The attached application demonstrates a crash in cairo when a pattern is created from a nil image surface. #0 0xb7f3d277 in _cairo_pixman_image_set_transform (image=0x0, transform=0xbffff568) at icimage.c:192 #1 0xb7f19160 in _cairo_image_surface_set_attributes (surface=0xb7f55a60, attributes=0xbffff5fc) at cairo-image-surface.c:438 #2 0xb7f1932a in _cairo_image_surface_composite ( operator=CAIRO_OPERATOR_OVER, src_pattern=0xbffff7f4, mask_pattern=0x0, abstract_dst=0x804a0f8, src_x=0, src_y=0, mask_x=0, mask_y=0, dst_x=0, dst_y=0, width=640, height=480) at cairo-image-surface.c:585 #3 0xb7f1e605 in _cairo_surface_composite (operator=CAIRO_OPERATOR_OVER, src=0xbffff7f4, mask=0x0, dst=0x804a0f8, src_x=0, src_y=0, mask_x=0, mask_y=0, dst_x=0, dst_y=0, width=640, height=480) at cairo-surface.c:827 #4 0xb7f16e6c in _cairo_surface_clip_and_composite_trapezoids ( src=0xbffff7f4, operator=CAIRO_OPERATOR_OVER, dst=0x804a0f8, traps=0xbffff894, clip=0x804a214, antialias=3086301664) at cairo-gstate.c:1183 #5 0xb7f17099 in _cairo_gstate_clip_and_composite_trapezoids (gstate=Variable "gstate" is not available.) at cairo-gstate.c:1385 #6 0xb7f17377 in _cairo_gstate_fill (gstate=0x804a190, path=0x804a160) at cairo-gstate.c:1431 #7 0xb7f111cf in *INT_cairo_fill_preserve (cr=0x804a158) at cairo.c:1513 #8 0xb7f11210 in cairo_fill (cr=0x804a158) at cairo.c:1489 #9 0x08048a2f in test () #10 0x08048adb in main ()
Created attachment 2857 [details] crash-cairo.c
2005-08-18 Carl Worth <cworth@cworth.org> Fix for bug #4088: * src/cairo-pattern.c: (_cairo_pattern_nil_for_status): New function to return the current nil pattern depending on the status. * src/cairo-pattern.c: (cairo_pattern_create_for_surface): * src/cairo-pattern.c: (_cairo_pattern_init_for_surface): Add missing early bailout on surface->status with error propagation to the pattern. Related cleanups for cairo_pattern_t: * src/cairo-pattern.c: (_cairo_gradient_pattern_init_copy): Don't check other->status since this is a static function. * src/cairo-pattern.c: (_cairo_pattern_init_copy): Add missing early bailout on other->status. * src/cairo-pattern.c: (_cairo_pattern_fini): Cleanup identifier names. * src/cairo-pattern.c: (_cairo_pattern_create_solid), (cairo_pattern_create_linear), (cairo_pattern_create_radial): Track rename of nil patterns. * src/cairo-pattern.c: (cairo_pattern_set_matrix), (cairo_pattern_set_filter), (cairo_pattern_set_extend): Don't call _cairo_error for pre-existing errors. * src/cairo-pattern.c: (_cairo_pattern_acquire_surface): Take care to initialize some fields to that _cairo_pattern_release_surface will work even after an error. * src/cairoint.h: * src/cairo.c: (cairo_get_source): Track rename of cairo_solid_pattern_nil to cairo_pattern_nil. * test/.cvsignore: * test/Makefile.am: * test/nil-surface-ref.png: * test/nil-surface.c: (draw), (main): New test to ensure that a file-not-found error will propagate from a surface, through a pattern, and onto a cairo_t.
Move bugs against "cvs" version to "0.9.3" so we can remove the "cvs" version.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.