9844 – cairo crashes in cairo_create_simular if nil surface returned by other->backend->create_similar

Bug 9844 - cairo crashes in cairo_create_simular if nil surface returned by other->backend->create_similar

Summary: cairo crashes in cairo_create_simular if nil surface returned by other->backe...

Status:	RESOLVED FIXED

Alias:	None

Product:	cairo
Classification:	Unclassified
Component:	general (show other bugs)
Version:	1.3.13
Hardware:	All All

Importance:	medium blocker
Assignee:	Carl Worth
QA Contact:	cairo-bugs mailing list

URL:
Whiteboard:
Keywords:	patch

Depends on:
Blocks:

Reported:	2007-02-01 21:27 UTC by Alexander Darovsky
Modified:	2007-03-19 20:49 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments
patch which fixes cairo crash (529 bytes, patch) 2007-02-01 21:28 UTC, Alexander Darovsky	Details \| Splinter Review
A patch that fixes bug in 1.4.0 (493 bytes, patch) 2007-03-16 02:33 UTC, Alexander Darovsky	Details \| Splinter Review
A test case (361 bytes, text/plain) 2007-03-19 20:49 UTC, Alexander Darovsky	Details
View All

Description Alexander Darovsky 2007-02-01 21:27:20 UTC

There's invalid check in cairo-surface.c, which checks for (!surface), but
on failure nil surface is always returned.

Attached a simple patch which fixes this issue.

Comment 1 Alexander Darovsky 2007-02-01 21:28:06 UTC

Created attachment 8577 [details] [review]
patch which fixes cairo crash

Comment 2 Carl Worth 2007-03-02 03:17:46 UTC

Thanks for the report. I've made an alternate fix here which I'd love for you to give a try:

http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=4e0f0d9425e2677e75681b2416e7ee4c4e87440c

This is already available in a git pull of 1.3.15 and will be in 1.4.0 as well.

Also, if you could tell me what you were doing to get which backend to return a nil surface from create_similar, I'd love to add something to a test case to exercise this situation.

-Carl

Comment 3 Alexander Darovsky 2007-03-16 02:31:36 UTC

Unfortunatelly, the bug still exists in 1.4.0. Attached the patch that fixes it.

Comment 4 Alexander Darovsky 2007-03-16 02:33:40 UTC

Created attachment 9179 [details] [review]
A patch that fixes bug in 1.4.0

Here is a patch that fixes crash while creating surface with negative width

Comment 5 Carl Worth 2007-03-16 08:56:13 UTC

(In reply to comment #3)
> Unfortunatelly, the bug still exists in 1.4.0. Attached the patch that fixes
> it.

Sorry we missed the fix.

Again, as I asked before, do you have a test case that we can use to exercise the bug so that we can be sure we've actually fixed it and that we don't keep regressing here?

-Carl

Comment 6 Carl Worth 2007-03-19 15:52:40 UTC

Ok, I've pushed out another fix for this (will be in 1.4.2):

http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=725a4de42dfaf0d9d98447c9fbefed99fbf99ac1

It's slightly different, but hopefully still solves the problem,
(again, I'm still waiting for a test case to demonstrate the bug).

-Carl

Comment 7 Alexander Darovsky 2007-03-19 20:49:00 UTC

Created attachment 9225 [details]
A test case

A test case, which fails on unpatched cairo, but works on patched one

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.