(In reply to comment #6)
> (In reply to comment #5)
> > Hi Massimo. Looks like you last patch with only 3 lines of code solved the
> > problem!
> > I applied here and no more segfault.
> > How i don't understand and i know nothing about cairo, i don't know if what
> > this patch do is the right thing or if is safe use it. All i know it is that
> > it solved, i think.
> >
>
> To me it seems correct and safe, it only drops empty
> boxes from the list of boxes to be tessellated.
It is. Could you please write a nice commit log, adding
and submit. Ideally we would love to have a test case to hit this problem as well. If you can capture it using cairo-trace that would be a good start.
> Empty boxes do not alter the insideness of any pixel
> because if a ray from the pixel intersects the top edge
> it also intersects the bottom edge, one from the left
> and the other from the right, so it should be correct
> for both (EVEN_ODD, WINDING) fill rules that cairo implements.
>
> OTOH these empty boxes are problematic as they possibly
> lead to a segfault.
>
> It is possible that there are better places to discard
> these boxes.
That's my only worry, I am trying to remember all the call paths that enter here and why we have empty boxes in the first place. In this case, the empty boxes seem to be part of the clip, which is worrisome. All the zero height boxes should have been prefiltered...
(In reply to comment #6)
> (In reply to comment #5)
> > Hi Massimo. Looks like you last patch with only 3 lines of code solved the
> > problem!
> > I applied here and no more segfault.
> > How i don't understand and i know nothing about cairo, i don't know if what
> > this patch do is the right thing or if is safe use it. All i know it is that
> > it solved, i think.
> >
>
> To me it seems correct and safe, it only drops empty
> boxes from the list of boxes to be tessellated.
It is. Could you please write a nice commit log, adding
Reported-by: Henrique Lengler <email address hidden> /bugs.freedeskt op.org/ show_bug. cgi?id= 81699
Bugzilla: https:/
and submit. Ideally we would love to have a test case to hit this problem as well. If you can capture it using cairo-trace that would be a good start.
> Empty boxes do not alter the insideness of any pixel
> because if a ray from the pixel intersects the top edge
> it also intersects the bottom edge, one from the left
> and the other from the right, so it should be correct
> for both (EVEN_ODD, WINDING) fill rules that cairo implements.
>
> OTOH these empty boxes are problematic as they possibly
> lead to a segfault.
>
> It is possible that there are better places to discard
> these boxes.
That's my only worry, I am trying to remember all the call paths that enter here and why we have empty boxes in the first place. In this case, the empty boxes seem to be part of the clip, which is worrisome. All the zero height boxes should have been prefiltered...
diff --git a/src/cairo-boxes.c b/src/cairo-boxes.c boxes_add_ internal (cairo_boxes_t *boxes,
index 63b68dd..90afdbd 100644
--- a/src/cairo-boxes.c
+++ b/src/cairo-boxes.c
@@ -139,6 +139,8 @@ _cairo_
if (unlikely (boxes->status))
return;
+ assert(box->x2 > box->x1 && box->y2 > box->y1);
+
chunk = boxes->tail;
if (unlikely (chunk->count == chunk->size)) {
int size;
So yes, this suggests a far deeper problem than just the tesselate failure.