12715 – xchat-gnome crashed with SIGSEGV in cairo_surface_finish()

Bug 12715 - xchat-gnome crashed with SIGSEGV in cairo_surface_finish()

Summary: xchat-gnome crashed with SIGSEGV in cairo_surface_finish()

Status:	RESOLVED FIXED

Alias:	None

Product:	cairo
Classification:	Unclassified
Component:	general (show other bugs)
Version:	1.4.10
Hardware:	Other All

Importance:	medium normal
Assignee:	Carl Worth
QA Contact:	cairo-bugs mailing list

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2007-10-06 05:12 UTC by Sebastien Bacher
Modified:	2008-10-10 06:40 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Sebastien Bacher 2007-10-06 05:12:44 UTC

The bug has been opened on https://bugs.launchpad.net/ubuntu/+source/xchat-gnome/+bug/149570

"Binary package hint: xchat-gnome

entered '/list' command
...
libcairo2 1.4.10-1ubuntu4
...
#0  _cairo_xlib_remove_close_display_hooks (dpy=<value optimized out>, key=0x1a3f1c0)
    at /build/buildd/libcairo-1.4.10/src/cairo-xlib-display.c:336
	display = (cairo_xlib_display_t *) 0x13ecf50
	hook = (cairo_xlib_hook_t *) 0x656469762073276c
	next = (cairo_xlib_hook_t *) 0x656469762073276c
	prev = (cairo_xlib_hook_t **) 0x144fab0
#1  0x00002b3625159c61 in _cairo_xlib_surface_finish (abstract_surface=<value optimized out>)
    at /build/buildd/libcairo-1.4.10/src/cairo-xlib-surface.c:333
	status2 = <value optimized out>
	surface = (cairo_xlib_surface_t *) 0x1a3f1c0
	display = (cairo_xlib_display_t *) 0x13ecf50
	status = CAIRO_STATUS_SUCCESS
#2  0x00002b3625134e13 in *INT_cairo_surface_finish (surface=0x1a3f1c0)
    at /build/buildd/libcairo-1.4.10/src/cairo-surface.c:504
	status = <value optimized out>
#3  0x00002b3625134e95 in *INT_cairo_surface_destroy (surface=0x13ecfb0)
    at /build/buildd/libcairo-1.4.10/src/cairo-surface.c:401
	__PRETTY_FUNCTION__ = "cairo_surface_destroy"
#4  0x00002b3621775793 in IA__gdk_window_end_paint (window=0x13e0ad0) at /build/buildd/gtk+2.0-2.12.0/gdk/gdkwindow.c:1087
	composited = <value optimized out>
	paint = (GdkWindowPaint *) 0x1a94420
	tmp_gc = (GdkGC *) 0x13ddc80
	clip_box = {x = 0, y = 0, width = 559, height = 27}
	x_offset = 0
	y_offset = 0
	__PRETTY_FUNCTION__ = "IA__gdk_window_end_paint"
#5  0x00002b36212b36b9 in IA__gtk_main_do_event (event=0x7fff8af1c740) at /build/buildd/gtk+2.0-2.12.0/gtk/gtkmain.c:1496
	event_widget = (GtkWidget *) 0x875000
	grab_widget = (GtkWidget *) 0x875000
	window_group = (GtkWindowGroup *) 0x13d4100
	rewritten_event = (GdkEvent *) 0x0
	tmp_list = <value optimized out>
	__PRETTY_FUNCTION__ = "IA__gtk_main_do_event"
#6  0x00002b36217748da in gdk_window_process_updates_internal (window=0x13e0ad0)
    at /build/buildd/gtk+2.0-2.12.0/gdk/gdkwindow.c:2383
	event = {type = GDK_EXPOSE, any = {type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0'}, expose = {
    type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0', area = {x = 0, y = 0, width = 559, height = 27}, 
    region = 0x14beb90, count = 0}, no_expose = {type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0'}, 
  visibility = {type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0', state = GDK_VISIBILITY_UNOBSCURED}, motion = {
    type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0', time = 0, x = 1.1861956471495872e-311, 
    y = 1.3339772437713657e-322, axes = 0x14beb90, state = 0, is_hint = 0, device = 0x0, 
    x_root = 4.9406564584124654e-324, y_root = 2.347380196441317e-310}, button = {type = GDK_EXPOSE, window = 0x13e0ad0, 
    send_event = 0 '\0', time = 0, x = 1.1861956471495872e-311, y = 1.3339772437713657e-322, axes = 0x14beb90, state = 0, 
    button = 0, device = 0x0, x_root = 4.9406564584124654e-324, y_root = 2.347380196441317e-310}, scroll = {
    type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0', time = 0, x = 1.1861956471495872e-311, 
    y = 1.3339772437713657e-322, state = 21752720, direction = GDK_SCROLL_UP, device = 0x0, x_root = 0, 
    y_root = 4.9406564584124654e-324}, key = {type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0', time = 0, 
    state = 0, keyval = 559, length = 27, string = 0x14beb90 "\b", hardware_keycode = 0, group = 0 '\0', 
    is_modifier = 0}, crossing = {type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0', subwindow = 0x22f00000000, 
    time = 27, x = 1.0747271655603801e-316, y = 0, x_root = 0, y_root = 4.9406564584124654e-324, mode = 575884516, 
    detail = 11062, focus = 590118224, state = 11062}, focus_change = {type = GDK_EXPOSE, window = 0x13e0ad0, 
    send_event = 0 '\0', in = 0}, configure = {type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0', x = 0, y = 0, 
    width = 559, height = 27}, property = {type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0', 
    atom = 0x22f00000000, time = 27, state = 0}, selection = {type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0', 
    selection = 0x22f00000000, target = 0x1b, property = 0x14beb90, time = 0, requestor = 0}, owner_change = {
    type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0', owner = 0, reason = GDK_OWNER_CHANGE_NEW_OWNER, 
    selection = 0x1b, time = 21752720, selection_time = 0}, proximity = {type = GDK_EXPOSE, window = 0x13e0ad0, 
    send_event = 0 '\0', time = 0, device = 0x22f00000000}, client = {type = GDK_EXPOSE, window = 0x13e0ad0, 
    send_event = 0 '\0', message_type = 0x22f00000000, data_format = 27, data = {
      b = "\220ëK\001", '\0' <repeats 15 times>, s = {-5232, 331, 0, 0, 0, 0, 0, 0, 0, 0}, l = {21752720, 0, 0, 1, 
        47511504112868}}}, dnd = {type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0', context = 0x22f00000000, 
    time = 27, x_root = 0, y_root = 0}, window_state = {type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0', 
    changed_mask = 0, new_window_state = 0}, setting = {type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0', 
    action = GDK_SETTING_ACTION_NEW, name = 0x22f00000000 <Address 0x22f00000000 out of bounds>}, grab_broken = {
    type = GDK_EXPOSE, window = 0x13e0ad0, send_event = 0 '\0', keyboard = 0, implicit = 0, grab_window = 0x1b}}
	private = <value optimized out>
	save_region = 1
#7  0x00002b3621774eaa in IA__gdk_window_process_all_updates () at /build/buildd/gtk+2.0-2.12.0/gdk/gdkwindow.c:2435
	old_update_windows = (GSList *) 0x1a8eab0
	tmp_list = <value optimized out>
#8  0x00002b3621774f09 in IA__gdk_window_process_all_updates () at /build/buildd/gtk+2.0-2.12.0/gdk/gdkwindow.c:2450
	private = <value optimized out>
	old_update_windows = (GSList *) 0x2b36227cf9f0
	tmp_list = (GSList *) 0x1a8ed40
#9  0x00002b36232c7d50 in ?? () from /lib/libpthread.so.0
#10 0x0000000001550b00 in ?? ()
#11 0x00002b3622534fd3 in IA__g_main_context_dispatch (context=0x6cb2d0) at /build/buildd/glib2.0-2.14.1/glib/gmain.c:2061
No locals.
#12 0x00002b36225382dd in g_main_context_iterate (context=0x6cb2d0, block=1, dispatch=1, self=<value optimized out>)
    at /build/buildd/glib2.0-2.14.1/glib/gmain.c:2694
	got_ownership = <value optimized out>
	max_priority = 120
	timeout = 0
	some_ready = 1
	nfds = <value optimized out>
	allocated_nfds = <value optimized out>
	fds = (GPollFD *) 0x13d5060
	__PRETTY_FUNCTION__ = "g_main_context_iterate"
#13 0x00002b36225385ea in IA__g_main_loop_run (loop=0x143bba0) at /build/buildd/glib2.0-2.14.1/glib/gmain.c:2898
	got_ownership = <value optimized out>
	self = (GThread *) 0x68f850
	__PRETTY_FUNCTION__ = "IA__g_main_loop_run"
#14 0x00002b36212b3883 in IA__gtk_main () at /build/buildd/gtk+2.0-2.12.0/gtk/gtkmain.c:1144
	tmp_list = (GList *) 0x477f2d
	functions = (GList *) 0x0
	init = (GtkInitFunction *) 0x471a06
	loop = (GMainLoop *) 0x143bba0
#15 0x0000000000422f39 in fe_main () at fe-gnome.c:184
No locals.
#16 0x000000000045d0f8 in main (argc=1, argv=<value optimized out>) at xchat.c:1071
	ret = <value optimized out>
..."

Comment 1 Chris Wilson 2008-10-10 06:40:54 UTC

The symptoms of this bug have been treated (the way the remove_close_display_hooks() now functions completely erradicates any possibility of this triggering again). I can't recall fixing any bugs in that loop, nor immediately identify the issue from the stack trace, so I can not say for sure that the true cause has been resolved.

Closing, but warily.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.