Bug 92210

Summary: segfault in bits_image_fetch_separable_convolution_affine()
Product: pixman Reporter: Richard B. Kreckel <kreckel>
Component: pixmanAssignee: Oded Gabbay <oded.gabbay>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: medium CC: siarhei.siamashka
Version: other   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Richard B. Kreckel 2015-10-01 09:20:49 UTC 
Viewing the file at http://in.terlu.de/~kreckel/add.eps in evince produces a segmentation fault in pixman 0.32.6 at pixman-fast-path.c:2813. As discussed at https://bugzilla.gnome.org/show_bug.cgi?id=755810, version 0.33.3 is affected as well.

Program received signal SIGSEGV, Segmentation fault.
bits_image_fetch_separable_convolution_affine (repeat_mode=PIXMAN_REPEAT_NONE, format=PIXMAN_x8r8g8b8, convert_pixel=<optimized out>, mask=0x0, buffer=0x7fffffff35c0,
width=<optimized out>, line=<optimized out>, offset=<optimized out>, image=0x555555d05c50) at ../../pixman/pixman-fast-path.c:2813

#0  bits_image_fetch_separable_convolution_affine (repeat_mode=PIXMAN_REPEAT_NONE, format=PIXMAN_x8r8g8b8, convert_pixel=<optimized out>, mask=0x0, buffer=0x7fffffff35c0, 
    width=<optimized out>, line=<optimized out>, offset=<optimized out>, image=0x555555d05c50) at ../../pixman/pixman-fast-path.c:2813
#1  bits_image_fetch_separable_convolution_affine_none_x8r8g8b8 (iter=0x7fffffff34a0, mask=0x0) at ../../pixman/pixman-fast-path.c:3153
#2  0x00007ffff0f42d43 in general_composite_rect (imp=0x5555557c6d50, info=<optimized out>) at ../../pixman/pixman-general.c:211
#3  0x00007ffff0ef6711 in pixman_image_composite32 (op=op@entry=PIXMAN_OP_SRC, src=src@entry=0x555555d05c50, mask=mask@entry=0x0, dest=dest@entry=0x555555d837f0, src_x=0, 
    src_y=0, mask_x=0, mask_y=0, dest_x=0, dest_y=0, width=1067, height=748) at ../../pixman/pixman.c:707
#4  0x00007ffff642c965 in composite_boxes (_dst=<optimized out>, op=<optimized out>, abstract_src=<optimized out>, abstract_mask=<optimized out>, src_x=0, src_y=0, mask_x=0, 
    mask_y=0, dst_x=0, dst_y=0, boxes=0x7fffffff9cf0, extents=0x7fffffff9fbc) at ../../../../src/cairo-image-compositor.c:538
#5  0x00007ffff64664cd in composite_aligned_boxes (boxes=<optimized out>, extents=<optimized out>, compositor=<optimized out>) at ../../../../src/cairo-spans-compositor.c:683
#6  clip_and_composite_boxes (compositor=0x7ffff670f180 <spans>, extents=0x7fffffff9f80, boxes=0x7fffffff9cf0) at ../../../../src/cairo-spans-compositor.c:882
#7  0x00007ffff6466a2e in clip_and_composite_boxes (compositor=0x7ffff670f180 <spans>, extents=0x7fffffff9f80, boxes=0x7fffffff9cf0)
    at ../../../../src/cairo-spans-compositor.c:901
#8  0x00007ffff6466b49 in _cairo_spans_compositor_paint (_compositor=0x7ffff670f180 <spans>, extents=0x7fffffff9f80) at ../../../../src/cairo-spans-compositor.c:983
#9  0x00007ffff6421bb9 in _cairo_compositor_paint (compositor=0x7ffff670f180 <spans>, surface=0x555555d83900, op=<optimized out>, source=<optimized out>, clip=<optimized out>)
    at ../../../../src/cairo-compositor.c:65
#10 0x00007ffff6469c21 in _cairo_surface_paint (surface=0x555555d83900, op=CAIRO_OPERATOR_SOURCE, source=0x7fffffffa2f0, clip=0x0) at ../../../../src/cairo-surface.c:2117
#11 0x00007ffff646e972 in _cairo_surface_offset_paint (target=target@entry=0x555555d83900, x=<optimized out>, y=48, op=op@entry=CAIRO_OPERATOR_SOURCE, source=0x7fffffffa2f0, 
    source@entry=0x7fffffffadf0, clip=clip@entry=0x0) at ../../../../src/cairo-surface-offset.c:85
#12 0x00007ffff6496298 in render_pattern (dst=<optimized out>, pattern=0x7fffffffadf0, is_mask=<optimized out>, extents=0x7fffffffadac, src_x=0x7fffffffa64c, src_y=0x7fffffffa650)
    at ../../../../src/cairo-xlib-source.c:305
#13 0x00007ffff649710b in _cairo_xlib_source_create_for_pattern (_dst=0x555555d84110, pattern=0x7fffffffadf0, is_mask=-869674688, extents=0xf022ec, sample=0x7fffffffadd0, 
    src_x=0x7fffffffa64c, src_y=0x7fffffffa650) at ../../../../src/cairo-xlib-source.c:1165
#14 0x00007ffff647cb11 in composite_aligned_boxes (boxes=<optimized out>, extents=<optimized out>, compositor=<optimized out>) at ../../../../src/cairo-traps-compositor.c:1292
#15 clip_and_composite_boxes (compositor=0x7ffff67104c0 <compositor>, extents=0x7fffffffad70, boxes=0x7fffffffaae0) at ../../../../src/cairo-traps-compositor.c:1792
#16 0x00007ffff647cfc9 in clip_and_composite_boxes (compositor=0x7ffff67104c0 <compositor>, extents=0x7fffffffad70, boxes=0x7fffffffaae0)
    at ../../../../src/cairo-traps-compositor.c:1742
#17 0x00007ffff647d675 in _cairo_traps_compositor_paint (_compositor=0x7ffff67104c0 <compositor>, extents=0x7fffffffad70) at ../../../../src/cairo-traps-compositor.c:2063
#18 0x00007ffff6421bb9 in _cairo_compositor_paint (compositor=0x7ffff67104c0 <compositor>, surface=0x555555d84110, op=<optimized out>, source=<optimized out>, 
    clip=<optimized out>) at ../../../../src/cairo-compositor.c:65
#19 0x00007ffff6469c21 in _cairo_surface_paint (surface=0x555555d84110, op=CAIRO_OPERATOR_OVER, source=0x7fffffffb0b0, clip=0x555555d95500) at ../../../../src/cairo-surface.c:2117
#20 0x00007ffff6429747 in _cairo_gstate_paint (gstate=0x555555d95360) at ../../../../src/cairo-gstate.c:1067
#21 0x00007ffff641c605 in INT_cairo_paint (cr=0xd982a3) at ../../../../src/cairo.c:2003
#22 0x00007ffff7978263 in ?? () from /usr/lib/libevview3.so.3
#23 0x00007ffff7982569 in ?? () from /usr/lib/libevview3.so.3
#24 0x00007ffff725eb89 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#25 0x00007ffff739417c in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#26 0x00007ffff59c6452 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#27 0x00007ffff59dfa50 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#28 0x00007ffff59e08ff in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#29 0x00007ffff73a26f1 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#30 0x00007ffff73a3e4f in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#31 0x00007ffff73a4101 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#32 0x00007ffff71ac6b5 in gtk_container_propagate_draw () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#33 0x00007ffff71ac782 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#34 0x00007ffff72de549 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#35 0x00007ffff725eb89 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#36 0x00007ffff739417c in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#37 0x00007ffff59c6452 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#38 0x00007ffff59dfa50 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#39 0x00007ffff59e08ff in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#40 0x00007ffff73a26f1 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#41 0x00007ffff73a3e4f in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#42 0x00007ffff73a4101 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#43 0x00007ffff71ac6b5 in gtk_container_propagate_draw () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#44 0x00007ffff71ac782 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#45 0x00007ffff725eb89 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#46 0x00007ffff739417c in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#47 0x00007ffff59c6452 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#48 0x00007ffff59dfa50 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#49 0x00007ffff59e08ff in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#50 0x00007ffff73a26f1 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#51 0x00007ffff73a4243 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#52 0x00007ffff71ac6b5 in gtk_container_propagate_draw () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#53 0x00007ffff71ac782 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#54 0x00007ffff7166bf2 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#55 0x00007ffff725eb89 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#56 0x00007ffff739417c in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#57 0x00007ffff59c6452 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#58 0x00007ffff59dfa50 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#59 0x00007ffff59e08ff in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#60 0x00007ffff73a26f1 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#61 0x00007ffff73a4243 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#62 0x00007ffff71ac6b5 in gtk_container_propagate_draw () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#63 0x00007ffff71ac782 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#64 0x00007ffff7299bf3 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#65 0x00007ffff725eb89 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#66 0x00007ffff739417c in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#67 0x00007ffff59c6452 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#68 0x00007ffff59dfa50 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#69 0x00007ffff59e08ff in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#70 0x00007ffff73a26f1 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#71 0x00007ffff73a3e4f in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#72 0x00007ffff73a420a in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#73 0x00007ffff71ac6b5 in gtk_container_propagate_draw () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#74 0x00007ffff71ac782 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#75 0x00007ffff7166bf2 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#76 0x00007ffff725eb89 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#77 0x00007ffff739417c in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#78 0x00007ffff59c6452 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#79 0x00007ffff59dfa50 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#80 0x00007ffff59e08ff in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#81 0x00007ffff73a26f1 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#82 0x00007ffff73a4243 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#83 0x00007ffff71ac6b5 in gtk_container_propagate_draw () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#84 0x00007ffff71ac782 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#85 0x00007ffff73aecdd in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#86 0x00007ffff725eb89 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#87 0x00007ffff739417c in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#88 0x00007ffff59c6504 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#89 0x00007ffff59dfa50 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#90 0x00007ffff59e08ff in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#91 0x00007ffff73a26f1 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#92 0x00007ffff73a3e4f in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#93 0x00007ffff73a4101 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#94 0x00007ffff73a442b in gtk_widget_send_expose () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#95 0x00007ffff725d900 in gtk_main_do_event () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#96 0x00007ffff6dc820f in ?? () from /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#97 0x00007ffff6dc919f in ?? () from /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#98 0x00007ffff6dc9353 in ?? () from /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#99 0x00007ffff59c6504 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#100 0x00007ffff59dffa7 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#101 0x00007ffff59e0e4a in g_signal_emit_by_name () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#102 0x00007ffff6dc26ca in ?? () from /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#103 0x00007ffff6db1d88 in ?? () from /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#104 0x00007ffff56f15e3 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#105 0x00007ffff56f0b4d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#106 0x00007ffff56f0f20 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#107 0x00007ffff56f0fcc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#108 0x00007ffff5cb167c in g_application_run () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#109 0x0000555555572c27 in ?? ()
#110 0x00007ffff4e01b45 in __libc_start_main (main=0x555555572770, argc=2, argv=0x7fffffffe3c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, 
    stack_end=0x7fffffffe3b8) at libc-start.c:287
#111 0x0000555555572d55 in ?? ()
Comment 1 Siarhei Siamashka 2015-10-02 14:20:31 UTC 
Thanks, reproduced the segfault here. Also the backtrace looks very similar to the problem reported earlier in bug #87588
Comment 2 Siarhei Siamashka 2015-10-03 01:11:52 UTC 
Let's treat it as a duplicate of bug #87588 in order to track this problem in a single place.

*** This bug has been marked as a duplicate of bug 87588 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.