Bug 39880 - [bisected] Segmentation fault/stack corruption (?)
Summary: [bisected] Segmentation fault/stack corruption (?)
Alias: None
Product: cairo
Classification: Unclassified
Component: xlib backend (show other bugs)
Version: 1.10.3
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Carl Worth
QA Contact: cairo-bugs mailing list
Depends on:
Reported: 2011-08-06 05:24 UTC by ojab
Modified: 2011-09-17 23:15 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

gdb bt (215.46 KB, application/octet-stream)
2011-08-06 05:27 UTC, ojab
gdb bt full (962.83 KB, application/octet-stream)
2011-08-06 05:28 UTC, ojab
First 100 stack frames of gdb bt full in plain text (139.83 KB, text/plain)
2011-08-06 05:31 UTC, ojab

Description ojab 2011-08-06 05:24:21 UTC
pixman-0.23.2, cairo git-61c0f67.

1. Set up toolbar layout like on https://bugs.freedesktop.org/attachment.cgi?id=49726 screenshot (no toolbars except menu bar, location and search input fields on menu bar) in firefox.
2. Go to http://vk.com/id1
3. Mouse on heart in one of the messages
4. Click "All" in appeared tooltip.
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff2e01d0e in validate (badreg=) at pixman-region.c:1584
1584    {

bisected to 

52e3814824235ff236bc013f9adc85ed85eb8fb8 is the first bad commit
commit 52e3814824235ff236bc013f9adc85ed85eb8fb8
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Sun Jul 24 17:31:39 2011 +0100

    clip: Skip processing of rectangle-intersection if it wholly subsumes the clip

    Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>

:040000 040000 61bb41c8e457d205cf3cd44fa046ef4a507aee8d 8ce54d01cf39f1a90909d78424a69e348e2c3246 M      src
Comment 1 ojab 2011-08-06 05:27:35 UTC
Created attachment 49989 [details]
gdb bt

Sorry for bzipped gdb output, it's huge (22584 stack frames)
Comment 2 ojab 2011-08-06 05:28:43 UTC
Created attachment 49990 [details]
gdb bt full
Comment 3 ojab 2011-08-06 05:31:55 UTC
Created attachment 49991 [details]
First 100 stack frames of gdb bt full in plain text
Comment 4 ojab 2011-08-11 13:20:32 UTC
Also happens in Thunderbird, during multiple (about 100) mails selection.
Comment 5 ojab 2011-08-23 01:47:13 UTC
Still happens with latest git
HEAD is now at ba1060f cff-subset: fix decoding of real numbers
Comment 6 Chris Wilson 2011-08-23 01:55:29 UTC
Try cairo-trace --flush --no-callers --no-mark-dirty firefox http://vk.com/idl

Tigger the crash and see if perf/cairo-perf-trace $trace-from-above also crashes.
Comment 7 ojab 2011-08-23 02:04:16 UTC
[ # ]  backend                         test   min(s) median(s) stddev. count
[  0]     null                      firefox Error during replay, line 2027: out of memory
[  0]      xcb                      firefox    4.862    5.839  22.69%   15/15
[  0]     xlib                      firefox Segmentation fault

Comment 8 ojab 2011-09-17 23:15:52 UTC
Cannot reproduce with latest git.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.