91307 – _cairo_gl_surface_resolve_multisampling called with a cairo_gl_source_t* casted to a cairo_gl_surface_t*

Bug 91307 - _cairo_gl_surface_resolve_multisampling called with a cairo_gl_source_t* casted to a cairo_gl_surface_t*

Summary: _cairo_gl_surface_resolve_multisampling called with a cairo_gl_source_t* cast...

Status:	RESOLVED MOVED

Alias:	None

Product:	cairo
Classification:	Unclassified
Component:	gl backend (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	medium normal
Assignee:	cairo-bugs mailing list
QA Contact:	cairo-bugs mailing list

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-07-11 15:07 UTC by Massimo
Modified:	2018-08-25 13:29 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Massimo 2015-07-11 15:07:40 UTC

Running:
>( cd test && DISPLAY=:2 CAIRO_TEST_TARGET=gl valgrind --track-origins=yes .libs/cairo-test-suite -f text-rotate)

valgrind reports:

text-rotate.gl.argb32 [0x1]:    ==23402== Invalid read of size 4
>==2==    at 0x4CCF3B0: _cairo_gl_surface_resolve_multisampling (cairo/src/cairo-gl-surface.c:1314)
>==2==    by 0x4CC88B8: _cairo_gl_surface_operand_init (cairo/src/cairo-gl-operand.c:251)
>==2==    by 0x4CC88B8: _cairo_gl_operand_init (cairo/src/cairo-gl-operand.c:529)
>==2==    by 0x4CCD92F: _cairo_gl_pattern_to_source (cairo/src/cairo-gl-source.c:82)
>==2==    by 0x4C7F330: composite_aligned_boxes (cairo/src/cairo-spans-compositor.c:678)
>==2==    by 0x4C7F330: clip_and_composite_boxes.part.11 (cairo/src/cairo-spans-compositor.c:882)
>==2==    by 0x4C7F92D: clip_and_composite_boxes (cairo/src/cairo-spans-compositor.c:901)
>==2==    by 0x4C7FC15: _cairo_spans_compositor_mask (cairo/src/cairo-spans-compositor.c:999)
>==2==    by 0x4C3A3C8: _cairo_compositor_mask (cairo/src/cairo-compositor.c:106)
>==2==    by 0x4C82D5B: _cairo_surface_mask (cairo/src/cairo-surface.c:2166)
>==2==    by 0x4CC747D: render_glyphs_via_mask (cairo/src/cairo-gl-glyphs.c:401)
>==2==    by 0x4CC7612: _cairo_gl_composite_glyphs_with_clip (cairo/src/cairo-gl-glyphs.c:461)
>==2==    by 0x4CC7653: _cairo_gl_composite_glyphs (cairo/src/cairo-gl-glyphs.c:482)
>==2==    by 0x4C93C76: clip_and_composite (cairo/src/cairo-traps-compositor.c:1049)
>==2==    by 0x4C93E6C: _cairo_traps_compositor_glyphs (cairo/src/cairo-traps-compositor.c:2335)
>==2==    by 0x4C3A69E: _cairo_compositor_glyphs (cairo/src/cairo-compositor.c:250)
>==2==    by 0x4CCDA37: _cairo_gl_surface_glyphs (cairo/src/cairo-gl-surface.c:1424)
>==2==    by 0x4C835F2: _cairo_surface_show_text_glyphs (cairo/src/cairo-surface.c:2600)
>==2==    by 0x4C43917: _cairo_gstate_show_text_glyphs (cairo/src/cairo-gstate.c:2023)
>==2==    by 0x4C36295: cairo_show_text (cairo/src/cairo.c:3263)
>==2==    by 0x44A26C: draw_quadrant (cairo/test/text-rotate.c:120)
>==2==    by 0x44A3ED: draw (cairo/test/text-rotate.c:168)
>==2==    by 0x40E04B: cairo_test_for_target (cairo/test/cairo-test.c:929)
>==2==    by 0x40EEC1: _cairo_test_context_run_for_target (cairo/test/cairo-test.c:1551)
>==2==    by 0x40BB13: _cairo_test_runner_draw (cairo/test/cairo-test-runner.c:255)
>==2==    by 0x40BB13: main (cairo/test/cairo-test-runner.c:937)
>==2==  Address 0x90247dc is 20 bytes before a block of size 1,040 alloc'd
>==2==    at 0x4A08987: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
>==2==    by 0x5C588C1: ??? (in /usr/lib64/dri/i965_dri.so)
>==2==    by 0x599D878: ??? (in /usr/lib64/dri/i965_dri.so)
>==2==    by 0x4CCEC67: _create_scratch_internal (cairo/src/cairo-gl-surface.c:457)
>==2==    by 0x4CCED4C: _cairo_gl_surface_create_scratch (cairo/src/cairo-gl-surface.c:512)

To silence this warning it is sufficient to return CAIRO_INT_STATUS_SUCCESS
if  _cairo_surface_is_gl (&surface->base) fails at line 1314 of src/cairo-gl-surface.c.

http://cgit.freedesktop.org/cairo/tree/src/cairo-gl-surface.c#n1311

Another apparent fix could be to anticipate the if (surface->base.device == NULL) 
before the if (! surface->msaa_active) as it seems gl_source_t are created 
with a NULL device pointer.

Comment 1 Bryce Harrington 2015-07-30 23:14:10 UTC

I wonder if that just papers over the issue; that routine shouldn't be getting called on non-GL surfaces should it?

If the text can't be done through GL in this case, then perhaps that should be detected and handled higher up, such as in composite_aligned_boxes?

Comment 2 GitLab Migration User 2018-08-25 13:29:47 UTC

-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/cairo/cairo/issues/33.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.