Program received signal SIGABRT, Aborted.
---Type <return> to continue, or q <return> to quit---
[Switching to Thread 0xb718e920 (LWP 9961)]
0xb736f7d6 in raise () from /lib/libc.so.6
(gdb) bt full
#0  0xb736f7d6 in raise () from /lib/libc.so.6
No symbol table info available.
#1  0xb73710f1 in abort () from /lib/libc.so.6
No symbol table info available.
#2  0xb7368b50 in __assert_fail () from /lib/libc.so.6
No symbol table info available.
#3  0xb77b7f4f in _cairo_pen_find_active_cw_vertex_index (pen=0xbfd43f00, 
    slope=0xbfd43dd0, active=0xbfd43dd8)
    at /home/rm/swfdec/cairo/libcairo-1.4.10/src/cairo-pen.c:324
        i = 4
        __PRETTY_FUNCTION__ = "_cairo_pen_find_active_cw_vertex_index"
#4  0xb77b668e in _cairo_stroker_add_cap (stroker=0xbfd43ee8, f=0xbfd43e00)
    at /home/rm/swfdec/cairo/libcairo-1.4.10/src/cairo-path-stroke.c:397
        i = <value optimized out>
        stop = <value optimized out>
        slope = {dx = -2, dy = -1}
        tri = {{x = 39324, y = 62256}, {x = 0, y = 1}, {x = 0, y = 0}}
        pen = (cairo_pen_t *) 0xbfd43f00
        start = <value optimized out>
        status = <value optimized out>
#5  0xb77b6945 in _cairo_stroker_add_leading_cap (stroker=0x0, 
    face=<value optimized out>)
    at /home/rm/swfdec/cairo/libcairo-1.4.10/src/cairo-path-stroke.c:480
---Type <return> to continue, or q <return> to quit---
        reversed = {ccw = {x = 39324, y = 62256}, point = {x = 39324, 
    y = 62256}, cw = {x = 39324, y = 62256}, dev_vector = {dx = -2, dy = -1}, 
  usr_vector = {x = -0.89442719099991586, y = -0.44721359549995793}}
#6  0xb77b6976 in _cairo_stroker_add_caps (stroker=0xbfd43ee8)
    at /home/rm/swfdec/cairo/libcairo-1.4.10/src/cairo-path-stroke.c:520
        status = <value optimized out>
#7  0xb77b6d1c in _cairo_path_fixed_stroke_to_traps (path=0xa83abe8, 
    stroke_style=0xa83b378, ctm=0xbfd443a8, ctm_inverse=0xbfd44378, 
    tolerance=0.10000000000000001, traps=0xbfd44024)
    at /home/rm/swfdec/cairo/libcairo-1.4.10/src/cairo-path-stroke.c:1024
        status = CAIRO_STATUS_SUCCESS
        stroker = {style = 0xa83b378, ctm = 0xbfd443a8, 
  ctm_inverse = 0xbfd44378, tolerance = 0.10000000000000001, 
  traps = 0xbfd44024, pen = {radius = 10, tolerance = 0.10000000000000001, 
    vertices = 0xa28b990, num_vertices = 4}, current_point = {x = 39324, 
    y = 62256}, first_point = {x = 39324, y = 62256}, 
  has_initial_sub_path = 0, has_current_face = 1, current_face = {ccw = {
      x = 39324, y = 62256}, point = {x = 39324, y = 62256}, cw = {x = 39324, 
      y = 62256}, dev_vector = {dx = 0, dy = 1}, usr_vector = {x = 0, y = 1}}, 
  has_first_face = 1, first_face = {ccw = {x = 39324, y = 62256}, point = {
      x = 39324, y = 62256}, cw = {x = 39324, y = 62256}, dev_vector = {
      dx = 2, dy = 1}, usr_vector = {x = 0.89442719099991586, 
      y = 0.44721359549995793}}, dashed = 0, dash_index = 3218358248, 
---Type <return> to continue, or q <return> to quit---
  dash_on = -1216433589, dash_starts_on = -1216441344, dash_remain = 0}
#8  0xb77c01c5 in _cairo_surface_fallback_stroke (surface=0xa83a7b0, 
    op=CAIRO_OPERATOR_OVER, source=0xbfd442e4, path=0xa83abe8, 
    stroke_style=0xa83b378, ctm=0xbfd443a8, ctm_inverse=0xbfd44378, 
    tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT)
    at /home/rm/swfdec/cairo/libcairo-1.4.10/src/cairo-surface-fallback.c:836
        status = CAIRO_STATUS_SUCCESS
        traps = {status = CAIRO_STATUS_SUCCESS, extents = {p1 = {
      x = 2147483647, y = 2147483647}, p2 = {x = -2147483648, 
      y = -2147483648}}, num_traps = 0, traps_size = 1, traps = 0xbfd44044, 
  traps_embedded = {{top = 0, bottom = -1076608856, left = {p1 = {
          x = -1216621436, y = -1076608284}, p2 = {x = -1076608920, y = 0}}, 
      right = {p1 = {x = 0, y = 0}, p2 = {x = -1076608284, y = 0}}}}, 
  has_limits = 1, limits = {p1 = {x = 0, y = 0}, p2 = {x = 9306112, 
      y = 65536}}}
        box = {p1 = {x = 0, y = 0}, p2 = {x = 9306112, y = 65536}}
        extents = {x = 0, y = 0, width = 142, height = 1}
#9  0xb77bd7ab in _cairo_surface_stroke (surface=0xa83a7b0, 
    op=CAIRO_OPERATOR_OVER, source=0xbfd44428, path=0xa83abe8, 
    stroke_style=0xa83b378, ctm=0xa83b420, ctm_inverse=0xa83b450, 
    tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT)
    at /home/rm/swfdec/cairo/libcairo-1.4.10/src/cairo-surface.c:1414
        status = CAIRO_STATUS_SUCCESS
---Type <return> to continue, or q <return> to quit---
        dev_source = {base = {type = CAIRO_PATTERN_TYPE_SOLID, ref_count = 1, 
    status = CAIRO_STATUS_SUCCESS, user_data = {size = 0, num_elements = 0, 
      element_size = 12, elements = 0x0, is_snapshot = 0}, matrix = {
      xx = 1310720, yx = 0, xy = 0, yy = 1310720, x0 = -786432, 
      y0 = -1245184}, filter = CAIRO_FILTER_BEST, extend = CAIRO_EXTEND_PAD}, 
  solid = {base = {type = CAIRO_PATTERN_TYPE_SOLID, ref_count = 1, 
      status = CAIRO_STATUS_SUCCESS, user_data = {size = 0, num_elements = 0, 
        element_size = 12, elements = 0x0, is_snapshot = 0}, matrix = {
        xx = 1310720, yx = 0, xy = 0, yy = 1310720, x0 = -786432, 
        y0 = -1245184}, filter = CAIRO_FILTER_BEST, 
      extend = CAIRO_EXTEND_PAD}, color = {red = 0.59999999999999998, 
      green = 0.59999999999999998, blue = 0.59999999999999998, alpha = 1, 
      red_short = 39321, green_short = 39321, blue_short = 39321, 
      alpha_short = 65535}, content = CAIRO_CONTENT_COLOR_ALPHA}, surface = {
    base = {type = CAIRO_PATTERN_TYPE_SOLID, ref_count = 1, 
      status = CAIRO_STATUS_SUCCESS, user_data = {size = 0, num_elements = 0, 
        element_size = 12, elements = 0x0, is_snapshot = 0}, matrix = {
        xx = 1310720, yx = 0, xy = 0, yy = 1310720, x0 = -786432, 
        y0 = -1245184}, filter = CAIRO_FILTER_BEST, 
      extend = CAIRO_EXTEND_PAD}, surface = 0x33333333}, gradient = {base = {
      base = {type = CAIRO_PATTERN_TYPE_SOLID, ref_count = 1, 
        status = CAIRO_STATUS_SUCCESS, user_data = {size = 0, 
          num_elements = 0, element_size = 12, elements = 0x0, 
---Type <return> to continue, or q <return> to quit---
          is_snapshot = 0}, matrix = {xx = 1310720, yx = 0, xy = 0, 
          yy = 1310720, x0 = -786432, y0 = -1245184}, 
        filter = CAIRO_FILTER_BEST, extend = CAIRO_EXTEND_PAD}, 
      n_stops = 858993459, stops_size = 1071854387, stops = 0x33333333, 
      stops_embedded = {{x = 1071854387, color = {red = 13107, green = 13107, 
            blue = 13107, alpha = 16355}}, {x = 0, color = {red = 0, 
            green = 16368, blue = 39321, alpha = 39321}}}}, linear = {base = {
        base = {type = CAIRO_PATTERN_TYPE_SOLID, ref_count = 1, 
          status = CAIRO_STATUS_SUCCESS, user_data = {size = 0, 
            num_elements = 0, element_size = 12, elements = 0x0, 
            is_snapshot = 0}, matrix = {xx = 1310720, yx = 0, xy = 0, 
            yy = 1310720, x0 = -786432, y0 = -1245184}, 
          filter = CAIRO_FILTER_BEST, extend = CAIRO_EXTEND_PAD}, 
        n_stops = 858993459, stops_size = 1071854387, stops = 0x33333333, 
        stops_embedded = {{x = 1071854387, color = {red = 13107, 
              green = 13107, blue = 13107, alpha = 16355}}, {x = 0, color = {
              red = 0, green = 16368, blue = 39321, alpha = 39321}}}}, 
      gradient = {p1 = {x = -26215, y = 12288}, p2 = {x = 0, y = 0}}}, 
    radial = {base = {base = {type = CAIRO_PATTERN_TYPE_SOLID, ref_count = 1, 
          status = CAIRO_STATUS_SUCCESS, user_data = {size = 0, 
            num_elements = 0, element_size = 12, elements = 0x0, 
            is_snapshot = 0}, matrix = {xx = 1310720, yx = 0, xy = 0, 
            yy = 1310720, x0 = -786432, y0 = -1245184}, 
---Type <return> to continue, or q <return> to quit---
          filter = CAIRO_FILTER_BEST, extend = CAIRO_EXTEND_PAD}, 
        n_stops = 858993459, stops_size = 1071854387, stops = 0x33333333, 
        stops_embedded = {{x = 1071854387, color = {red = 13107, 
              green = 13107, blue = 13107, alpha = 16355}}, {x = 0, color = {
              red = 0, green = 16368, blue = 39321, alpha = 39321}}}}, 
      gradient = {c1 = {x = -26215, y = 12288, radius = 0}, c2 = {x = 0, 
          y = 1072693248, radius = 0}}}}}
        real_dev_path = {last_move_point = {x = 2, y = -1076608092}, 
  current_point = {x = 0, y = 0}, has_current_point = 0, has_curve_to = 0, 
  buf_tail = 0x0, buf_head = {{next = 0x0, prev = 0x0, num_ops = 0, 
      num_points = 0, op = {9, CAIRO_PATH_OP_MOVE_TO, CAIRO_PATH_OP_MOVE_TO, 
        CAIRO_PATH_OP_MOVE_TO, 212, 66, 212, 191, 136, 241, 130, 10, 8, 
        CAIRO_PATH_OP_MOVE_TO, CAIRO_PATH_OP_MOVE_TO, CAIRO_PATH_OP_MOVE_TO, 
        149, 153, CAIRO_PATH_OP_MOVE_TO, CAIRO_PATH_OP_MOVE_TO, 47, 243, 
        CAIRO_PATH_OP_MOVE_TO, CAIRO_PATH_OP_MOVE_TO, 158, 153, 
        CAIRO_PATH_OP_MOVE_TO, CAIRO_PATH_OP_MOVE_TO, 56, 243, 
        CAIRO_PATH_OP_MOVE_TO, CAIRO_PATH_OP_MOVE_TO, 160, 56, 212, 191, 84, 
        136, 123, 183, 158, 153, CAIRO_PATH_OP_MOVE_TO, CAIRO_PATH_OP_MOVE_TO, 
        47, 243, CAIRO_PATH_OP_MOVE_TO, CAIRO_PATH_OP_MOVE_TO, 149, 153, 
        CAIRO_PATH_OP_MOVE_TO}, points = {{x = -1216257704, y = -1216257704}, {
          x = 0, y = -1076608360}, {x = -1216654456, y = -1076608604}, {
          x = -1076608604, y = 1}, {x = -1216654128, y = -1216654048}, {
          x = -1216654704, y = -1076608624}, {x = 0, y = -1717986918}, {
---Type <return> to continue, or q <return> to quit---
          x = -1220092067, y = 176403456}, {x = -1219976896, y = 257}, {
          x = -1219976852, y = -1219976852}, {x = 0, y = -1219976848}, {
          x = 32, y = 39325}, {x = 62256, y = 39325}, {x = 62256, 
          y = -1220882197}, {x = -1219981324, y = 176404096}, {x = 653696, 
          y = -1076608448}, {x = -1220875218, y = 39326}, {x = 62259, y = 1}, {
          x = -1216444336, y = 39326}, {x = 62259, y = 39325}, {x = 176404096, 
          y = 1}, {x = 652184, y = -1220079296}, {x = 62262, y = 39322}, {
          x = 62264, y = 1}, {x = 0, y = 39318}, {x = 62262, y = 39322}, {
          x = 62264, y = 0}, {x = 176405608, y = 39317}, {x = 62259, 
          y = 39318}, {x = -1219981324, y = -1219976896}, {x = 176404328, 
          y = -1076608392}, {x = -1220859664, y = -1219976896}, {
          x = 176404328, y = 62255}, {x = 39326, y = 62264}, {x = 176404320, 
          y = 39318}, {x = 62256, y = 0}, {x = -1216257704, y = -1076608300}, {
          x = -1076608300, y = -1076608360}, {x = -1216609200, y = 176404328}, 
        {x = 0, y = 65537}, {x = -1216257704, y = -1216257704}, {x = 0, 
          y = -1076608168}, {x = -1216610437, y = -1076608300}, {
          x = 176403436, y = 0}, {x = 1069128089, y = -1076608300}, {
          x = -1216654704, y = 0}, {x = 1093926912, y = 0}, {x = -1076608192, 
          y = -1717986918}, {x = 1069128089, y = 0}, {x = 0, y = 39317}, {
          x = 62255, y = 39326}}}}}
        dev_ctm = {xx = 7.6293945312500004e-07, yx = 0, xy = 0, 
  yy = 7.6293945312500004e-07, x0 = 426.60000000000002, 
  y0 = 269.94999999999999}
---Type <return> to continue, or q <return> to quit---
        dev_ctm_inverse = {xx = 1310720, yx = 0, xy = 0, yy = 1310720, 
  x0 = -559153152, y0 = -353828864}
        __PRETTY_FUNCTION__ = "_cairo_surface_stroke"
#10 0xb77b0379 in _cairo_gstate_stroke (gstate=0xa83b368, path=0xa83abe8)
    at /home/rm/swfdec/cairo/libcairo-1.4.10/src/cairo-gstate.c:975
        status = CAIRO_STATUS_SUCCESS
        source_pattern = {base = {type = CAIRO_PATTERN_TYPE_SOLID, 
    ref_count = 1, status = CAIRO_STATUS_SUCCESS, user_data = {size = 0, 
      num_elements = 0, element_size = 12, elements = 0x0, is_snapshot = 0}, 
    matrix = {xx = 1310720, yx = 0, xy = 0, yy = 1310720, x0 = -559153152, 
      y0 = -353828864}, filter = CAIRO_FILTER_BEST, 
    extend = CAIRO_EXTEND_PAD}, solid = {base = {
      type = CAIRO_PATTERN_TYPE_SOLID, ref_count = 1, 
      status = CAIRO_STATUS_SUCCESS, user_data = {size = 0, num_elements = 0, 
        element_size = 12, elements = 0x0, is_snapshot = 0}, matrix = {
        xx = 1310720, yx = 0, xy = 0, yy = 1310720, x0 = -559153152, 
        y0 = -353828864}, filter = CAIRO_FILTER_BEST, 
      extend = CAIRO_EXTEND_PAD}, color = {red = 0.59999999999999998, 
      green = 0.59999999999999998, blue = 0.59999999999999998, alpha = 1, 
      red_short = 39321, green_short = 39321, blue_short = 39321, 
      alpha_short = 65535}, content = CAIRO_CONTENT_COLOR_ALPHA}, surface = {
    base = {type = CAIRO_PATTERN_TYPE_SOLID, ref_count = 1, 
      status = CAIRO_STATUS_SUCCESS, user_data = {size = 0, num_elements = 0, 
---Type <return> to continue, or q <return> to quit---
        element_size = 12, elements = 0x0, is_snapshot = 0}, matrix = {
        xx = 1310720, yx = 0, xy = 0, yy = 1310720, x0 = -559153152, 
        y0 = -353828864}, filter = CAIRO_FILTER_BEST, 
      extend = CAIRO_EXTEND_PAD}, surface = 0x33333333}, gradient = {base = {
      base = {type = CAIRO_PATTERN_TYPE_SOLID, ref_count = 1, 
        status = CAIRO_STATUS_SUCCESS, user_data = {size = 0, 
          num_elements = 0, element_size = 12, elements = 0x0, 
          is_snapshot = 0}, matrix = {xx = 1310720, yx = 0, xy = 0, 
          yy = 1310720, x0 = -559153152, y0 = -353828864}, 
        filter = CAIRO_FILTER_BEST, extend = CAIRO_EXTEND_PAD}, 
      n_stops = 858993459, stops_size = 1071854387, stops = 0x33333333, 
      stops_embedded = {{x = 1071854387, color = {red = 13107, green = 13107, 
            blue = 13107, alpha = 16355}}, {x = 0, color = {red = 0, 
            green = 16368, blue = 39321, alpha = 39321}}}}, linear = {base = {
        base = {type = CAIRO_PATTERN_TYPE_SOLID, ref_count = 1, 
          status = CAIRO_STATUS_SUCCESS, user_data = {size = 0, 
            num_elements = 0, element_size = 12, elements = 0x0, 
            is_snapshot = 0}, matrix = {xx = 1310720, yx = 0, xy = 0, 
            yy = 1310720, x0 = -559153152, y0 = -353828864}, 
          filter = CAIRO_FILTER_BEST, extend = CAIRO_EXTEND_PAD}, 
        n_stops = 858993459, stops_size = 1071854387, stops = 0x33333333, 
        stops_embedded = {{x = 1071854387, color = {red = 13107, 
              green = 13107, blue = 13107, alpha = 16355}}, {x = 0, color = {
---Type <return> to continue, or q <return> to quit---
              red = 0, green = 16368, blue = 39321, alpha = 39321}}}}, 
      gradient = {p1 = {x = -26215, y = 12288}, p2 = {x = 1071854387, 
          y = 858993459}}}, radial = {base = {base = {
          type = CAIRO_PATTERN_TYPE_SOLID, ref_count = 1, 
          status = CAIRO_STATUS_SUCCESS, user_data = {size = 0, 
            num_elements = 0, element_size = 12, elements = 0x0, 
            is_snapshot = 0}, matrix = {xx = 1310720, yx = 0, xy = 0, 
            yy = 1310720, x0 = -559153152, y0 = -353828864}, 
          filter = CAIRO_FILTER_BEST, extend = CAIRO_EXTEND_PAD}, 
        n_stops = 858993459, stops_size = 1071854387, stops = 0x33333333, 
        stops_embedded = {{x = 1071854387, color = {red = 13107, 
              green = 13107, blue = 13107, alpha = 16355}}, {x = 0, color = {
              red = 0, green = 16368, blue = 39321, alpha = 39321}}}}, 
      gradient = {c1 = {x = -26215, y = 12288, radius = 1071854387}, c2 = {
          x = 858993459, y = 1071854387, radius = 153}}}}}
#11 0xb77a8f4c in *INT_cairo_stroke_preserve (cr=0xa83aa78)
    at /home/rm/swfdec/cairo/libcairo-1.4.10/src/cairo.c:2053
        status = <value optimized out>
#12 0xb77a8f72 in cairo_stroke (cr=0xa83aa78)
    at /home/rm/swfdec/cairo/libcairo-1.4.10/src/cairo.c:2027
No locals.
#13 0xb0dc866f in swfdec_stroke_paint (draw=0x9995758, cr=0xa83aa78, 
    trans=0xbfd44718) at swfdec_stroke.c:124
---Type <return> to continue, or q <return> to quit---
        stroke = (SwfdecStroke *) 0x9995758
        color = <value optimized out>
#14 0xb0d9737e in swfdec_draw_paint (draw=0x9995758, cr=0xa83aa78, 
    trans=0xbfd44718) at swfdec_draw.c:129
        __PRETTY_FUNCTION__ = "swfdec_draw_paint"
#15 0xb0dc3cce in swfdec_shape_render (graphic=0xa7ff240, cr=0xa83aa78, 
    trans=0xbfd44718, inval=0xbfd446f8) at swfdec_shape.c:63
        draw = (SwfdecDraw *) 0x9995758
        walk = (GSList *) 0xa7fed58
#16 0xb0da5dfc in swfdec_graphic_render (graphic=0x26e9, cr=0xa83aa78, 
    trans=0xbfd44718, inval=0xbfd446f8) at swfdec_graphic.c:59
No locals.
#17 0xb0da6135 in swfdec_graphic_movie_render (movie=0xa80adb0, cr=0xa83aa78, 
    trans=0xbfd44718, inval=0xbfd446f8) at swfdec_graphic_movie.c:49
No locals.
#18 0xb0dad67f in swfdec_movie_render (movie=0xa80adb0, cr=0xa83aa78, 
    color_transform=0xbfd44858, inval=0xbfd44838) at swfdec_movie.c:895
        child = (SwfdecMovie *) 0x0
        g = (GList *) 0x0
        walk = (GSList *) 0x0
        clip_depth = 1101404160
        trans = {ra = 256, rb = 0, ga = 256, gb = 0, ba = 256, bb = 0, 
  aa = 256, ab = 0}
---Type <return> to continue, or q <return> to quit---
        rect = {x0 = -786432, y0 = -1245184, x1 = 185335808, y1 = 65536}
        group = 0
        mask = (cairo_pattern_t *) 0x41a61800
        __PRETTY_FUNCTION__ = "swfdec_movie_render"
        matrix = {xx = 0.050000000000000003, yx = 0, xy = 0, 
  yy = 0.050000000000000003, x0 = 0, y0 = 0}
#19 0xb0dad767 in swfdec_movie_render (movie=0xa8099e8, cr=0xa83aa78, 
    color_transform=0xbfd44998, inval=0xbfd44978) at swfdec_movie.c:885
        child = (SwfdecMovie *) 0xa80adb0
        g = (GList *) 0xa825c20
        walk = <value optimized out>
        clip_depth = 0
        trans = {ra = 256, rb = 0, ga = 256, gb = 0, ba = 256, bb = 0, 
  aa = 256, ab = 0}
        rect = {x0 = -786432, y0 = -1245184, x1 = 185335808, y1 = 65536}
        group = 0
        mask = (cairo_pattern_t *) 0x0
        __PRETTY_FUNCTION__ = "swfdec_movie_render"
        matrix = {xx = 0.050000000000000003, yx = 0, xy = 0, 
  yy = 0.050000000000000003, x0 = 0, y0 = 0}
#20 0xb0dad767 in swfdec_movie_render (movie=0xa8097f0, cr=0xa83aa78, 
    color_transform=0xb0df3380, inval=0xbfd44a70) at swfdec_movie.c:885
        child = (SwfdecMovie *) 0xa8099e8
---Type <return> to continue, or q <return> to quit---
        g = (GList *) 0xa825b60
        walk = <value optimized out>
        clip_depth = 0
        trans = {ra = 256, rb = 0, ga = 256, gb = 0, ba = 256, bb = 0, 
  aa = 256, ab = 0}
        rect = {x0 = 6180, y0 = 4060, x1 = 9020, y1 = 4080}
        group = 0
        mask = (cairo_pattern_t *) 0x0
        __PRETTY_FUNCTION__ = "swfdec_movie_render"
        matrix = {xx = 0.050000000000000003, yx = 0, xy = 0, 
  yy = 0.050000000000000003, x0 = 0, y0 = 0}
#21 0xb0db949c in swfdec_player_render (player=0xa68c158, cr=0xa83aa78, x=309, 
    y=203, width=451, height=204) at swfdec_player.c:2249
        walk = (GList *) 0xa8049d0
        real = {x0 = 6180, y0 = 4060, x1 = 9020, y1 = 4080}
        trans = {ra = 256, rb = 0, ga = 256, gb = 0, ba = 256, bb = 0, 
  aa = 256, ab = 0}
        __PRETTY_FUNCTION__ = "swfdec_player_render"
#22 0xb177b1c6 in swfmoz_player_render (player=0x9b31b88, region=0xa839020)
    at swfmoz_player.c:610
        rect = {x = 426, y = 269, width = 142, height = 1}
        cr = (cairo_t *) 0xa83aa78
        __PRETTY_FUNCTION__ = "swfmoz_player_render"
---Type <return> to continue, or q <return> to quit---
#23 0xb177ba94 in swfmoz_player_idle_redraw (playerp=0x9b31b88)
    at swfmoz_player.c:157
        region = (GdkRegion *) 0xa839020
Comment 1 Carl Worth 2007-11-20 21:37:37 UTC 
(In reply to comment #0)
> First of all i'm very sorry for the problem i've caused with bug 10231.

Please don't worry about it. I think I was just grouchy this morning,
and I probably let too much of that come through in my response. Sorry
about that.

> I'm getting this crash with swfdec git 7c377ba3852ca8c66e5d42bbdec7662ca9b7a4fd
> while loading http://www.labottegadellabici.it/index.swf in firefox.
>
> Without installing the mozilla plugin you can reproduce by:
> swfdec-dir/player/swfplay http://www.labottegadellabici.it/link.swf

Thanks for the details on how to replicate it. Unfortunately I haven't
been able to replicate the failure. I've compiled exactly that
revision of swfdec and run it with a locally downloaded copy of
link.swf against many versions of cairo (current HEAD from git,
1.4.10, 1.4.0, 1.2.6), and in all cases I get the same behavior.

Namely, I see complaints like the following:

SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish: fillstyle 0 has no path
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish: fillstyle 1 has no path
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish: fillstyle 2 has no path
SWFDEC: WARN : swfdec_shape_parser.c(279): swfdec_shape_parser_finish: fillstyle 3 has no path
SWFDEC: ERROR: swfdec_codec_gst.c(231): swfdec_gst_decoder_init: failed to create decoder
SWFDEC: ERROR: swfdec_codec_audio.c(192): swfdec_audio_decoder_new: no suitable decoder for audio codec 2

Then a window appears with large text at the top of "La Bottega della
Bici", a picture of a person on a bicycle, a large yellow rectangle,
and 6 text "buttons" at the bottom, (some gray and some black). I
can't seem to get anything else to happen, (the buttons don't do
anything for example), but I also can't get any crash.

Since you're able to exercise the failure, what might help is if you
could use libcairowrap[*] and capture the last few cairo calls leading
to the crash.

-Carl

[*] http://cgit.freedesktop.org/~company/libcairowrap/

Benjamin, I assume this is a recent version. We should probably go
ahead and host a repository for this on git.freedesktop.org to be more
"official". Any reason not to do that?
Comment 2 Riccardo Magliocchetti 2007-11-21 12:38:30 UTC 
(In reply to comment #1)
> Thanks for the details on how to replicate it. Unfortunately I haven't
> been able to replicate the failure. I've compiled exactly that
> revision of swfdec and run it with a locally downloaded copy of
> link.swf against many versions of cairo (current HEAD from git,
> 1.4.10, 1.4.0, 1.2.6), and in all cases I get the same behavior.

Uhm, can't get the crash playing the file locally too. Playing from the
website makes a difference. Btw upgraded to latest git of swfdec.

> Since you're able to exercise the failure, what might help is if you
> could use libcairowrap[*] and capture the last few cairo calls leading
> to the crash.

Done

> Benjamin, I assume this is a recent version. We should probably go
> ahead and host a repository for this on git.freedesktop.org to be more
> "official". Any reason not to do that?

AFAICS he's not in C
Comment 3 Riccardo Magliocchetti 2007-11-21 12:40:00 UTC 
These are few last calls before the assert:

cairo_set_source(cr_0x9b79de8, pattern_0xa0a4e10);
cairo_pattern_destroy(pattern_0xa0a4e10);
cairo_fill(cr_0x9b79de8);
cairo_set_line_cap(cr_0x9b79de8, 1);
cairo_set_line_join(cr_0x9b79de8, 1);
cairo_move_to(cr_0x9b79de8, 52, -73);
cairo_curve_to(cr_0x9b79de8, 78, -45,6667, 86,6667, -24,3333, 78, -9);
cairo_curve_to(cr_0x9b79de8, 86,6667, 26,3333, 78, 47,3333, 52, 54);
cairo_curve_to(cr_0x9b79de8, 45,3333, 81,3333, 24,6667, 90,3333, -10, 81);
cairo_curve_to(cr_0x9b79de8, -25,3333, 90,3333, -46, 81,3333, -72, 54);
cairo_curve_to(cr_0x9b79de8, -78,6667, 46,6667, -87,3333, 25,6667, -98, -9);
cairo_curve_to(cr_0x9b79de8, -87,3333, -24,3333, -78,6667, -45,6667, -72, -73);
cairo_curve_to(cr_0x9b79de8, -46, -80,3333, -25,3333, -89, -10, -99);
cairo_curve_to(cr_0x9b79de8, 24,6667, -89, 45,3333, -80,3333, 52, -73);
cairo_set_source_rgba(cr_0x9b79de8, 0,6, 0,6, 0,6, 1);
cairo_set_line_width(cr_0x9b79de8, 20);
cairo_stroke(cr_0x9b79de8);
Comment 4 Riccardo Magliocchetti 2007-11-21 13:48:34 UTC 
(In reply to comment #2)
> (In reply to comment #1)
> > Benjamin, I assume this is a recent version. We should probably go
> > ahead and host a repository for this on git.freedesktop.org to be more
> > "official". Any reason not to do that?
> 
> AFAICS he's not in C

that should read CC
Comment 5 Carl Worth 2007-11-21 14:49:10 UTC 
(In reply to comment #4)
> (In reply to comment #2)
> > (In reply to comment #1)
> > > Benjamin, I assume this is a recent version. We should probably go
> > > ahead and host a repository for this on git.freedesktop.org to be more
> > > "official". Any reason not to do that?
> > 
> > AFAICS he's not in C
> 
> that should read CC 

/me demonstrates why he dislikes bugzilla so much... it makes these little walled-off conversations. Mailing lists are much better for including more people.

I remember him being involved in this dicussion earlier, (perhaps it was on a separate bug report and he had suggested the duplication), so it seemed natural to try to address him.

-Carl
Comment 6 Carl Worth 2007-11-21 15:21:17 UTC 
(In reply to comment #2)
> Uhm, can't get the crash playing the file locally too. Playing from the
> website makes a difference. Btw upgraded to latest git of swfdec.

Thanks. I've tried that now and I have succesfully replicated the bug.
And the bug seems to exist with even the latest cairo from git, so this
definitely looks new compared to other bugs we've seen, (even those
that crashed on the same assertion failure).

And thanks for the report from libcairowrap. That tool's output is definitely looking really good. For anyone hacking on it, (and yes, Benjamin might not be on the CC list so someone might have to chase him down and point him at this walled-off discussion), here are a couple of things that would be nice to fix:

   1. The numbers need to be printed as valid C literals, (that is, a locale-independent printing of floating-point numbers). The current -45,6667 where C wants -45.6667 is not too useful. :-)

   2. Instead of cr_0xdeadbeef it would be nice to just have the tool identify matching pointers and map them to small integers. So "cr", "cr2", "cr3" or so.

Anyway, as nice as it looks, the output you gave doesn't look sufficient to replicate the bug. I'm assuming that's because there's a particular transformation matrix necessary to trigger the bug, (so using that snippet with an identity transform doesn't exercise the bug).

Maybe libcairowrap should periodically emit something to explicitly set relevant cairo state such as the CTM? That would let reporters quote output back to the last such snapshot and ensure that all state was captured.

-Carl
Comment 7 Carl Worth 2007-11-21 16:25:52 UTC 
Created attachment 12679 [details]
Minimal test case

Sure enough, there was just an earlier cairo_scale and cairo_transform in the libcairowrap output that were necessary to trigger the bug. So here's the minimal test case that I've come up with so far.

And I was wrong before when I said this was failing against recent cairo from git, (but it does indeed fail with cairo 1.4.10). I'll summarize the status in a next post.
Comment 8 Carl Worth 2007-11-21 16:31:38 UTC 
OK. Here's the scoop:

The test in bug 10231 originally tickled this problem by attempting to stroke with a line width explicitly 0.0. This was first fixed in cairo 1.4.2, (and added to the test suite as line-width-zero).

In this bug report we're seeing the same assertion failure, but with a non-zero line width, but a transformation matrix that transforms the two-dimensional pen to a one-dimensional line or to a zero-dimensional point. This bug exists as of cairo 1.4.10.

Benjamin Otte had raised this bug previously on the cairo mailing list, and it has since been fixed (and added to the test suite as degenerate-pen).

This bug can be verified as fixed, (with the attached test cast) in both the 1.5.2 and 1.4.11 snapshots of cairo. This means it will be fixed in the upcoming 1.6.0 and 1.4.12 releases of cairo.

Thanks for the report.

-Carl
Comment 9 Benjamin Otte 2007-12-01 17:05:59 UTC 
*** Bug 13466 has been marked as a duplicate of this bug. ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.