Bug 9844

Summary: cairo crashes in cairo_create_simular if nil surface returned by other->backend->create_similar
Product: cairo Reporter: Alexander Darovsky <adarovsky>
Component: generalAssignee: Carl Worth <cworth>
Status: RESOLVED FIXED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: blocker    
Priority: medium Keywords: patch
Version: 1.3.13   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: patch which fixes cairo crash
A patch that fixes bug in 1.4.0
A test case

Description Alexander Darovsky 2007-02-01 21:27:20 UTC 
There's invalid check in cairo-surface.c, which checks for (!surface), but
on failure nil surface is always returned.

Attached a simple patch which fixes this issue.
Comment 1 Alexander Darovsky 2007-02-01 21:28:06 UTC 
Created attachment 8577 [details] [review]
patch which fixes cairo crash
Comment 2 Carl Worth 2007-03-02 03:17:46 UTC 
Thanks for the report. I've made an alternate fix here which I'd love for you to give a try:

http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=4e0f0d9425e2677e75681b2416e7ee4c4e87440c

This is already available in a git pull of 1.3.15 and will be in 1.4.0 as well.

Also, if you could tell me what you were doing to get which backend to return a nil surface from create_similar, I'd love to add something to a test case to exercise this situation.

-Carl
Comment 3 Alexander Darovsky 2007-03-16 02:31:36 UTC 
Unfortunatelly, the bug still exists in 1.4.0. Attached the patch that fixes it.
Comment 4 Alexander Darovsky 2007-03-16 02:33:40 UTC 
Created attachment 9179 [details] [review]
A patch that fixes bug in 1.4.0

Here is a patch that fixes crash while creating surface with negative width
Comment 5 Carl Worth 2007-03-16 08:56:13 UTC 
(In reply to comment #3)
> Unfortunatelly, the bug still exists in 1.4.0. Attached the patch that fixes
> it.

Sorry we missed the fix.

Again, as I asked before, do you have a test case that we can use to exercise the bug so that we can be sure we've actually fixed it and that we don't keep regressing here?

-Carl
Comment 6 Carl Worth 2007-03-19 15:52:40 UTC 
Ok, I've pushed out another fix for this (will be in 1.4.2):

http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=725a4de42dfaf0d9d98447c9fbefed99fbf99ac1

It's slightly different, but hopefully still solves the problem,
(again, I'm still waiting for a test case to demonstrate the bug).

-Carl
Comment 7 Alexander Darovsky 2007-03-19 20:49:00 UTC 
Created attachment 9225 [details]
A test case

A test case, which fails on unpatched cairo, but works on patched one

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.