63196 – segfault in composite_aligned_boxes if image upload has a negative coordinate

Bug 63196 - segfault in composite_aligned_boxes if image upload has a negative coordinate

Summary: segfault in composite_aligned_boxes if image upload has a negative coordinate

Status:	RESOLVED FIXED

Alias:	None

Product:	cairo
Classification:	Unclassified
Component:	general (show other bugs)
Version:	1.12.14
Hardware:	Other All

Importance:	medium major
Assignee:	Chris Wilson
QA Contact:	cairo-bugs mailing list

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-04-06 03:16 UTC by Alban Browaeys
Modified:	2013-04-06 08:33 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Alban Browaeys 2013-04-06 03:16:20 UTC

if cairo_surface_create_similar_scratch returns an CAIRO_SURFACE_TYPE_IMAGE
in surface_source, then http://cgit.freedesktop.org/cairo/tree/src/cairo-xlib-source.c#n1008 returns None as surface.
But the caller composite_aligned_box then dereference this returned surface to get its status, with None it segfaults.
http://cgit.freedesktop.org/cairo/tree/src/cairo-traps-compositor.c#n1276


This happens for me with
p limit
{x = 0, y = 0, width = 42061, height = 1}

p upload
{x = -1, y = -1, width = 878, height = 3}


that is : http://cgit.freedesktop.org/cairo/tree/src/cairo-xlib-source.c#n990

	    if (upload.x < limit.x ||
		upload.x + upload.width > limit.x + limit.width ||
		upload.y < limit.y ||
		upload.y + upload.height > limit.y + limit.height)
	    {
		upload = limit;
	    }
upload is replaced by the bigger limit rectangle.

I replace this section of code with:


            if (upload.x < limit.x) upload.x = limit.x;
            if (upload.y < limit.y) upload.y = limit.y;
            if (upload.x + upload.width > limit.x + limit.width) {
                upload.x = limit.x;
                upload.width = limit.width;
            }
            if (upload.y + upload.height > limit.y + limit.height)
            {
                upload.y = limit.y;
                upload.height = limit.height;
            }


to trim the "upload" to the "limit" rectangle and my testcase, ie dconf-editor going to "org" > "gnome" , click on  "shell" is not segfaulting anymore.

Though the returns None might be wrong too (or the callers should check for None).



Backtrace at the point where it return None:

Breakpoint 1, surface_source (src_y=0x7fffffff87d0, src_x=0x7fffffff87cc, sample=<optimized out>, extents=<optimized out>, is_mask=0, pattern=
    0x7fffffff9090, dst=0xf5b650) at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-xlib-source.c:995
995			upload = limit;
(gdb) p limit
$4 = {x = 0, y = 0, width = 42061, height = 1}
(gdb) bt
#0  surface_source (src_y=0x7fffffff87d0, src_x=0x7fffffff87cc, sample=<optimized out>, extents=<optimized out>, is_mask=0, pattern=0x7fffffff9090, 
    dst=0xf5b650) at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-xlib-source.c:995
#1  _cairo_xlib_source_create_for_pattern (_dst=0xf5b650, pattern=0x7fffffff9090, is_mask=0, extents=<optimized out>, sample=<optimized out>, src_x=
    0x7fffffff87cc, src_y=0x7fffffff87d0) at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-xlib-source.c:1134
#2  0x00007ffff600a50e in composite_aligned_boxes (boxes=0x7fffffff8bf0, extents=0x7fffffff9010, compositor=0x7ffff62a9a80 <compositor.16166>)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-traps-compositor.c:1272
#3  clip_and_composite_boxes (compositor=compositor@entry=0x7ffff62a9a80 <compositor.16166>, extents=extents@entry=0x7fffffff9010, boxes=boxes@entry=
    0x7fffffff8bf0) at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-traps-compositor.c:1766
#4  0x00007ffff600b2c7 in _cairo_traps_compositor_fill (_compositor=0x7ffff62a9a80 <compositor.16166>, extents=0x7fffffff9010, path=0x7fffffff9560, 
    fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-traps-compositor.c:2215
#5  0x00007ffff5fb1bb7 in _cairo_compositor_fill (compositor=0x7ffff62a9a80 <compositor.16166>, surface=surface@entry=0xf5b650, op=op@entry=
    CAIRO_OPERATOR_OVER, source=source@entry=0x7fffffff9440, path=path@entry=0x7fffffff9560, fill_rule=fill_rule@entry=CAIRO_FILL_RULE_WINDING, 
    tolerance=0.10000000000000001, antialias=antialias@entry=CAIRO_ANTIALIAS_DEFAULT, clip=clip@entry=0xef69e0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-compositor.c:203
#6  0x00007ffff6025088 in _cairo_xlib_surface_fill (_surface=<optimized out>, op=CAIRO_OPERATOR_OVER, source=0x7fffffff9440, path=0x7fffffff9560, 
    fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=<optimized out>, antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0xef69e0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-xlib-surface.c:1645
#7  0x00007ffff5ff8544 in _cairo_surface_fill (surface=0xf5b650, op=CAIRO_OPERATOR_OVER, source=0x7fffffff9440, path=0x7fffffff9560, fill_rule=
    CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0xef69e0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-surface.c:2238
#8  0x00007ffff5ffd053 in _cairo_surface_offset_fill (surface=0xf5b650, x=-278, y=-1, op=op@entry=CAIRO_OPERATOR_OVER, source=0x7fffffff9440, 
    source@entry=0x7fffffff98e0, path=path@entry=0xdb9678, fill_rule=fill_rule@entry=CAIRO_FILL_RULE_WINDING, tolerance=tolerance@entry=
    0.10000000000000001, antialias=antialias@entry=CAIRO_ANTIALIAS_DEFAULT, clip=clip@entry=0xec4aa0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-surface-offset.c:239
#9  0x00007ffff5ffda77 in _cairo_surface_subsurface_fill (abstract_surface=0xe88490, op=CAIRO_OPERATOR_OVER, source=0x7fffffff98e0, path=0xdb9678, 
    fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0xed6730)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-surface-subsurface.c:165
#10 0x00007ffff5ff8544 in _cairo_surface_fill (surface=0xe88490, op=CAIRO_OPERATOR_OVER, source=0x7fffffff98e0, path=0xdb9678, fill_rule=
    CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0xed6730)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-surface.c:2238
#11 0x00007ffff5fb9ccc in _cairo_gstate_fill (gstate=0xf005e0, path=path@entry=0xdb9678)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-gstate.c:1308
#12 0x00007ffff5fb3349 in _cairo_default_context_fill (abstract_cr=0xdb9310)
---Type <return> to continue, or q <return> to quit---
    at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-default-context.c:1053
#13 0x00007ffff5faca85 in cairo_fill (cr=0xdb9310) at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo.c:2201
#14 0x00007ffff7494d4f in gtk_border_image_render_slice (cr=0xdb9310, slice=0xf5fa00, slice_width=42061, slice_height=1, x=0, y=0, width=42062, 
    height=1, hrepeat=GTK_CSS_REPEAT_STYLE_NO_REPEAT, vrepeat=GTK_CSS_REPEAT_STYLE_NO_REPEAT)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkborderimage.c:210
#15 0x00007ffff74954cc in _gtk_border_image_render (image=0x7fffffff9de0, border_width=0x7fffffff9d50, cr=0xdb9310, x=0, y=0, width=42062, height=28)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkborderimage.c:306
#16 0x00007ffff76ffc67 in render_frame_internal (engine=0x701440 [AdwaitaEngine], cr=0xdb9310, x=0, y=0, width=42062, height=28, hidden_side=0, 
    junction=GTK_JUNCTION_NONE) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkthemingengine.c:1734
#17 0x00007ffff77001ce in gtk_theming_engine_render_frame (engine=0x701440 [AdwaitaEngine], cr=0xdb9310, x=0, y=0, width=42062, height=28)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkthemingengine.c:1784
#18 0x00007ffff769f5f7 in gtk_render_frame (context=0xe2a920 [GtkStyleContext], cr=0xdb9310, x=0, y=0, width=42062, height=28)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkstylecontext.c:3958
#19 0x00007ffff74a8d1b in gtk_button_draw (widget=0xdd8720 [GtkButton], cr=0xdb9310)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkbutton.c:1724
#20 0x00007ffff75d9580 in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x6654f0, return_value=0x7fffffffa300, instance=0xdd8720, args=0x7fffffffa4a8, 
    marshal_data=0x7ffff74a8abc <gtk_button_draw>, n_params=1, param_types=0x665560) at gtkmarshalers.c:130
#21 0x00007ffff777c8bc in gtk_widget_draw_marshallerv (closure=0x6654f0, return_value=0x7fffffffa300, instance=0xdd8720, args=0x7fffffffa4a8, 
    marshal_data=0x7ffff74a8abc <gtk_button_draw>, n_params=1, param_types=0x665560)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkwidget.c:906
#22 0x00007ffff5d40484 in g_type_class_meta_marshalv (closure=0x6654f0, return_value=0x7fffffffa300, instance=0xdd8720, args=0x7fffffffa4a8, 
    marshal_data=0x120, n_params=1, param_types=0x665560) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gclosure.c:997
#23 0x00007ffff5d40047 in _g_closure_invoke_va (closure=0x6654f0, return_value=0x7fffffffa300, instance=0xdd8720, args=0x7fffffffa4a8, n_params=1, 
    param_types=0x665560) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gclosure.c:840
#24 0x00007ffff5d5bf82 in g_signal_emit_valist (instance=0xdd8720, signal_id=34, detail=0, var_args=0x7fffffffa4a8)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gsignal.c:3234
#25 0x00007ffff5d5d171 in g_signal_emit (instance=0xdd8720, signal_id=34, detail=0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gsignal.c:3384
#26 0x00007ffff7786443 in _gtk_widget_draw_internal (widget=0xdd8720 [GtkButton], cr=0xdb9310, clip_to_size=1)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkwidget.c:6173
#27 0x00007ffff74fcdd6 in gtk_container_propagate_draw (container=0xe304f0 [DConfKeyView], child=0xdd8720 [GtkButton], cr=0xdb9310)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkcontainer.c:3375
#28 0x00007ffff7750ad8 in gtk_tree_view_draw (widget=0xe304f0 [DConfKeyView], cr=0xdb9310)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtktreeview.c:5427
---Type <return> to continue, or q <return> to quit---
#29 0x00007ffff75d9580 in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x6654f0, return_value=0x7fffffffaa40, instance=0xe304f0, args=0x7fffffffabe8, 
    marshal_data=0x7ffff77508c6 <gtk_tree_view_draw>, n_params=1, param_types=0x665560) at gtkmarshalers.c:130
#30 0x00007ffff777c8bc in gtk_widget_draw_marshallerv (closure=0x6654f0, return_value=0x7fffffffaa40, instance=0xe304f0, args=0x7fffffffabe8, 
    marshal_data=0x7ffff77508c6 <gtk_tree_view_draw>, n_params=1, param_types=0x665560)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkwidget.c:906
#31 0x00007ffff5d40484 in g_type_class_meta_marshalv (closure=0x6654f0, return_value=0x7fffffffaa40, instance=0xe304f0, args=0x7fffffffabe8, 
    marshal_data=0x120, n_params=1, param_types=0x665560) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gclosure.c:997
#32 0x00007ffff5d40047 in _g_closure_invoke_va (closure=0x6654f0, return_value=0x7fffffffaa40, instance=0xe304f0, args=0x7fffffffabe8, n_params=1, 
    param_types=0x665560) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gclosure.c:840
#33 0x00007ffff5d5bf82 in g_signal_emit_valist (instance=0xe304f0, signal_id=34, detail=0, var_args=0x7fffffffabe8)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gsignal.c:3234
#34 0x00007ffff5d5d171 in g_signal_emit (instance=0xe304f0, signal_id=34, detail=0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gsignal.c:3384
#35 0x00007ffff7786443 in _gtk_widget_draw_internal (widget=0xe304f0 [DConfKeyView], cr=0xdb9310, clip_to_size=1)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkwidget.c:6173
#36 0x00007ffff77870fe in gtk_widget_send_expose (widget=0xe304f0 [DConfKeyView], event=0x7fffffffae60)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkwidget.c:6553
#37 0x00007ffff75d7a3c in gtk_main_do_event (event=0x7fffffffae60) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkmain.c:1619
#38 0x00007ffff713932e in _gdk_event_emit (event=0x7fffffffae60) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkevents.c:69
#39 0x00007ffff714c090 in _gdk_window_process_updates_recurse (window=0xe6cc20 [GdkX11Window], expose_region=0xec32a0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4006
#40 0x00007ffff714c1e3 in _gdk_window_process_updates_recurse (window=0xe6c9c0 [GdkX11Window], expose_region=0xec32a0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4051
#41 0x00007ffff714c1e3 in _gdk_window_process_updates_recurse (window=0xe6c890 [GdkX11Window], expose_region=0xec32a0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4051
#42 0x00007ffff714c1e3 in _gdk_window_process_updates_recurse (window=0xe6c170 [GdkX11Window], expose_region=0xec32a0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4051
#43 0x00007ffff714c1e3 in _gdk_window_process_updates_recurse (window=0x6a7bf0 [GdkX11Window], expose_region=0xec32a0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4051
#44 0x00007ffff714c1e3 in _gdk_window_process_updates_recurse (window=0x6a7ac0 [GdkX11Window], expose_region=0xec32a0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4051
#45 0x00007ffff718d247 in gdk_x11_window_process_updates_recurse (window=0x6a7ac0 [GdkX11Window], region=0xec32a0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/x11/gdkwindow-x11.c:5202
#46 0x00007ffff714c4b3 in gdk_window_process_updates_internal (window=0x6a7ac0 [GdkX11Window])
---Type <return> to continue, or q <return> to quit---
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4194
#47 0x00007ffff714c8e4 in gdk_window_process_updates_with_mode (window=0x6a7ac0 [GdkX11Window], recurse_mode=2)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4374
#48 0x00007ffff715830d in gdk_window_paint_on_clock (clock=0x6b7360 [GdkFrameClockIdle], data=0x6a7ac0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:11626
#49 0x00007ffff5d42e23 in g_cclosure_marshal_VOID__VOIDv (closure=0xe67470, return_value=0x0, instance=0x6b7360, args=0x7fffffffb7c8, marshal_data=
    0x0, n_params=0, param_types=0x0) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gmarshal.c:115
#50 0x00007ffff5d40047 in _g_closure_invoke_va (closure=0xe67470, return_value=0x0, instance=0x6b7360, args=0x7fffffffb7c8, n_params=0, param_types=
    0x0) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gclosure.c:840
#51 0x00007ffff5d5bf82 in g_signal_emit_valist (instance=0x6b7360, signal_id=154, detail=0, var_args=0x7fffffffb7c8)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gsignal.c:3234
#52 0x00007ffff5d5d2dd in g_signal_emit_by_name (instance=0x6b7360, detailed_signal=0x7ffff7194aba "paint")
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gsignal.c:3424
#53 0x00007ffff71405c0 in gdk_frame_clock_paint_idle (data=0x6b7360)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkframeclockidle.c:419
#54 0x00007ffff712ddf4 in gdk_threads_dispatch (data=0x7cbf60) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdk.c:806
#55 0x00007ffff5a3481a in g_timeout_dispatch (source=0xe48440, callback=0x7ffff712ddaf <gdk_threads_dispatch>, user_data=0x7cbf60)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:4413
#56 0x00007ffff5a32ae4 in g_main_dispatch (context=0x64ac00) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:3054
#57 0x00007ffff5a3383b in g_main_context_dispatch (context=0x64ac00) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:3630
#58 0x00007ffff5a33a2d in g_main_context_iterate (context=0x64ac00, block=1, dispatch=1, self=0x63d640)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:3701
#59 0x00007ffff5a33af1 in g_main_context_iteration (context=0x64ac00, may_block=1)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:3762
#60 0x00007ffff6c071ea in g_application_run (application=0x645100 [ConfigurationEditor], argc=1, argv=0x7fffffffbc88)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gio/gapplication.c:1624
#61 0x000000000040d63e in configuration_editor_main (args=0x7fffffffbc88, args_length1=1)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/dconf/editor/dconf-editor.c:2019
#62 0x000000000040d68c in main (argc=1, argv=0x7fffffffbc88) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/dconf/editor/dconf-editor.c:2028
(gdb) l
990		    if ((upload.x < limit.x)
991			|| (upload.x + upload.width > limit.x + limit.width)
992	 		|| (upload.y < limit.y)
993			|| (upload.y + upload.height > limit.y + limit.height))
994		    {
995			upload = limit;
996		    }
997		}
998	    }
999	
(gdb) n
1000	    xsrc = (cairo_xlib_surface_t *)
(gdb) 
1005	    if (xsrc->base.type != CAIRO_SURFACE_TYPE_XLIB) {
(gdb) l
1000	    xsrc = (cairo_xlib_surface_t *)
1001		    _cairo_surface_create_similar_scratch (&dst->base,
1002							   src->content,
1003							   upload.width,
1004							   upload.height);
1005	    if (xsrc->base.type != CAIRO_SURFACE_TYPE_XLIB) {
1006		cairo_surface_destroy (src);
1007		cairo_surface_destroy (&xsrc->base);
1008		return None;
1009	    }
(gdb) p xsrc
$5 = <optimized out>
(gdb) n
1000	    xsrc = (cairo_xlib_surface_t *)
(gdb) n
1005	    if (xsrc->base.type != CAIRO_SURFACE_TYPE_XLIB) {
(gdb) p xsrc
$6 = (cairo_xlib_surface_t *) 0xf5fb70
(gdb) p *xsrc
$7 = {base = {backend = 0x7ffff62a6500 <cairo_xlib_shm_surface_backend>, device = 0xe8aa00, type = CAIRO_SURFACE_TYPE_IMAGE, content = 
    CAIRO_CONTENT_COLOR_ALPHA, ref_count = {ref_count = 1}, status = CAIRO_STATUS_SUCCESS, unique_id = 605, serial = 0, damage = 0x0, _finishing = 
    0, finished = 0, is_clear = 1, has_font_options = 1, owns_device = 1, user_data = {size = 0, num_elements = 0, element_size = 24, elements = 
    0x0}, mime_data = {size = 0, num_elements = 0, element_size = 24, elements = 0x0}, device_transform = {xx = 1, yx = 0, xy = 0, yy = 1, x0 = 0, 
      y0 = 0}, device_transform_inverse = {xx = 1, yx = 0, xy = 0, yy = 1, x0 = 0, y0 = 0}, device_transform_observers = {next = 0xf5fc38, prev = 
    0xf5fc38}, x_resolution = 72, y_resolution = 72, x_fallback_resolution = 300, y_fallback_resolution = 300, snapshot_of = 0x0, snapshot_detach = 
    0x2000, snapshots = {next = 0xf5fc78, prev = 0xf5fc78}, snapshot = {next = 0x0, prev = 0xf00000001}, font_options = {antialias = 
    CAIRO_ANTIALIAS_SUBPIXEL, subpixel_order = CAIRO_SUBPIXEL_ORDER_RGB, lcd_filter = CAIRO_LCD_FILTER_DEFAULT, hint_style = CAIRO_HINT_STYLE_FULL, 
      hint_metrics = CAIRO_HINT_METRICS_ON, round_glyph_positions = CAIRO_ROUND_GLYPH_POS_ON}}, picture = 16121136, drawable = 140737323370368, 
  compositor = 0x0, shm = 0x20028888, fallback = -500600832, display = 0x10000a44d, screen = 0x2000029134, link = {next = 0x101e, prev = 0xf5da20}, 
  dpy = 0xe71418, owns_pixmap = 15206144, visual = 0x0, use_pixmap = 0, width = 0, height = -5, depth = 1, precision = 49, xrender_format = 0x121, 
  a_mask = 0, r_mask = 1, g_mask = 0, b_mask = 0, embedded_source = {base = {backend = 0x0, device = 0x7ffff226e310, type = 
    CAIRO_SURFACE_TYPE_IMAGE, content = 0, ref_count = {ref_count = 0}, status = CAIRO_STATUS_SUCCESS, unique_id = 1, serial = 0, damage = 0x0, 
      _finishing = 0, finished = 0, is_clear = 0, has_font_options = 0, owns_device = 0, user_data = {size = 0, num_elements = 0, element_size = 0, 
        elements = 0x0}, mime_data = {size = 0, num_elements = 1, element_size = 0, elements = 0x7ffff220fc50 "ATI\211\374U\213\257\210"}, 
      device_transform = {xx = 0, yx = 0, xy = 102.00006103515625, yy = 6.519036401345942e-311, x0 = 0, y0 = 2.122016571860402e-314}, 
      device_transform_inverse = {xx = 6.9533310748676672e-310, yx = 0, xy = 1.0864618470523089e-310, yy = 0, x0 = 1.6975966327771585e-312, y0 = 
    4.0473857707314917e-320}, device_transform_observers = {next = 0x100000000, prev = 0x200000000043}, x_resolution = 0, y_resolution = 
    1.4005172221013083e-312, x_fallback_resolution = 3.5414625493900552e-320, y_fallback_resolution = 0, snapshot_of = 0x0, snapshot_detach = 0x0, 
      snapshots = {next = 0x251c1, prev = 0x1000}, snapshot = {next = 0x100000000, prev = 0x14000000004d}, font_options = {antialias = 
    CAIRO_ANTIALIAS_DEFAULT, subpixel_order = CAIRO_SUBPIXEL_ORDER_DEFAULT, lcd_filter = CAIRO_LCD_FILTER_NONE, hint_style = 80, hint_metrics = 
    (unknown: 8192), round_glyph_positions = CAIRO_ROUND_GLYPH_POS_DEFAULT}}, picture = 4294967296, pixmap = 35184372088904, dpy = 0x0, filter = 5, 
    extend = 2, has_matrix = 1, has_component_alpha = 0}}
(gdb) p xsrc->base 
$8 = {backend = 0x7ffff62a6500 <cairo_xlib_shm_surface_backend>, device = 0xe8aa00, type = CAIRO_SURFACE_TYPE_IMAGE, content = 
    CAIRO_CONTENT_COLOR_ALPHA, ref_count = {ref_count = 1}, status = CAIRO_STATUS_SUCCESS, unique_id = 605, serial = 0, damage = 0x0, _finishing = 
    0, finished = 0, is_clear = 1, has_font_options = 1, owns_device = 1, user_data = {size = 0, num_elements = 0, element_size = 24, elements = 
    0x0}, mime_data = {size = 0, num_elements = 0, element_size = 24, elements = 0x0}, device_transform = {xx = 1, yx = 0, xy = 0, yy = 1, x0 = 0, 
    y0 = 0}, device_transform_inverse = {xx = 1, yx = 0, xy = 0, yy = 1, x0 = 0, y0 = 0}, device_transform_observers = {next = 0xf5fc38, prev = 
    0xf5fc38}, x_resolution = 72, y_resolution = 72, x_fallback_resolution = 300, y_fallback_resolution = 300, snapshot_of = 0x0, snapshot_detach = 
    0x2000, snapshots = {next = 0xf5fc78, prev = 0xf5fc78}, snapshot = {next = 0x0, prev = 0xf00000001}, font_options = {antialias = 
    CAIRO_ANTIALIAS_SUBPIXEL, subpixel_order = CAIRO_SUBPIXEL_ORDER_RGB, lcd_filter = CAIRO_LCD_FILTER_DEFAULT, hint_style = CAIRO_HINT_STYLE_FULL, 
    hint_metrics = CAIRO_HINT_METRICS_ON, round_glyph_positions = CAIRO_ROUND_GLYPH_POS_ON}}
(gdb) l
1000	    xsrc = (cairo_xlib_surface_t *)
1001		    _cairo_surface_create_similar_scratch (&dst->base,
1002							   src->content,
1003							   upload.width,
1004							   upload.height);
1005	    if (xsrc->base.type != CAIRO_SURFACE_TYPE_XLIB) {
1006		cairo_surface_destroy (src);
1007		cairo_surface_destroy (&xsrc->base);
1008		return None;
1009	    }
(gdb) n
_cairo_xlib_source_create_for_pattern (_dst=0xf5b650, pattern=0x7fffffff9090, is_mask=0, extents=<optimized out>, sample=<optimized out>, src_x=
    0x7fffffff87cc, src_y=0x7fffffff87d0) at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-xlib-source.c:1134
1134		    return surface_source (dst, spattern, is_mask,
(gdb) 
1148	}
(gdb) 
composite_aligned_boxes (boxes=0x7fffffff8bf0, extents=0x7fffffff9010, compositor=0x7ffff62a9a80 <compositor.16166>)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/cairo/cairo-1.12.14/src/cairo-traps-compositor.c:1276
1276		if (likely (src->status == CAIRO_STATUS_SUCCESS)) {



Initial backtrace with segfault is:

#0  composite_aligned_boxes (boxes=0x7fffffff8bd0, extents=0x7fffffff8ff0, compositor=0x7ffff62a9b20 <compositor.16043>)
    at /tmp/buildd/cairo-1.12.14/src/cairo-traps-compositor.c:1276
#1  clip_and_composite_boxes (compositor=compositor@entry=0x7ffff62a9b20 <compositor.16043>, extents=extents@entry=0x7fffffff8ff0, boxes=boxes@entry=
    0x7fffffff8bd0) at /tmp/buildd/cairo-1.12.14/src/cairo-traps-compositor.c:1766
#2  0x00007ffff600e6a7 in _cairo_traps_compositor_fill (_compositor=0x7ffff62a9b20 <compositor.16043>, extents=0x7fffffff8ff0, path=0x7fffffff9560, 
    fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT)
    at /tmp/buildd/cairo-1.12.14/src/cairo-traps-compositor.c:2215
#3  0x00007ffff5fb7a5a in _cairo_compositor_fill (compositor=0x7ffff62a9b20 <compositor.16043>, surface=0xed9000, op=op@entry=CAIRO_OPERATOR_OVER, 
    source=source@entry=0x7fffffff9440, path=path@entry=0x7fffffff9560, fill_rule=fill_rule@entry=CAIRO_FILL_RULE_WINDING, tolerance=
    0.10000000000000001, antialias=antialias@entry=CAIRO_ANTIALIAS_DEFAULT, clip=clip@entry=0xe4e470)
    at /tmp/buildd/cairo-1.12.14/src/cairo-compositor.c:203
#4  0x00007ffff6028918 in _cairo_xlib_surface_fill (_surface=0xed9000, op=CAIRO_OPERATOR_OVER, source=0x7fffffff9440, path=0x7fffffff9560, fill_rule=
    CAIRO_FILL_RULE_WINDING, tolerance=<optimized out>, antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0xe4e470)
    at /tmp/buildd/cairo-1.12.14/src/cairo-xlib-surface.c:1645
#5  0x00007ffff5ffbb84 in _cairo_surface_fill (surface=0xed9000, op=CAIRO_OPERATOR_OVER, source=0x7fffffff9440, path=0x7fffffff9560, fill_rule=
    CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0xe4e470)
    at /tmp/buildd/cairo-1.12.14/src/cairo-surface.c:2238
#6  0x00007ffff60009f4 in _cairo_surface_offset_fill (surface=0xed9000, x=-277, y=-1, op=op@entry=CAIRO_OPERATOR_OVER, source=0x7fffffff9440, 
    source@entry=0x7fffffff98f0, path=path@entry=0xdb9278, fill_rule=fill_rule@entry=CAIRO_FILL_RULE_WINDING, tolerance=<optimized out>, antialias=
    CAIRO_ANTIALIAS_DEFAULT, clip=clip@entry=0xe2f8e0) at /tmp/buildd/cairo-1.12.14/src/cairo-surface-offset.c:239
#7  0x00007ffff6001a0e in _cairo_surface_subsurface_fill (abstract_surface=0xed7920, op=CAIRO_OPERATOR_OVER, source=0x7fffffff98f0, path=0xdb9278, 
    fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=<optimized out>, antialias=<optimized out>, clip=0xe91560)
    at /tmp/buildd/cairo-1.12.14/src/cairo-surface-subsurface.c:165
#8  0x00007ffff5ffbb84 in _cairo_surface_fill (surface=0xed7920, op=CAIRO_OPERATOR_OVER, source=0x7fffffff98f0, path=0xdb9278, fill_rule=
    CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0xe91560)
    at /tmp/buildd/cairo-1.12.14/src/cairo-surface.c:2238
#9  0x00007ffff5fbf6d4 in _cairo_gstate_fill (gstate=0xed0300, path=path@entry=0xdb9278) at /tmp/buildd/cairo-1.12.14/src/cairo-gstate.c:1308
#10 0x00007ffff5fb9324 in _cairo_default_context_fill (abstract_cr=0xdb8f10) at /tmp/buildd/cairo-1.12.14/src/cairo-default-context.c:1053
#11 0x00007ffff5fb25e5 in cairo_fill (cr=0xdb8f10) at /tmp/buildd/cairo-1.12.14/src/cairo.c:2201
#12 0x00007ffff7494d4f in gtk_border_image_render_slice (cr=0xdb8f10, slice=0xf2ad20, slice_width=42098, slice_height=1, x=0, y=0, width=42099, 
    height=1, hrepeat=GTK_CSS_REPEAT_STYLE_NO_REPEAT, vrepeat=GTK_CSS_REPEAT_STYLE_NO_REPEAT)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkborderimage.c:210
#13 0x00007ffff74954cc in _gtk_border_image_render (image=0x7fffffff9de0, border_width=0x7fffffff9d50, cr=0xdb8f10, x=0, y=0, width=42099, height=28)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkborderimage.c:306
---Type <return> to continue, or q <return> to quit---
#14 0x00007ffff76ffc67 in render_frame_internal (engine=0x6eec00 [AdwaitaEngine], cr=0xdb8f10, x=0, y=0, width=42099, height=28, hidden_side=0, 
    junction=GTK_JUNCTION_NONE) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkthemingengine.c:1734
#15 0x00007ffff77001ce in gtk_theming_engine_render_frame (engine=0x6eec00 [AdwaitaEngine], cr=0xdb8f10, x=0, y=0, width=42099, height=28)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkthemingengine.c:1784
#16 0x00007ffff769f5f7 in gtk_render_frame (context=0xe2a960 [GtkStyleContext], cr=0xdb8f10, x=0, y=0, width=42099, height=28)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkstylecontext.c:3958
#17 0x00007ffff74a8d1b in gtk_button_draw (widget=0xdd8740 [GtkButton], cr=0xdb8f10)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkbutton.c:1724
#18 0x00007ffff75d9580 in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x665cf0, return_value=0x7fffffffa300, instance=0xdd8740, args=0x7fffffffa4a8, 
    marshal_data=0x7ffff74a8abc <gtk_button_draw>, n_params=1, param_types=0x665d60) at gtkmarshalers.c:130
#19 0x00007ffff777c8bc in gtk_widget_draw_marshallerv (closure=0x665cf0, return_value=0x7fffffffa300, instance=0xdd8740, args=0x7fffffffa4a8, 
    marshal_data=0x7ffff74a8abc <gtk_button_draw>, n_params=1, param_types=0x665d60)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkwidget.c:906
#20 0x00007ffff5d49484 in g_type_class_meta_marshalv (closure=0x665cf0, return_value=0x7fffffffa300, instance=0xdd8740, args=0x7fffffffa4a8, 
    marshal_data=0x120, n_params=1, param_types=0x665d60) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gclosure.c:997
#21 0x00007ffff5d49047 in _g_closure_invoke_va (closure=0x665cf0, return_value=0x7fffffffa300, instance=0xdd8740, args=0x7fffffffa4a8, n_params=1, 
    param_types=0x665d60) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gclosure.c:840
#22 0x00007ffff5d64f82 in g_signal_emit_valist (instance=0xdd8740, signal_id=34, detail=0, var_args=0x7fffffffa4a8)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gsignal.c:3234
#23 0x00007ffff5d66171 in g_signal_emit (instance=0xdd8740, signal_id=34, detail=0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gsignal.c:3384
#24 0x00007ffff7786443 in _gtk_widget_draw_internal (widget=0xdd8740 [GtkButton], cr=0xdb8f10, clip_to_size=1)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkwidget.c:6173
#25 0x00007ffff74fcdd6 in gtk_container_propagate_draw (container=0xe304e0 [DConfKeyView], child=0xdd8740 [GtkButton], cr=0xdb8f10)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkcontainer.c:3375
#26 0x00007ffff7750ad8 in gtk_tree_view_draw (widget=0xe304e0 [DConfKeyView], cr=0xdb8f10)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtktreeview.c:5427
#27 0x00007ffff75d9580 in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x665cf0, return_value=0x7fffffffaa40, instance=0xe304e0, args=0x7fffffffabe8, 
    marshal_data=0x7ffff77508c6 <gtk_tree_view_draw>, n_params=1, param_types=0x665d60) at gtkmarshalers.c:130
#28 0x00007ffff777c8bc in gtk_widget_draw_marshallerv (closure=0x665cf0, return_value=0x7fffffffaa40, instance=0xe304e0, args=0x7fffffffabe8, 
    marshal_data=0x7ffff77508c6 <gtk_tree_view_draw>, n_params=1, param_types=0x665d60)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkwidget.c:906
#29 0x00007ffff5d49484 in g_type_class_meta_marshalv (closure=0x665cf0, return_value=0x7fffffffaa40, instance=0xe304e0, args=0x7fffffffabe8, 
    marshal_data=0x120, n_params=1, param_types=0x665d60) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gclosure.c:997
---Type <return> to continue, or q <return> to quit---
#30 0x00007ffff5d49047 in _g_closure_invoke_va (closure=0x665cf0, return_value=0x7fffffffaa40, instance=0xe304e0, args=0x7fffffffabe8, n_params=1, 
    param_types=0x665d60) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gclosure.c:840
#31 0x00007ffff5d64f82 in g_signal_emit_valist (instance=0xe304e0, signal_id=34, detail=0, var_args=0x7fffffffabe8)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gsignal.c:3234
#32 0x00007ffff5d66171 in g_signal_emit (instance=0xe304e0, signal_id=34, detail=0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gsignal.c:3384
#33 0x00007ffff7786443 in _gtk_widget_draw_internal (widget=0xe304e0 [DConfKeyView], cr=0xdb8f10, clip_to_size=1)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkwidget.c:6173
#34 0x00007ffff77870fe in gtk_widget_send_expose (widget=0xe304e0 [DConfKeyView], event=0x7fffffffae60)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkwidget.c:6553
#35 0x00007ffff75d7a3c in gtk_main_do_event (event=0x7fffffffae60) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gtk/gtkmain.c:1619
#36 0x00007ffff713932e in _gdk_event_emit (event=0x7fffffffae60) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkevents.c:69
#37 0x00007ffff714c090 in _gdk_window_process_updates_recurse (window=0xe6cbf0 [GdkX11Window], expose_region=0xe6f9d0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4006
#38 0x00007ffff714c1e3 in _gdk_window_process_updates_recurse (window=0xe6c990 [GdkX11Window], expose_region=0xe6f9d0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4051
#39 0x00007ffff714c1e3 in _gdk_window_process_updates_recurse (window=0xe6c860 [GdkX11Window], expose_region=0xe6f9d0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4051
#40 0x00007ffff714c1e3 in _gdk_window_process_updates_recurse (window=0xe6c140 [GdkX11Window], expose_region=0xe6f9d0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4051
#41 0x00007ffff714c1e3 in _gdk_window_process_updates_recurse (window=0x6a9c00 [GdkX11Window], expose_region=0xe6f9d0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4051
#42 0x00007ffff714c1e3 in _gdk_window_process_updates_recurse (window=0x6a9ad0 [GdkX11Window], expose_region=0xe6f9d0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4051
#43 0x00007ffff718d247 in gdk_x11_window_process_updates_recurse (window=0x6a9ad0 [GdkX11Window], region=0xe6f9d0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/x11/gdkwindow-x11.c:5202
#44 0x00007ffff714c4b3 in gdk_window_process_updates_internal (window=0x6a9ad0 [GdkX11Window])
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4194
#45 0x00007ffff714c8e4 in gdk_window_process_updates_with_mode (window=0x6a9ad0 [GdkX11Window], recurse_mode=2)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:4374
#46 0x00007ffff715830d in gdk_window_paint_on_clock (clock=0x6b83c0 [GdkFrameClockIdle], data=0x6a9ad0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkwindow.c:11626
#47 0x00007ffff5d4be23 in g_cclosure_marshal_VOID__VOIDv (closure=0xe6a420, return_value=0x0, instance=0x6b83c0, args=0x7fffffffb7c8, marshal_data=
    0x0, n_params=0, param_types=0x0) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gmarshal.c:115
---Type <return> to continue, or q <return> to quit---
#48 0x00007ffff5d49047 in _g_closure_invoke_va (closure=0xe6a420, return_value=0x0, instance=0x6b83c0, args=0x7fffffffb7c8, n_params=0, param_types=
    0x0) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gclosure.c:840
#49 0x00007ffff5d64f82 in g_signal_emit_valist (instance=0x6b83c0, signal_id=154, detail=0, var_args=0x7fffffffb7c8)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gsignal.c:3234
#50 0x00007ffff5d662dd in g_signal_emit_by_name (instance=0x6b83c0, detailed_signal=0x7ffff7194aba "paint")
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gobject/gsignal.c:3424
#51 0x00007ffff71405c0 in gdk_frame_clock_paint_idle (data=0x6b83c0)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdkframeclockidle.c:419
#52 0x00007ffff712ddf4 in gdk_threads_dispatch (data=0x7ca420) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/gtk+/gdk/gdk.c:806
#53 0x00007ffff5a3d81a in g_timeout_dispatch (source=0xec7810, callback=0x7ffff712ddaf <gdk_threads_dispatch>, user_data=0x7ca420)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:4413
#54 0x00007ffff5a3bae4 in g_main_dispatch (context=0x64ac00) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:3054
#55 0x00007ffff5a3c83b in g_main_context_dispatch (context=0x64ac00) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:3630
#56 0x00007ffff5a3ca2d in g_main_context_iterate (context=0x64ac00, block=1, dispatch=1, self=0x63d640)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:3701
#57 0x00007ffff5a3caf1 in g_main_context_iteration (context=0x64ac00, may_block=1)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/glib/gmain.c:3762
#58 0x00007ffff6c071ea in g_application_run (application=0x645100 [ConfigurationEditor], argc=1, argv=0x7fffffffbc88)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/glib/gio/gapplication.c:1624
#59 0x000000000040d63e in configuration_editor_main (args=0x7fffffffbc88, args_length1=1)
    at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/dconf/editor/dconf-editor.c:2019
#60 0x000000000040d68c in main (argc=1, argv=0x7fffffffbc88) at /home/prahal/Projects/Devel/Gnome/jhbuild/gnome/dconf/editor/dconf-editor.c:2028

Comment 1 Chris Wilson 2013-04-06 08:06:34 UTC

The bug is not the negative coordinate, but that 42000 is an impossible surface size on X. The bug in cairo is trivial in comparison to the garbage being fed in. Please make sure that is fixed as well - I am pretty sure no one wants to create a 42,000 pixel wide surface to render a frame that is less than 800 pixels across.

Comment 2 Chris Wilson 2013-04-06 08:33:29 UTC

commit 04b9d5d9b1ab8544fc0918d8ced90dc70641e727
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Sat Apr 6 09:07:24 2013 +0100

    xlib: Wrap errors generating sources in an error surface
    
    Once upon a time the wrapping was provided by the caller, but the
    current requirement is that the error is propagated back as an error
    surface.
    
    Bugzilla: http://bugs.freedesktop.org/show_bug.cgi?id=63196
    Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>

This only fixes the crash, it cannot fix the invalid rendering.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.