Bug 76272

Summary: Segfault at sweep_line_delete on video playback
Product: cairo Reporter: David <sidicas2>
Component: generalAssignee: Chris Wilson <chris>
Status: RESOLVED DUPLICATE QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: normal    
Priority: medium CC: rcoe
Version: 1.12.16   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: prevent cairo crash on null-pointers
prevent cairo crash on null-pointers (minor fix)

Description David 2014-03-17 15:00:38 UTC 
See Also: 
http://lists.cairographics.org/archives/cairo/2014-March/025089.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739262#50





~$ gdb liferea
GNU gdb (GDB) 7.6.2 (Debian 7.6.2-1)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/liferea...Reading symbols from
/usr/lib/debug/.build-id/1a/10cb7cd5c4742609b9460e68e9b4707b8ac9f8.debug...done.
done.
(gdb) run
Starting program: /usr/bin/liferea
warning: no loadable sections found in added symbol-file system-supplied
DSO at 0x7ffff7ffa000
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe46e9700 (LWP 8753)]
[New Thread 0x7fffe3ee8700 (LWP 8754)]
[New Thread 0x7fffe12dc700 (LWP 8755)]
[Thread 0x7fffe3ee8700 (LWP 8754) exited]
[Thread 0x7fffe46e9700 (LWP 8753) exited]
[Thread 0x7ffff7faba00 (LWP 8748) exited]
[Inferior 1 (process 8748) exited normally]
(gdb) run
Starting program: /usr/bin/liferea
warning: no loadable sections found in added symbol-file system-supplied
DSO at 0x7ffff7ffa000
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe46e9700 (LWP 8787)]
[New Thread 0x7fffe3ee8700 (LWP 8788)]
[New Thread 0x7fffe12dc700 (LWP 8789)]
[Thread 0x7fffe12dc700 (LWP 8789) exited]
[Thread 0x7fffe3ee8700 (LWP 8788) exited]
[Thread 0x7fffe46e9700 (LWP 8787) exited]
[Inferior 1 (process 8785) exited normally]
(gdb) run
Starting program: /usr/bin/liferea
warning: no loadable sections found in added symbol-file system-supplied
DSO at 0x7ffff7ffa000
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe46e9700 (LWP 9362)]
[New Thread 0x7fffe3ee8700 (LWP 9363)]
[New Thread 0x7fffe12dc700 (LWP 9364)]
[New Thread 0x7fffccca4700 (LWP 9365)]
[New Thread 0x7fff8c4a1700 (LWP 9366)]
[New Thread 0x7fff8ad53700 (LWP 9367)]
[New Thread 0x7fff8a552700 (LWP 9368)]
[New Thread 0x7fff89d51700 (LWP 9369)]
[New Thread 0x7fff89550700 (LWP 9370)]
[New Thread 0x7fff88857700 (LWP 9371)]
[Thread 0x7fff88857700 (LWP 9371) exited]
[New Thread 0x7fff88857700 (LWP 9392)]
[New Thread 0x7fff73749700 (LWP 9393)]
[New Thread 0x7fff72d06700 (LWP 9394)]
[New Thread 0x7fff7242a700 (LWP 9395)]
[New Thread 0x7fff71631700 (LWP 9396)]
[New Thread 0x7fff5bfff700 (LWP 9397)]
[New Thread 0x7fff5b7fe700 (LWP 9398)]
[New Thread 0x7fff5affd700 (LWP 9399)]
[New Thread 0x7fff5a7fc700 (LWP 9400)]
[New Thread 0x7fff59ffb700 (LWP 9401)]
[New Thread 0x7fff40db2700 (LWP 9403)]
[New Thread 0x7fff37ffe700 (LWP 9404)]
[New Thread 0x7fff377fd700 (LWP 9405)]
[New Thread 0x7fff34e8d700 (LWP 9406)]
[New Thread 0x7fff27fff700 (LWP 9407)]
[New Thread 0x7fff26362700 (LWP 9408)]
[New Thread 0x7fff25b61700 (LWP 9409)]
[New Thread 0x7fff25360700 (LWP 9410)]
[New Thread 0x7fff24b5f700 (LWP 9411)]
[New Thread 0x7fff1f782700 (LWP 9412)]
[Thread 0x7fffe12dc700 (LWP 9364) exited]
[New Thread 0x7fffe12dc700 (LWP 9413)]
[New Thread 0x7fff1ef81700 (LWP 9414)]
[New Thread 0x7fff1e780700 (LWP 9415)]
[New Thread 0x7fff1df7f700 (LWP 9416)]
[New Thread 0x7fff1d77e700 (LWP 9417)]
[New Thread 0x7fff1cf7d700 (LWP 9418)]
[New Thread 0x7fff03fff700 (LWP 9419)]
[New Thread 0x7fff037fe700 (LWP 9420)]
[New Thread 0x7fff02ffd700 (LWP 9421)]
[New Thread 0x7fff027fc700 (LWP 9422)]
[Thread 0x7fff027fc700 (LWP 9422) exited]
[Thread 0x7fff5b7fe700 (LWP 9398) exited]
[Thread 0x7fff59ffb700 (LWP 9401) exited]
[Thread 0x7fff5affd700 (LWP 9399) exited]
[Thread 0x7fff5bfff700 (LWP 9397) exited]
[Thread 0x7fff26362700 (LWP 9408) exited]
[Thread 0x7fff25b61700 (LWP 9409) exited]
[Thread 0x7fff25360700 (LWP 9410) exited]
[Thread 0x7fff24b5f700 (LWP 9411) exited]
[Thread 0x7fff40db2700 (LWP 9403) exited]
[Thread 0x7fff1ef81700 (LWP 9414) exited]
[Thread 0x7fff1e780700 (LWP 9415) exited]
[Thread 0x7fff1df7f700 (LWP 9416) exited]
[Thread 0x7fff1d77e700 (LWP 9417) exited]
[New Thread 0x7fff1d77e700 (LWP 9423)]
[New Thread 0x7fff1df7f700 (LWP 9424)]
[New Thread 0x7fff1e780700 (LWP 9425)]
[New Thread 0x7fff1ef81700 (LWP 9426)]
[New Thread 0x7fff5bfe0700 (LWP 9427)]
[Thread 0x7fff88857700 (LWP 9392) exited]
[Thread 0x7fff34e8d700 (LWP 9406) exited]
[Thread 0x7fff27fff700 (LWP 9407) exited]
[Thread 0x7fff377fd700 (LWP 9405) exited]
[Thread 0x7fff03fff700 (LWP 9419) exited]
[Thread 0x7fff1cf7d700 (LWP 9418) exited]
[Thread 0x7fff72d06700 (LWP 9394) exited]
[Thread 0x7fff37ffe700 (LWP 9404) exited]
[Thread 0x7fffe12dc700 (LWP 9413) exited]
[Thread 0x7fff1df7f700 (LWP 9424) exited]
[Thread 0x7fff5bfe0700 (LWP 9427) exited]
[Thread 0x7fff7242a700 (LWP 9395) exited]
[Thread 0x7fff1e780700 (LWP 9425) exited]
[Thread 0x7fff037fe700 (LWP 9420) exited]
[Thread 0x7fff73749700 (LWP 9393) exited]
[New Thread 0x7fff73749700 (LWP 9440)]
[New Thread 0x7fff037fe700 (LWP 9441)]
[New Thread 0x7fff1e780700 (LWP 9442)]
[New Thread 0x7fff7242a700 (LWP 9450)]
[New Thread 0x7fff5b0db700 (LWP 9451)]
[Thread 0x7fff1d77e700 (LWP 9423) exited]
[Thread 0x7fff73749700 (LWP 9440) exited]
[Thread 0x7fff7242a700 (LWP 9450) exited]
[Thread 0x7fff1e780700 (LWP 9442) exited]
[Thread 0x7fff1ef81700 (LWP 9426) exited]
[New Thread 0x7fff1ef81700 (LWP 9452)]
[New Thread 0x7fff1e780700 (LWP 9453)]
[New Thread 0x7fff7242a700 (LWP 9454)]
[New Thread 0x7fff73749700 (LWP 9455)]
[New Thread 0x7fff27fff700 (LWP 9456)]
[New Thread 0x7fff26362700 (LWP 9457)]
[New Thread 0x7fff25b61700 (LWP 9458)]
[New Thread 0x7fff25360700 (LWP 9459)]
[New Thread 0x7fff24b5f700 (LWP 9460)]
[New Thread 0x7fff1df7f700 (LWP 9461)]
[New Thread 0x7fff1d77e700 (LWP 9462)]
[Thread 0x7fff1d77e700 (LWP 9462) exited]
[Thread 0x7fff5a7fc700 (LWP 9400) exited]
[Thread 0x7fff5b0db700 (LWP 9451) exited]
[Thread 0x7fff1ef81700 (LWP 9452) exited]
[Thread 0x7fff1df7f700 (LWP 9461) exited]
[New Thread 0x7fff1df7f700 (LWP 9484)]
[Thread 0x7fff1f782700 (LWP 9412) exited]
[New Thread 0x7fff1f782700 (LWP 9487)]
[New Thread 0x7fff1ef81700 (LWP 9488)]
[New Thread 0x7fff5b0db700 (LWP 9489)]
[New Thread 0x7fff5a7fc700 (LWP 9490)]
[New Thread 0x7fff1d4c0700 (LWP 9492)]
[Thread 0x7fff1d4c0700 (LWP 9492) exited]
[Thread 0x7fff1df7f700 (LWP 9484) exited]
[Thread 0x7fff1ef81700 (LWP 9488) exited]
[Thread 0x7fff1f782700 (LWP 9487) exited]
[Thread 0x7fff5a7fc700 (LWP 9490) exited]

Program received signal SIGSEGV, Segmentation fault.
sweep_line_delete (rectangle=0x7fffffff6978, sweep=0x7fffffff6690)
    at /tmp/buildd/cairo-1.12.16/src/cairo-bentley-ottmann-rectangular.c:567
567   
/tmp/buildd/cairo-1.12.16/src/cairo-bentley-ottmann-rectangular.c: Aucun
fichier ou dossier de ce type.
(gdb) bt
#0  sweep_line_delete (rectangle=0x7fffffff6978, sweep=0x7fffffff6690)
    at /tmp/buildd/cairo-1.12.16/src/cairo-bentley-ottmann-rectangular.c:567
#1  _cairo_bentley_ottmann_tessellate_rectangular (
    rectangles=rectangles@entry=0x7fffffff6860,
    num_rectangles=num_rectangles@entry=3,
    fill_rule=fill_rule@entry=CAIRO_FILL_RULE_WINDING,
    do_traps=do_traps@entry=0, container=container@entry=0x7fffffff7960)
    at /tmp/buildd/cairo-1.12.16/src/cairo-bentley-ottmann-rectangular.c:659
#2  0x00007ffff2f2f193 in _cairo_bentley_ottmann_tessellate_boxes (
    in=in@entry=0x7fffffff7bb0,
    fill_rule=fill_rule@entry=CAIRO_FILL_RULE_WINDING,
    out=out@entry=0x7fffffff7960)
    at /tmp/buildd/cairo-1.12.16/src/cairo-bentley-ottmann-rectangular.c:877
#3  0x00007ffff2f90e61 in fixup_unbounded (
    extents=extents@entry=0x7fffffff8d60, boxes=boxes@entry=0x7fffffff82d0,
    compositor=<optimized out>)
    at /tmp/buildd/cairo-1.12.16/src/cairo-traps-compositor.c:885
#4  0x00007ffff2f92081 in composite_aligned_boxes (boxes=0x7fffffff82d0,
    extents=0x7fffffff8d60, compositor=0x7ffff3230ac0 <compositor.16213>)
    at /tmp/buildd/cairo-1.12.16/src/cairo-traps-compositor.c:1298
#5  clip_and_composite_boxes (
    compositor=compositor@entry=0x7ffff3230ac0 <compositor.16213>,
    extents=extents@entry=0x7fffffff8d60, boxes=boxes@entry=0x7fffffff82d0)
---Type <return> to continue, or q <return> to quit---
    at /tmp/buildd/cairo-1.12.16/src/cairo-traps-compositor.c:1774
#6  0x00007ffff2f92433 in clip_and_composite_polygon (
    compositor=compositor@entry=0x7ffff3230ac0 <compositor.16213>,
    extents=extents@entry=0x7fffffff8d60,
    polygon=polygon@entry=0x7fffffff8940,
    antialias=antialias@entry=CAIRO_ANTIALIAS_NONE,
    fill_rule=fill_rule@entry=CAIRO_FILL_RULE_WINDING, curvy=<optimized
out>)
    at /tmp/buildd/cairo-1.12.16/src/cairo-traps-compositor.c:1562
#7  0x00007ffff2f92b72 in _cairo_traps_compositor_fill (
    _compositor=0x7ffff3230ac0 <compositor.16213>, extents=0x7fffffff8d60,
    path=0xfc4698, fill_rule=CAIRO_FILL_RULE_WINDING,
    tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_NONE)
    at /tmp/buildd/cairo-1.12.16/src/cairo-traps-compositor.c:2250
#8  0x00007ffff2f3bee7 in _cairo_compositor_fill (
    compositor=0x7ffff3230ac0 <compositor.16213>,
    surface=surface@entry=0x17362e0, op=op@entry=CAIRO_OPERATOR_IN,
    source=source@entry=0x7ffff2ff38a0 <_cairo_pattern_white>,
    path=path@entry=0xfc4698,
    fill_rule=fill_rule@entry=CAIRO_FILL_RULE_WINDING,
    tolerance=0.10000000000000001,
    antialias=antialias@entry=CAIRO_ANTIALIAS_NONE,
clip=clip@entry=0xc96dd0)
    at /tmp/buildd/cairo-1.12.16/src/cairo-compositor.c:203
#9  0x00007ffff2faca58 in _cairo_xlib_surface_fill (_surface=<optimized
out>,
---Type <return> to continue, or q <return> to quit---
    op=CAIRO_OPERATOR_IN, source=0x7ffff2ff38a0 <_cairo_pattern_white>,
    path=0xfc4698, fill_rule=CAIRO_FILL_RULE_WINDING,
    tolerance=<optimized out>, antialias=CAIRO_ANTIALIAS_NONE,
clip=0xc96dd0)
    at /tmp/buildd/cairo-1.12.16/src/cairo-xlib-surface.c:1646
#10 0x00007ffff2f7ff14 in _cairo_surface_fill (surface=0x17362e0,
    op=CAIRO_OPERATOR_IN, source=0x7ffff2ff38a0 <_cairo_pattern_white>,
    path=0xfc4698, fill_rule=CAIRO_FILL_RULE_WINDING,
    tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_NONE,
    clip=0xc96dd0) at /tmp/buildd/cairo-1.12.16/src/cairo-surface.c:2255
#11 0x00007ffff2f3a54f in _cairo_clip_combine_with_surface (clip=0xc96dd0,
    dst=dst@entry=0x17362e0, dst_x=<optimized out>, dst_y=<optimized out>)
    at /tmp/buildd/cairo-1.12.16/src/cairo-clip-surface.c:78
#12 0x00007ffff2f90b37 in create_composite_mask (
    compositor=compositor@entry=0x7ffff3230ac0 <compositor.16213>,
    dst=dst@entry=0xe8c000, draw_closure=draw_closure@entry=0x7fffffffa070,
    draw_func=<optimized out>, mask_func=mask_func@entry=0x0,
    extents=extents@entry=0x7fffffffa490)
    at /tmp/buildd/cairo-1.12.16/src/cairo-traps-compositor.c:500
#13 0x00007ffff2f91761 in clip_and_composite_with_mask (src_y=0, src_x=0,
    src=0xfbd6d0, op=CAIRO_OPERATOR_OVER, draw_closure=0x7fffffffa070,
    mask_func=0x0, draw_func=<optimized out>, extents=0x7fffffffa490,
    compositor=0x7ffff3230ac0 <compositor.16213>)
    at /tmp/buildd/cairo-1.12.16/src/cairo-traps-compositor.c:546
---Type <return> to continue, or q <return> to quit---
#14 clip_and_composite (
    compositor=compositor@entry=0x7ffff3230ac0 <compositor.16213>,
    extents=extents@entry=0x7fffffffa490,
    draw_func=draw_func@entry=0x7ffff2f8fda0 <composite_boxes>,
    mask_func=mask_func@entry=0x0,
    draw_closure=draw_closure@entry=0x7fffffffa070, need_clip=2)
    at /tmp/buildd/cairo-1.12.16/src/cairo-traps-compositor.c:1036
#15 0x00007ffff2f91c11 in clip_and_composite_boxes (
    compositor=compositor@entry=0x7ffff3230ac0 <compositor.16213>,
    extents=extents@entry=0x7fffffffa490, boxes=boxes@entry=0x7fffffffa070)
    at /tmp/buildd/cairo-1.12.16/src/cairo-traps-compositor.c:1779
#16 0x00007ffff2f92bd7 in _cairo_traps_compositor_fill (
    _compositor=0x7ffff3230ac0 <compositor.16213>, extents=0x7fffffffa490,
    path=0xce7ae8, fill_rule=CAIRO_FILL_RULE_WINDING,
    tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT)
    at /tmp/buildd/cairo-1.12.16/src/cairo-traps-compositor.c:2219
#17 0x00007ffff2f3bee7 in _cairo_compositor_fill (
    compositor=0x7ffff3230ac0 <compositor.16213>,
    surface=surface@entry=0xe8c000, op=op@entry=CAIRO_OPERATOR_OVER,
    source=source@entry=0x7fffffffa890, path=path@entry=0xce7ae8,
    fill_rule=fill_rule@entry=CAIRO_FILL_RULE_WINDING,
    tolerance=0.10000000000000001,
    antialias=antialias@entry=CAIRO_ANTIALIAS_DEFAULT,
---Type <return> to continue, or q <return> to quit---
    clip=clip@entry=0x1243d20)
    at /tmp/buildd/cairo-1.12.16/src/cairo-compositor.c:203
#18 0x00007ffff2faca58 in _cairo_xlib_surface_fill (_surface=<optimized
out>,
    op=CAIRO_OPERATOR_OVER, source=0x7fffffffa890, path=0xce7ae8,
    fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=<optimized out>,
    antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0x1243d20)
    at /tmp/buildd/cairo-1.12.16/src/cairo-xlib-surface.c:1646
#19 0x00007ffff2f7ff14 in _cairo_surface_fill (surface=0xe8c000,
    op=CAIRO_OPERATOR_OVER, source=0x7fffffffa890, path=0xce7ae8,
    fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001,
    antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0x1243d20)
    at /tmp/buildd/cairo-1.12.16/src/cairo-surface.c:2255
#20 0x00007ffff2f438ac in _cairo_gstate_fill (gstate=0x1091720,
    path=path@entry=0xce7ae8)
    at /tmp/buildd/cairo-1.12.16/src/cairo-gstate.c:1308
#21 0x00007ffff2f3d499 in _cairo_default_context_fill (abstract_cr=0xce7780)
    at /tmp/buildd/cairo-1.12.16/src/cairo-default-context.c:1058
#22 0x00007ffff2f36d85 in cairo_fill (cr=0xce7780)
    at /tmp/buildd/cairo-1.12.16/src/cairo.c:2201
#23 0x00007ffff5a25dbd in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#24 0x00007ffff60d7982 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
---Type <return> to continue, or q <return> to quit---
#25 0x00007ffff60d84fb in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#26 0x00007ffff60d8c2b in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#27 0x00007ffff60dac75 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#28 0x00007ffff60cd0a5 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#29 0x00007ffff60936df in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#30 0x00007ffff607cb12 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#31 0x00007ffff612d3a2 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#32 0x00007ffff61398fc in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#33 0x00007ffff6139bb3 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#34 0x00007ffff613a2e0 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#35 0x00007ffff613b17a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#36 0x00007ffff613947a in ?? ()
---Type <return> to continue, or q <return> to quit---
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#37 0x00007ffff6139bb3 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#38 0x00007ffff613a2e0 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#39 0x00007ffff613b17a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#40 0x00007ffff613947a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#41 0x00007ffff613a1f0 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#42 0x00007ffff613b17a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#43 0x00007ffff613947a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#44 0x00007ffff613a1f0 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#45 0x00007ffff613b17a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#46 0x00007ffff613947a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#47 0x00007ffff613a1f0 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
---Type <return> to continue, or q <return> to quit---
#48 0x00007ffff613a3dc in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#49 0x00007ffff601b6d5 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#50 0x00007ffff6607800 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#51 0x00007ffff61d4253 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#52 0x00007ffff61d2904 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#53 0x00007ffff606bebd in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#54 0x00007ffff6074078 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#55 0x00007ffff61d6f5c in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#56 0x00007ffff61514dd in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#57 0x00007ffff60809bd in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#58 0x00007ffff6093743 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#59 0x00007ffff607cb12 in ?? ()
---Type <return> to continue, or q <return> to quit---
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#60 0x00007ffff6080b03 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#61 0x00007ffff6080c70 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#62 0x00007ffff6080964 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#63 0x00007ffff6093743 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#64 0x00007ffff607cb12 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#65 0x00007ffff61282ac in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#66 0x00007ffff612d786 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#67 0x00007ffff6139958 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#68 0x00007ffff613a1f0 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#69 0x00007ffff613b17a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#70 0x00007ffff613947a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
---Type <return> to continue, or q <return> to quit---
#71 0x00007ffff613a1f0 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#72 0x00007ffff613b17a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#73 0x00007ffff613947a in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#74 0x00007ffff613a1f0 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#75 0x00007ffff613a3dc in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#76 0x00007ffff601b6d5 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#77 0x00007ffff6607800 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#78 0x00007ffff592ee07 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#79 0x00007ffff5a22a09 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#80 0x00007ffff5a348a2 in ?? ()
   from /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
#81 0x00007ffff2a09f33 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#82 0x00007ffff2a09526 in g_main_context_dispatch ()
   from /lib/x86_64-linux-gnu/libglib-2.0.so.0
---Type <return> to continue, or q <return> to quit---
#83 0x00007ffff2a09878 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#84 0x00007ffff2a0991c in g_main_context_iteration ()
   from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#85 0x00007ffff3738a1c in g_application_run ()
   from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#86 0x000000000041b4fd in main (argc=1, argv=0x7fffffffe3a8) at main.c:262
(gdb)
Comment 1 rcoe 2014-07-21 16:59:50 UTC 
sweep_line_delete is calling sweep_line_delete_edge which is deleting 
an edge from a double linked list without checking for null prev/next. 

As built by _cairo_bentley_ottmann_tessellate_rectangular(), there are
null prev/next pointers in the edge list.
Comment 2 rcoe 2014-07-21 18:11:00 UTC 
Created attachment 103204 [details] [review]
prevent cairo crash on null-pointers

Here is a patch that prevents the crash and allows videos to play for me.

As the null-terminated double linked list is built by cairo, it makes sense that cairo be able to navigate it's own list.
Comment 3 rcoe 2014-07-25 13:25:14 UTC 
Created attachment 103444 [details] [review]
prevent cairo crash on null-pointers (minor fix)

Added needed code back in taken out to make previous patch as small as possible.
Comment 4 Uli Schlachter 2014-08-23 13:38:17 UTC 

*** This bug has been marked as a duplicate of bug 81699 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.