Bug 91307

Summary: _cairo_gl_surface_resolve_multisampling called with a cairo_gl_source_t* casted to a cairo_gl_surface_t*
Product: cairo Reporter: Massimo <sixtysix>
Component: gl backendAssignee: cairo-bugs mailing list <cairo-bugs>
Status: RESOLVED MOVED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Massimo 2015-07-11 15:07:40 UTC 
Running:
>( cd test && DISPLAY=:2 CAIRO_TEST_TARGET=gl valgrind --track-origins=yes .libs/cairo-test-suite -f text-rotate)

valgrind reports:

text-rotate.gl.argb32 [0x1]:    ==23402== Invalid read of size 4
>==2==    at 0x4CCF3B0: _cairo_gl_surface_resolve_multisampling (cairo/src/cairo-gl-surface.c:1314)
>==2==    by 0x4CC88B8: _cairo_gl_surface_operand_init (cairo/src/cairo-gl-operand.c:251)
>==2==    by 0x4CC88B8: _cairo_gl_operand_init (cairo/src/cairo-gl-operand.c:529)
>==2==    by 0x4CCD92F: _cairo_gl_pattern_to_source (cairo/src/cairo-gl-source.c:82)
>==2==    by 0x4C7F330: composite_aligned_boxes (cairo/src/cairo-spans-compositor.c:678)
>==2==    by 0x4C7F330: clip_and_composite_boxes.part.11 (cairo/src/cairo-spans-compositor.c:882)
>==2==    by 0x4C7F92D: clip_and_composite_boxes (cairo/src/cairo-spans-compositor.c:901)
>==2==    by 0x4C7FC15: _cairo_spans_compositor_mask (cairo/src/cairo-spans-compositor.c:999)
>==2==    by 0x4C3A3C8: _cairo_compositor_mask (cairo/src/cairo-compositor.c:106)
>==2==    by 0x4C82D5B: _cairo_surface_mask (cairo/src/cairo-surface.c:2166)
>==2==    by 0x4CC747D: render_glyphs_via_mask (cairo/src/cairo-gl-glyphs.c:401)
>==2==    by 0x4CC7612: _cairo_gl_composite_glyphs_with_clip (cairo/src/cairo-gl-glyphs.c:461)
>==2==    by 0x4CC7653: _cairo_gl_composite_glyphs (cairo/src/cairo-gl-glyphs.c:482)
>==2==    by 0x4C93C76: clip_and_composite (cairo/src/cairo-traps-compositor.c:1049)
>==2==    by 0x4C93E6C: _cairo_traps_compositor_glyphs (cairo/src/cairo-traps-compositor.c:2335)
>==2==    by 0x4C3A69E: _cairo_compositor_glyphs (cairo/src/cairo-compositor.c:250)
>==2==    by 0x4CCDA37: _cairo_gl_surface_glyphs (cairo/src/cairo-gl-surface.c:1424)
>==2==    by 0x4C835F2: _cairo_surface_show_text_glyphs (cairo/src/cairo-surface.c:2600)
>==2==    by 0x4C43917: _cairo_gstate_show_text_glyphs (cairo/src/cairo-gstate.c:2023)
>==2==    by 0x4C36295: cairo_show_text (cairo/src/cairo.c:3263)
>==2==    by 0x44A26C: draw_quadrant (cairo/test/text-rotate.c:120)
>==2==    by 0x44A3ED: draw (cairo/test/text-rotate.c:168)
>==2==    by 0x40E04B: cairo_test_for_target (cairo/test/cairo-test.c:929)
>==2==    by 0x40EEC1: _cairo_test_context_run_for_target (cairo/test/cairo-test.c:1551)
>==2==    by 0x40BB13: _cairo_test_runner_draw (cairo/test/cairo-test-runner.c:255)
>==2==    by 0x40BB13: main (cairo/test/cairo-test-runner.c:937)
>==2==  Address 0x90247dc is 20 bytes before a block of size 1,040 alloc'd
>==2==    at 0x4A08987: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
>==2==    by 0x5C588C1: ??? (in /usr/lib64/dri/i965_dri.so)
>==2==    by 0x599D878: ??? (in /usr/lib64/dri/i965_dri.so)
>==2==    by 0x4CCEC67: _create_scratch_internal (cairo/src/cairo-gl-surface.c:457)
>==2==    by 0x4CCED4C: _cairo_gl_surface_create_scratch (cairo/src/cairo-gl-surface.c:512)

To silence this warning it is sufficient to return CAIRO_INT_STATUS_SUCCESS
if  _cairo_surface_is_gl (&surface->base) fails at line 1314 of src/cairo-gl-surface.c.

http://cgit.freedesktop.org/cairo/tree/src/cairo-gl-surface.c#n1311

Another apparent fix could be to anticipate the if (surface->base.device == NULL) 
before the if (! surface->msaa_active) as it seems gl_source_t are created 
with a NULL device pointer.
Comment 1 Bryce Harrington 2015-07-30 23:14:10 UTC 
I wonder if that just papers over the issue; that routine shouldn't be getting called on non-GL surfaces should it?

If the text can't be done through GL in this case, then perhaps that should be detected and handled higher up, such as in composite_aligned_boxes?
Comment 2 GitLab Migration User 2018-08-25 13:29:47 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/cairo/cairo/issues/33.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.