Bug 6996 - Cairo crashes GIMP on opening: bus error
Summary: Cairo crashes GIMP on opening: bus error
Status: RESOLVED FIXED
Alias: None
Product: cairo
Classification: Unclassified
Component: xlib backend (show other bugs)
Version: 1.1.7
Hardware: PowerPC Mac OS X (All)
: high critical
Assignee: Carl Worth
QA Contact: cairo-bugs mailing list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-05-22 10:29 UTC by Patrick
Modified: 2008-10-10 06:35 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments
Contains full backtraces (40.90 KB, text/plain)
2006-06-20 11:23 UTC, niklas.laxstrom+fdo
Details

Description Patrick 2006-05-22 10:29:17 UTC
Cairo crashes in cairo_xlib_surface_old_show_glyphs when GIMP runs its user
install dialog.

Original Pango bug: http://bugzilla.gnome.org/show_bug.cgi?id=342457

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000048
0x014af124 in _cairo_xlib_surface_old_show_glyphs ()
(gdb) bt
#0  0x014af124 in _cairo_xlib_surface_old_show_glyphs ()
#1  0x0149461b in _cairo_surface_old_show_glyphs_draw_func ()
#2  0x01493688 in _clip_and_composite ()
#3  0x014947b7 in _cairo_surface_fallback_show_glyphs ()
#4  0x01491a0b in _cairo_surface_show_glyphs ()
#5  0x01486c65 in _cairo_gstate_show_glyphs ()
#6  0x01481533 in cairo_show_glyphs ()
#7  0x007d04d7 in pango_cairo_renderer_draw_glyphs (renderer=0x19d2d08,
font=0x1c28040, glyphs=0x1d29bc0, x=0, y=0) at pangocairo-render.c:237
#8  0x015fcff7 in pango_renderer_draw_glyphs ()
#9  0x007d0a4f in pango_cairo_show_glyph_string (cr=0x1a570c0, font=0x1c28040,
glyphs=0x1d29bc0) at pangocairo-render.c:444
#10 0x0071dfb2 in gdk_pango_renderer_draw_glyphs ()
#11 0x015fcff7 in pango_renderer_draw_glyphs ()
#12 0x015fdcf8 in pango_renderer_draw_layout_line ()
#13 0x015fe4a0 in pango_renderer_draw_layout ()
#14 0x0071fefd in gdk_draw_layout_with_colors ()
#15 0x007200c4 in gdk_draw_layout ()
#16 0x011e8341 in gtk_default_draw_layout ()
#17 0x0112ccfa in gtk_label_expose ()
#18 0x01144f58 in _gtk_marshal_BOOLEAN__BOXED ()
#19 0x0162797b in g_closure_invoke ()
#20 0x016387c6 in signal_emit_unlocked_R ()
#21 0x01639ed5 in g_signal_emit_valist ()
#22 0x0163a538 in g_signal_emit ()
#23 0x012c4e51 in gtk_widget_event_internal ()
#24 0x010840c4 in gtk_container_propagate_expose ()
#25 0x0108410e in gtk_container_expose_child ()
#26 0x010824cf in gtk_container_forall ()
#27 0x01082b54 in gtk_container_expose ()
#28 0x01030acc in gtk_button_expose ()
#29 0x01144f58 in _gtk_marshal_BOOLEAN__BOXED ()
#30 0x0162797b in g_closure_invoke ()
#31 0x016387c6 in signal_emit_unlocked_R ()
#32 0x01639ed5 in g_signal_emit_valist ()
#33 0x0163a538 in g_signal_emit ()
#34 0x012c4e51 in gtk_widget_event_internal ()
#35 0x010840c4 in gtk_container_propagate_expose ()
#36 0x0108410e in gtk_container_expose_child ()
#37 0x0102b368 in gtk_box_forall ()
#38 0x010824cf in gtk_container_forall ()
#39 0x01082b54 in gtk_container_expose ()
#40 0x01144f58 in _gtk_marshal_BOOLEAN__BOXED ()
#41 0x0162797b in g_closure_invoke ()
#42 0x016387c6 in signal_emit_unlocked_R ()
#43 0x01639ed5 in g_signal_emit_valist ()
#44 0x0163a538 in g_signal_emit ()
#45 0x012c4e51 in gtk_widget_event_internal ()
#46 0x010840c4 in gtk_container_propagate_expose ()
#47 0x0108410e in gtk_container_expose_child ()
#48 0x0102b368 in gtk_box_forall ()
#49 0x010824cf in gtk_container_forall ()
#50 0x01082b54 in gtk_container_expose ()
#51 0x01144f58 in _gtk_marshal_BOOLEAN__BOXED ()
#52 0x0162797b in g_closure_invoke ()
#53 0x016387c6 in signal_emit_unlocked_R ()
#54 0x01639ed5 in g_signal_emit_valist ()
#55 0x0163a538 in g_signal_emit ()
#56 0x012c4e51 in gtk_widget_event_internal ()
#57 0x010840c4 in gtk_container_propagate_expose ()
#58 0x0108410e in gtk_container_expose_child ()
#59 0x010824cf in gtk_container_forall ()
#60 0x01082b54 in gtk_container_expose ()
#61 0x01144f58 in _gtk_marshal_BOOLEAN__BOXED ()
#62 0x0162797b in g_closure_invoke ()
#63 0x016387c6 in signal_emit_unlocked_R ()
#64 0x01639ed5 in g_signal_emit_valist ()
#65 0x0163a538 in g_signal_emit ()
#66 0x012c4e51 in gtk_widget_event_internal ()
#67 0x0114310a in gtk_main_do_event ()
#68 0x0073207b in gdk_window_process_updates_internal ()
#69 0x0073214b in gdk_window_process_all_updates ()
#70 0x01081c48 in gtk_container_idle_sizer ()
#71 0x0190d6ef in g_main_context_dispatch ()
#72 0x0190de72 in g_main_context_iterate ()
#73 0x0190e1f8 in g_main_loop_run ()
#74 0x0114251e in gtk_main ()
#75 0x0004100d in user_install_dialog_run ()
#76 0x0000244a in app_run ()
#77 0x00002c79 in main ()
(gdb)
Comment 1 Patrick 2006-05-28 11:35:39 UTC
Recompiled libs from cairo up (not on purpose). Now I get this stack trace:

(gdb) run
Starting program: /sft/bin/gimp-2.3 
Reading symbols for shared libraries ......+++++++++..++...........
...................................+++...........+.++++++++ done
Reading symbols for shared libraries . done
Reading symbols for shared libraries . done

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x0000004c
0x014aff66 in _cairo_xlib_surface_show_glyphs ()
(gdb) bt
#0  0x014aff66 in _cairo_xlib_surface_show_glyphs ()
#1  0x01491ff8 in _cairo_surface_show_glyphs ()
#2  0x014872bd in _cairo_gstate_show_glyphs ()
#3  0x01481b8b in cairo_show_glyphs ()
#4  0x004d3004 in pango_cairo_renderer_draw_glyphs ()
#5  0x0153ee11 in pango_renderer_draw_glyphs ()
#6  0x004d36f0 in pango_cairo_show_glyph_string ()
#7  0x0071d5ca in gdk_pango_renderer_draw_glyphs ()
#8  0x0153ee11 in pango_renderer_draw_glyphs ()
#9  0x0153fbb2 in pango_renderer_draw_layout_line ()
#10 0x015403a6 in pango_renderer_draw_layout ()
#11 0x0071f515 in gdk_draw_layout_with_colors ()
#12 0x0071f6dc in gdk_draw_layout ()
#13 0x011e8c71 in gtk_default_draw_layout ()
#14 0x0112cd22 in gtk_label_expose ()
#15 0x01144f6c in _gtk_marshal_BOOLEAN__BOXED ()
#16 0x0156897b in g_closure_invoke ()
#17 0x015797c6 in signal_emit_unlocked_R ()
#18 0x0157aed5 in g_signal_emit_valist ()
#19 0x0157b538 in g_signal_emit ()
#20 0x012c57d5 in gtk_widget_event_internal ()
#21 0x012ca101 in gtk_widget_send_expose ()
#22 0x01084024 in gtk_container_propagate_expose ()
#23 0x0108406e in gtk_container_expose_child ()
#24 0x0102b12f in gtk_box_forall ()
#25 0x0108242f in gtk_container_forall ()
#26 0x01082ab4 in gtk_container_expose ()
#27 0x01144f6c in _gtk_marshal_BOOLEAN__BOXED ()
#28 0x0156897b in g_closure_invoke ()
#29 0x015797c6 in signal_emit_unlocked_R ()
#30 0x0157aed5 in g_signal_emit_valist ()
#31 0x0157b538 in g_signal_emit ()
#32 0x012c57d5 in gtk_widget_event_internal ()
#33 0x012ca101 in gtk_widget_send_expose ()
#34 0x01084024 in gtk_container_propagate_expose ()
#35 0x0108406e in gtk_container_expose_child ()
#36 0x0102b12f in gtk_box_forall ()
#37 0x0108242f in gtk_container_forall ()
#38 0x01082ab4 in gtk_container_expose ()
#39 0x01144f6c in _gtk_marshal_BOOLEAN__BOXED ()
#40 0x0156897b in g_closure_invoke ()
#41 0x015797c6 in signal_emit_unlocked_R ()
#42 0x0157aed5 in g_signal_emit_valist ()
#43 0x0157b538 in g_signal_emit ()
#44 0x012c57d5 in gtk_widget_event_internal ()
#45 0x012ca101 in gtk_widget_send_expose ()
#46 0x01084024 in gtk_container_propagate_expose ()
#47 0x0108406e in gtk_container_expose_child ()
#48 0x0108242f in gtk_container_forall ()
#49 0x01082ab4 in gtk_container_expose ()
#50 0x01144f6c in _gtk_marshal_BOOLEAN__BOXED ()
#51 0x0156897b in g_closure_invoke ()
#52 0x015797c6 in signal_emit_unlocked_R ()
#53 0x0157aed5 in g_signal_emit_valist ()
#54 0x0157b538 in g_signal_emit ()
#55 0x012c57d5 in gtk_widget_event_internal ()
#56 0x012ca101 in gtk_widget_send_expose ()
#57 0x0114311e in gtk_main_do_event ()
#58 0x00731693 in gdk_window_process_updates_internal ()
#59 0x00731763 in gdk_window_process_all_updates ()
#60 0x007317de in gdk_window_update_idle ()
#61 0x016136eb in g_main_context_dispatch ()
#62 0x01613e6e in g_main_context_iterate ()
#63 0x016141f4 in g_main_loop_run ()
#64 0x0061e8fd in gimp_dialog_run ()
#65 0x00003df0 in gui_abort ()
#66 0x0000279d in app_abort ()
#67 0x00002fcc in main ()
Comment 2 Vladimir Vukicevic 2006-05-28 19:24:13 UTC
This would be much more useful if you could recompile cairo with debugging
symbols, and figure out exactly what access is crashing (and what the line
number info is, etc).
i
Comment 3 niklas.laxstrom+fdo 2006-06-20 11:23:42 UTC
Created attachment 5995 [details]
Contains full backtraces

I have similar kind of crashes when using gucharmap. The more glyphs I see the
more faster it crashes. Sometimes it shows error from X like this:

The error was 'RenderBadGlyphSet (invalid GlyphSet parameter)'.
  (Details: serial 2505613 error_code 178 request_code 156 minor_code 25)

And sometimes it gets SEGV, here is the excerpt from the backtrace - full one
is in the attachment:

#0  0xb79018c7 in _cairo_xlib_surface_show_glyphs (scaled_font=0x81bd3e8,
operator=CAIRO_OPERATOR_OVER, pattern=0xbffc7760,
    abstract_surface=0x8915c60, source_x=1, source_y=902, dest_x=1, dest_y=902,
width=455, height=14, glyphs=0x899a580,
    num_glyphs=62) at cairo-xlib-surface.c:2376
#1  0xb78f81df in _cairo_surface_show_glyphs (scaled_font=0x81bd3e8,
operator=CAIRO_OPERATOR_OVER, pattern=0xbffc7760,
    dst=0x0, source_x=1, source_y=902, dest_x=1, dest_y=902, width=455,
height=14, glyphs=0x899a580, num_glyphs=62)
    at cairo-surface.c:1494
#2  0xb78f0855 in _cairo_scaled_font_show_glyphs (scaled_font=0x81bd3e8,
operator=CAIRO_OPERATOR_OVER, pattern=0xbffc7760,
    surface=0x8915c60, source_x=1, source_y=902, dest_x=1, dest_y=902,
width=455, height=14, glyphs=0x899a580,
    num_glyphs=62) at cairo-font.c:933
#3  0xb78f17ee in _cairo_gstate_show_glyphs_draw_func (closure=0xbffc77ec,
operator=CAIRO_OPERATOR_OVER, src=0xbffc7760,
    dst=0x8915c60, dst_x=0, dst_y=0, extents=0xbffc77f8) at cairo-gstate.c:2056

#4  0xb78f22cf in _cairo_gstate_clip_and_composite (clip=0x89b4c1c,
operator=CAIRO_OPERATOR_OVER, src=0xbffc7760,
    draw_func=0xb78f1726 <_cairo_gstate_show_glyphs_draw_func>,
draw_closure=0xbffc77ec, dst=0x8915c60, extents=0xbffc77f8)
    at cairo-gstate.c:1094
#5  0xb78f24ab in _cairo_gstate_show_glyphs (gstate=0x89b4b98,
glyphs=0x8701000, num_glyphs=62) at cairo-gstate.c:2134
#6  0xb78ed5ca in cairo_show_glyphs (cr=0x88a8780, glyphs=0xbffc640c,
num_glyphs=-551365614) at cairo.c:2161
#7  0xb7975a3a in pango_cairo_renderer_draw_glyphs (renderer=0x83d1f78,
font=0x81b4800, glyphs=0x8a3ca90, x=0, y=0)
    at pangocairo-render.c:237
#8  0xb793a486 in pango_renderer_draw_glyphs (renderer=0x83d1f78,
font=0x81b4800, glyphs=0x8a3ca90, x=0, y=0)
    at pango-renderer.c:599
#9  0xb797518f in pango_cairo_show_glyph_string (cr=0x88a8780, font=0x81b4800,
glyphs=0x8a3ca90) at pangocairo-render.c:444
#10 0xb79baab3 in gdk_draw_layout_line () from /usr/lib/libgdk-x11-2.0.so.0
#11 0xb793a486 in pango_renderer_draw_glyphs (renderer=0x400, font=0x81b4800,
glyphs=0x8a3ca90, x=2048, y=1038336)
    at pango-renderer.c:599
#12 0xb793a7ba in pango_renderer_draw_layout_line (renderer=0x8294150,
line=0x8598cb0, x=2048, y=1038336)
    at pango-renderer.c:530
#13 0xb793aab8 in pango_renderer_draw_layout (renderer=0x8294150,
layout=0x82bf2c0, x=2048, y=1024000)
    at pango-renderer.c:183

cairo: 1.0.4
pango: 1.12.2
gucharmap: 1.6.0

And forgive me if this is in a wrong bug :)
Comment 4 niklas.laxstrom+fdo 2006-06-20 16:03:17 UTC
I'm unable to reproduce this crash with 1.1.10 snapshot of cairo.
Comment 5 Chris Wilson 2008-10-10 06:35:52 UTC
Myserious crash that went away...


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.