Bug 93931

Summary: Crash in fast_composite_scaled_bilinear_sse2_8888_8888_cover_SRC
Product: cairo Reporter: Michael Catanzaro <mcatanzaro>
Component: generalAssignee: Chris Wilson <chris>
Status: RESOLVED MOVED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: critical    
Priority: medium    
Version: unspecified   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: Full backtrace

Description Michael Catanzaro 2016-01-30 00:07:58 UTC 
Created attachment 121403 [details]
Full backtrace

WebKitGTK+ crashes 100% in cairo (actually in pixman) when visiting https://camo.githubusercontent.com/d0aad8bda1ffca6c06210c1c5edf2bacc5e23ff5/687474703a2f2f672e7265636f726469742e636f2f74644c664c59573443662e676966 in Epiphany.

Using cairo-1.14.2-2.fc23, pixman-0.33.6-1.fc23, and webkitgtk4-2.10.4-1.fc23.

Short backtrace:

#0  0x00007fc3f90a3e34 in fast_composite_scaled_bilinear_sse2_8888_8888_cover_SRC (__q0=<optimized out>, __q1=<optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/5.3.1/include/emmintrin.h:587
#1  0x00007fc3f90a3e34 in fast_composite_scaled_bilinear_sse2_8888_8888_cover_SRC (__q0=..., __q1=...)
    at /usr/lib/gcc/x86_64-redhat-linux/5.3.1/include/emmintrin.h:593
#2  0x00007fc3f90a3e34 in fast_composite_scaled_bilinear_sse2_8888_8888_cover_SRC (__P=<optimized out>)
    at /usr/lib/gcc/x86_64-redhat-linux/5.3.1/include/emmintrin.h:704
#3  0x00007fc3f90a3e34 in fast_composite_scaled_bilinear_sse2_8888_8888_cover_SRC (zero_src=0, max_vx=2147483647, unit_x_=78655, vx_=<optimized out>, wb=<optimized out>, wt=<optimized out>, w=<optimized out>, src_bottom=0x7fc363401484, src_top=0x7fc363400000, mask=<synthetic pointer>, dst=0x7fc3639de000)
    at pixman-sse2.c:5715
#4  0x00007fc3f90a3e34 in fast_composite_scaled_bilinear_sse2_8888_8888_cover_SRC (imp=<optimized out>, info=<optimized out>) at pixman-sse2.c:5736
#5  0x00007fc3f902aa41 in pixman_image_composite32 (op=op@entry=PIXMAN_OP_SRC, src=src@entry=0x55f405d5f7e0, mask=mask@entry=0x0, dest=dest@entry=0x55f405d5ecd0, src_x=0, src_y=0, mask_x=0, mask_y=0, dest_x=0, dest_y=0, width=1094, height=509) at pixman.c:700
#6  0x00007fc404cfd4b4 in composite_boxes (_dst=<optimized out>, op=<optimized out>, abstract_src=<optimized out>, abstract_mask=<optimized out>, src_x=0, src_y=0, mask_x=0, mask_y=0, dst_x=0, dst_y=0, boxes=0x7ffd248fd990, extents=0x7ffd248fdc5c) at cairo-image-compositor.c:538
#7  0x00007fc404d3719a in clip_and_composite_boxes (boxes=0x7ffd248fd990, extents=0x7ffd248fdc20, compositor=0x7fc404ff1b60 <spans>)
    at cairo-spans-compositor.c:683
#8  0x00007fc404d3719a in clip_and_composite_boxes (compositor=compositor@entry=0x7fc404ff1b60 <spans>, extents=extents@entry=0x7ffd248fdc20, boxes=boxes@entry=0x7ffd248fd990) at cairo-spans-compositor.c:882
#9  0x00007fc404d3775e in clip_and_composite_boxes (compositor=0x7fc404ff1b60 <spans>, extents=0x7ffd248fdc20, boxes=0x7ffd248fd990)
    at cairo-spans-compositor.c:901
#10 0x00007fc404d37a79 in _cairo_spans_compositor_mask (_compositor=0x7fc404ff1b60 <spans>, extents=0x7ffd248fdc20) at cairo-spans-compositor.c:999
#11 0x00007fc404cf2429 in _cairo_compositor_paint (compositor=0x7fc404ff1b60 <spans>, surface=0x55f405d5f110, op=<optimized out>, source=<optimized out>, clip=<optimized out>) at cairo-compositor.c:65
#12 0x00007fc404d3a8b1 in _cairo_surface_paint (surface=0x55f405d5f110, op=CAIRO_OPERATOR_SOURCE, source=0x7ffd248fdf70, clip=0x55f40775b450)
    at cairo-surface.c:2117
#13 0x00007fc404cfab1f in _cairo_gstate_fill (gstate=0x55f405d5f4e0, path=path@entry=0x55f4059dd368) at cairo-gstate.c:1312
#14 0x00007fc404cf3f19 in _cairo_default_context_fill (abstract_cr=<optimized out>) at cairo-default-context.c:1055
#15 0x00007fc404ced065 in cairo_fill (cr=<optimized out>) at cairo.c:2205
#16 0x00007fc4081cdbb9 in WebCore::PlatformContextCairo::drawSurfaceToContext(_cairo_surface*, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::GraphicsContext*) (this=0x55f405d5ec50, surface=surface@entry=0x55f405d5ef80, destRect=..., originalSrcRect=..., context=context@entry=0x7fc3f477fe00)
    at /usr/src/debug/webkitgtk-2.10.4/Source/WebCore/platform/graphics/cairo/PlatformContextCairo.cpp:228

Full backtrace attached.
Comment 1 GitLab Migration User 2018-08-25 13:35:32 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/cairo/cairo/issues/85.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.