Bug 2776 - Crasher
Summary: Crasher
Status: RESOLVED WORKSFORME
Alias: None
Product: cairo
Classification: Unclassified
Component: general (show other bugs)
Version: 0.9.3
Hardware: x86 (IA32) Linux (All)
: high normal
Assignee: Carl Worth
QA Contact: cairo-bugs mailing list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-03-19 16:01 UTC by John McCutchan
Modified: 2005-08-22 00:14 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:


Attachments

Description John McCutchan 2005-03-19 16:01:17 UTC
This simple program crashes cairo. Am I doing something wrong or what?

#include <cairo.h>

int main (int argc, char **argv)
{
        int x, y, stride;
        cairo_t *cr;

        x = 400;
        y = 400;
        stride = x * 4;

        cr = cairo_create ();
        cairo_set_target_image (cr, (char *)malloc (sizeof(uint32_t) * x * y),
CAIRO_FORMAT_ARGB32, x, y, stride);

        while (1)       {
                        cairo_scale (cr, 400, 16);
                        cairo_set_line_width (cr, 0.04);
                        cairo_move_to (cr, 0.0, 0.0);
                        cairo_line_to (cr, 1.0, 0.0);
                        cairo_line_to (cr, 1.0, 1.0);
                        cairo_line_to (cr, 0.0, 1.0);

                        cairo_save (cr);
                                cairo_set_rgb_color (cr, 0.3725, 0.5254, 0.7019);
                                cairo_fill (cr);
                        cairo_restore (cr);

                        cairo_close_path (cr);
                        cairo_stroke (cr);
        }
}

backtrace,

Program received signal SIGSEGV, Segmentation fault.
cairo_font_destroy (font=0x0) at cairo_font.c:187
187         if (--(font->refcount) > 0)
(gdb) bt
#0  cairo_font_destroy (font=0x0) at cairo_font.c:187
#1  0x400b614e in _cairo_gstate_init_copy (gstate=0x9b400710, other=0x804a018)
at cairo_gstate.c:177
#2  0x400b63c8 in _cairo_gstate_clone (gstate=0x0) at cairo_gstate.c:245
#3  0x400b0e84 in *INT_cairo_save (cr=0x804a008) at cairo.c:176
#4  0x080488fe in main ()
Comment 1 Even Rouault 2005-05-28 05:27:57 UTC
I've tested a slightly modified version of the proposed test case on my Linux 
box, to make it run with Cairo snapshot 0.5.0 (libpixman 0.1.5). 
 
I didn't notice the segmentation fault in cairo_font_destroy, but at the 6th 
iteration of the loop, the program did crash because of a lack of memory (I've 
just 64 MB RAM). I suspected that the cairo_scale call iterated again and again 
requires lot of memory, so when I uncomment the commented cairo_save / 
cairo_restore pair, the program just runs fine forever. And with Valgrind too. 
 
 
#include <cairo/cairo.h> 
#include <stdio.h> 
 
int main (int argc, char **argv) 
{ 
        int x, y, stride; 
        cairo_t *cr; 
 
        x = 400; 
        y = 400; 
        stride = x * 4; 
 
 cairo_surface_t* surf = cairo_image_surface_create(CAIRO_FORMAT_ARGB32, 
x, y); 
        cr = cairo_create (surf); 
 int i = 0; 
        while (1)       { 
  printf("iteration %d\n", ++i); 
  /* cairo_save(cr); */ /* Uncomment */ 
                        cairo_scale (cr, 400, 16); 
                        cairo_set_line_width (cr, 0.04); 
                        cairo_move_to (cr, 0.0, 0.0); 
                        cairo_line_to (cr, 1.0, 0.0); 
                        cairo_line_to (cr, 1.0, 1.0); 
                        cairo_line_to (cr, 0.0, 1.0); 
 
                        cairo_save (cr); 
                                cairo_set_source_rgb (cr, 0.3725, 0.5254, 
0.7019); 
                                cairo_fill (cr); 
                        cairo_restore (cr); 
 
                        cairo_close_path (cr); 
                        cairo_stroke (cr); 
  /* cairo_restore(cr); */ /* Uncomment */ 
        } 
} 
 
Comment 2 Billy Biggs 2005-07-27 14:44:19 UTC
I can't reproduce the crash or the memory increasing using cairo from HEAD. 
Closing as WORKSFORME.  Please re-open if you are still having problems with the
latest code.
Comment 3 Carl Worth 2005-08-22 17:14:27 UTC
Move bugs against "cvs" version to "0.9.3" so we can remove the "cvs" version.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.