Bug 4088 - Crash in _cairo_image_surface_set_attributes on nil surface input
Summary: Crash in _cairo_image_surface_set_attributes on nil surface input
Alias: None
Product: cairo
Classification: Unclassified
Component: image backend (show other bugs)
Version: 0.9.3
Hardware: x86 (IA32) Linux (All)
: high minor
Assignee: Carl Worth
QA Contact: cairo-bugs mailing list
Depends on:
Reported: 2005-08-14 18:57 UTC by Billy Biggs
Modified: 2005-08-22 00:15 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

crash-cairo.c (949 bytes, text/plain)
2005-08-14 18:57 UTC, Billy Biggs

Description Billy Biggs 2005-08-14 18:57:05 UTC
The attached application demonstrates a crash in cairo when a pattern is created
from a nil image surface.

#0  0xb7f3d277 in _cairo_pixman_image_set_transform (image=0x0, 
    transform=0xbffff568) at icimage.c:192
#1  0xb7f19160 in _cairo_image_surface_set_attributes (surface=0xb7f55a60, 
    attributes=0xbffff5fc) at cairo-image-surface.c:438
#2  0xb7f1932a in _cairo_image_surface_composite (
    operator=CAIRO_OPERATOR_OVER, src_pattern=0xbffff7f4, mask_pattern=0x0, 
    abstract_dst=0x804a0f8, src_x=0, src_y=0, mask_x=0, mask_y=0, dst_x=0, 
    dst_y=0, width=640, height=480) at cairo-image-surface.c:585
#3  0xb7f1e605 in _cairo_surface_composite (operator=CAIRO_OPERATOR_OVER, 
    src=0xbffff7f4, mask=0x0, dst=0x804a0f8, src_x=0, src_y=0, mask_x=0, 
    mask_y=0, dst_x=0, dst_y=0, width=640, height=480) at cairo-surface.c:827
#4  0xb7f16e6c in _cairo_surface_clip_and_composite_trapezoids (
    src=0xbffff7f4, operator=CAIRO_OPERATOR_OVER, dst=0x804a0f8, 
    traps=0xbffff894, clip=0x804a214, antialias=3086301664)
    at cairo-gstate.c:1183
#5  0xb7f17099 in _cairo_gstate_clip_and_composite_trapezoids (gstate=Variable
    "gstate" is not available.) at cairo-gstate.c:1385
#6  0xb7f17377 in _cairo_gstate_fill (gstate=0x804a190, path=0x804a160)
    at cairo-gstate.c:1431
#7  0xb7f111cf in *INT_cairo_fill_preserve (cr=0x804a158) at cairo.c:1513
#8  0xb7f11210 in cairo_fill (cr=0x804a158) at cairo.c:1489
#9  0x08048a2f in test ()
#10 0x08048adb in main ()
Comment 1 Billy Biggs 2005-08-14 18:57:30 UTC
Created attachment 2857 [details]
Comment 2 Carl Worth 2005-08-18 23:10:10 UTC
2005-08-18  Carl Worth  <cworth@cworth.org>

        Fix for bug #4088:

        * src/cairo-pattern.c: (_cairo_pattern_nil_for_status):
        New function to return the current nil pattern depending on the

        * src/cairo-pattern.c: (cairo_pattern_create_for_surface):
        * src/cairo-pattern.c: (_cairo_pattern_init_for_surface): Add
        missing early bailout on surface->status with error propagation to
        the pattern.

        Related cleanups for cairo_pattern_t:

        * src/cairo-pattern.c: (_cairo_gradient_pattern_init_copy): Don't
        check other->status since this is a static function.

        * src/cairo-pattern.c: (_cairo_pattern_init_copy): Add missing
        early bailout on other->status.

        * src/cairo-pattern.c: (_cairo_pattern_fini): Cleanup identifier

        * src/cairo-pattern.c: (_cairo_pattern_create_solid),
        (cairo_pattern_create_linear), (cairo_pattern_create_radial):
        Track rename of nil patterns.

        * src/cairo-pattern.c: (cairo_pattern_set_matrix),
        (cairo_pattern_set_extend): Don't call _cairo_error for
        pre-existing errors.

        * src/cairo-pattern.c: (_cairo_pattern_acquire_surface): Take care
        to initialize some fields to that _cairo_pattern_release_surface
        will work even after an error.

        * src/cairoint.h:
        * src/cairo.c: (cairo_get_source): Track rename of
        cairo_solid_pattern_nil to cairo_pattern_nil.

        * test/.cvsignore:
        * test/Makefile.am:
        * test/nil-surface-ref.png:
        * test/nil-surface.c: (draw), (main): New test to ensure that a
        file-not-found error will propagate from a surface, through a
        pattern, and onto a cairo_t.
Comment 3 Carl Worth 2005-08-22 17:15:02 UTC
Move bugs against "cvs" version to "0.9.3" so we can remove the "cvs" version.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.