Bug 5913

Summary: crash on overlong string
Product: cairo Reporter: Christian Persch (GNOME) <chpe>
Component: generalAssignee: Carl Worth <cworth>
Status: RESOLVED FIXED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: critical    
Priority: high CC: newren
Version: 1.1.1   
Hardware: x86 (IA32)   
OS: Linux (All)   
URL: http://bugzilla.gnome.org/attachment.cgi?id=59432&action=view
Whiteboard:
i915 platform: i915 features:

Description Christian Persch (GNOME) 2006-02-17 01:32:48 UTC 
Originally filed as http://bugzilla.gnome.org/show_bug.cgi?id=331326, testcase
is http://bugzilla.gnome.org/attachment.cgi?id=59432&action=view .

Steps to reproduce:
0) Apply attached patch to gtk's gtk+/tests/testentrycompletion.c
1) Compile & run
2) In the first entry in the testentrcompletion window, type "gg" (without
quotes).

Result:
X error.

Trace from --sync:

#0  gdk_x_error (display=0x80749f0, error=0xbfbdb64c) at gdkmain-x11.c:599
#1  0xb786deec in _XError (dpy=0x80749f0, rep=0xbfbdb6dc) at
../../src/XlibInt.c:2888
#2  0xb786e0c8 in _XWaitForWritable (dpy=0x80749f0, cv=0x0) at
../../src/XlibInt.c:346
#3  0xb786e314 in _XFlushInt (dpy=0x80749f0, cv=0x0) at ../../src/XlibInt.c:680
#4  0xb78fb522 in XRenderCompositeText8 (dpy=0x80749f0, op=134695408,
src=134695408, dst=134695408, maskFormat=0x8093a88, xSrc=134695408,
ySrc=134695408,
    xDst=8, yDst=0, elts=0xb6da2008, nelt=64000) at ../../src/Glyph.c:480
#5  0xb7974bb1 in _cairo_xlib_surface_old_show_glyphs (scaled_font=0x8176470,
op=CAIRO_OPERATOR_OVER, pattern=0xbfbe2430, abstract_surface=0x81d2a80,
    source_x=0, source_y=8, dest_x=0, dest_y=8, width=287, height=10,
glyphs=0xb6eeb008, num_glyphs=64000) at cairo-xlib-surface.c:2249
#6  0xb7962681 in _cairo_surface_old_show_glyphs (scaled_font=0x8176470,
op=CAIRO_OPERATOR_OVER, pattern=0xbfbe2430, dst=0x81d2a80, source_x=0,
source_y=8,
    dest_x=0, dest_y=8, width=287, height=10, glyphs=0xb6eeb008,
num_glyphs=64000) at cairo-surface.c:1441
#7  0xb7963b92 in _cairo_surface_old_show_glyphs_draw_func (closure=0xbfbe2380,
op=CAIRO_OPERATOR_OVER, src=0xbfbe2430, dst=0x81d2a80, dst_x=0, dst_y=0,
    extents=0xbfbe2394) at cairo-surface-fallback.c:874
#8  0xb7962cdf in _clip_and_composite (clip=0x0, op=CAIRO_OPERATOR_OVER,
src=0xbfbe2430, draw_func=0xb7963b00
<_cairo_surface_old_show_glyphs_draw_func>,
    draw_closure=0xbfbe2380, dst=0x81d2a80, extents=0xbfbe2394) at
cairo-surface-fallback.c:391
#9  0xb7963d71 in _cairo_surface_fallback_show_glyphs (surface=0x81d2a80,
op=CAIRO_OPERATOR_OVER, source=0xbfbe2430, glyphs=0xb6eeb008, num_glyphs=64000,
    scaled_font=0x8176470) at cairo-surface-fallback.c:937
#10 0xb79625ea in _cairo_surface_show_glyphs (surface=0x81d2a80,
op=CAIRO_OPERATOR_OVER, source=0xbfbe2430, glyphs=0xb6eeb008, num_glyphs=64000,
    scaled_font=0x8176470) at cairo-surface.c:1406
#11 0xb7958d54 in _cairo_gstate_show_glyphs (gstate=0x81e33f8,
glyphs=0xb7024008, num_glyphs=64000) at cairo-gstate.c:1471
#12 0xb795467c in cairo_show_glyphs (cr=0x81a46c0, glyphs=0xb7024008,
num_glyphs=64000) at cairo.c:2158
#13 0xb79da0c8 in pango_cairo_renderer_draw_glyphs (renderer=0x81a2490,
font=0x813d800, glyphs=0x809bb58, x=0, y=13312) at pangocairo-render.c:183
#14 0xb79bc908 in pango_renderer_draw_glyphs (renderer=0x81a2490,
font=0x813d800, glyphs=0x809bb58, x=0, y=13312) at pango-renderer.c:599
#15 0xb79bdb2d in pango_renderer_draw_layout_line (renderer=0x81a2490,
line=0x81a16e8, x=0, y=13312) at pango-renderer.c:530
#16 0xb79bdee7 in pango_renderer_draw_layout (renderer=0x81a2490,
layout=0x818ed88, x=0, y=0) at pango-renderer.c:183
#17 0xb79dac88 in pango_cairo_show_layout (cr=0x81a46c0, layout=0x818ed88) at
pangocairo-render.c:475
#18 0xb7cd8360 in gtk_entry_expose (widget=0x808e8a8, event=0x80749f0) at
gtkentry.c:3210
#19 0xb7d539ec in _gtk_marshal_BOOLEAN__BOXED (closure=0x8087640,
return_value=0xbfbe2cc0, n_param_values=2, param_values=0xbfbe2d9c,
    invocation_hint=0xbfbe2cac, marshal_data=0xb7cd8160) at gtkmarshalers.c:83
#20 0xb7a9b135 in g_type_class_meta_marshal (closure=0x8087640,
return_value=0xbfbe2cc0, n_param_values=2, param_values=0xbfbe2d9c,
    invocation_hint=0xbfbe2cac, marshal_data=0x80749f0) at gclosure.c:567
#21 0xb7a9b7cb in g_closure_invoke (closure=0x8087640, return_value=0xbfbe2cc0,
n_param_values=2, param_values=0xbfbe2d9c, invocation_hint=0xbfbe2cac)
    at gclosure.c:490
#22 0xb7aacb22 in signal_emit_unlocked_R (node=0x8088800, detail=0,
instance=0x808e8a8, emission_return=0xbfbe2f1c, instance_and_params=0xbfbe2d9c)
    at gsignal.c:2476
#23 0xb7aadd15 in g_signal_emit_valist (instance=0x808e8a8, signal_id=33,
detail=0, var_args=0xbfbe2fa0
"\uffff/\uffff\uffff(D\b\b\uffff/\uffff\uffff\uffff<\u5de8\uffff\b\b(D\b\b\uffff\uffff\b\b\204?\uffff\uffff")
    at gsignal.c:2207
#24 0xb7aae2fb in g_signal_emit (instance=0x808e8a8, signal_id=33, detail=0) at
gsignal.c:2241
#25 0xb7e53e58 in gtk_widget_event_internal (widget=0x808e8a8,
event=0xbfbe3050) at gtkwidget.c:3746
#26 0xb7d51fd0 in gtk_main_do_event (event=0xbfbe3050) at gtkmain.c:1368
#27 0xb7f5ca40 in gdk_window_process_updates_internal (window=0x8080b30) at
gdkwindow.c:2220
#28 0xb7f5cb3c in gdk_window_process_all_updates () at gdkwindow.c:2273
#29 0xb7f5cbe4 in gdk_window_update_idle (data=0x0) at gdkwindow.c:2141
#30 0xb7a30061 in g_idle_dispatch (source=0x81d27d0, callback=0xb7f5cbc0
<gdk_window_update_idle>, user_data=0x0) at gmain.c:3796
#31 0xb7a2d9d1 in g_main_context_dispatch (context=0x80837a0) at gmain.c:1916
#32 0xb7a30d77 in g_main_context_iterate (context=0x80837a0, block=1,
dispatch=1, self=0x809fbd8) at gmain.c:2547
#33 0xb7a312c8 in g_main_loop_run (loop=0x81a3a00) at gmain.c:2751
#34 0xb7d510d9 in gtk_main () at gtkmain.c:989
#35 0x0804ddb4 in main (argc=1, argv=0xbfbe3304) at testentrycompletion.c:448

gtk+, pango, cairo from cvs.
Comment 1 Karl Ostmo 2007-12-30 13:48:10 UTC 
*** Bug 4657 has been marked as a duplicate of this bug. ***
Comment 2 Chris Wilson 2008-09-30 07:39:35 UTC 
Sigh. We had a test to exercise an older occurrence of this very bug, but it was disabled - and we reintroduced the bug when converting from _cairo_xlib_surface_old_show_glyphs to _cairo_xlib_surface_emit_glyphs().

Hopefully fixed for the last time - always an optimist!

(Also the fact that show-glyphs-many takes a few minutes to run for the SVG backend, may just prompt somebody to fix our SVG emission and librsvg...)

The most recent version of this bug fixed with:
commit 0eb0c26474a19477554bfd580aa5f8ae77c29779
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Tue Sep 30 13:33:25 2008 +0100

    [xlib] Correct calculation of XRenderComposite* request size.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.