Ubuntu
cairo package

Bug #1391857
Comment #14

Comment 14 for bug 1391857

Revision history for this message

In freedesktop.org Bugzilla #81699, Chris Wilson (ickle) wrote on 2014-08-21:

#14

(In reply to comment #6)
> (In reply to comment #5)
> > Hi Massimo. Looks like you last patch with only 3 lines of code solved the
> > problem!
> > I applied here and no more segfault.
> > How i don't understand and i know nothing about cairo, i don't know if what
> > this patch do is the right thing or if is safe use it. All i know it is that
> > it solved, i think.
> >
>
> To me it seems correct and safe, it only drops empty
> boxes from the list of boxes to be tessellated.

It is. Could you please write a nice commit log, adding

Reported-by: Henrique Lengler <email address hidden>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=81699

and submit. Ideally we would love to have a test case to hit this problem as well. If you can capture it using cairo-trace that would be a good start.

> Empty boxes do not alter the insideness of any pixel
> because if a ray from the pixel intersects the top edge
> it also intersects the bottom edge, one from the left
> and the other from the right, so it should be correct
> for both (EVEN_ODD, WINDING) fill rules that cairo implements.
>
> OTOH these empty boxes are problematic as they possibly
> lead to a segfault.
>
> It is possible that there are better places to discard
> these boxes.

That's my only worry, I am trying to remember all the call paths that enter here and why we have empty boxes in the first place. In this case, the empty boxes seem to be part of the clip, which is worrisome. All the zero height boxes should have been prefiltered...

+ assert(box->x2 > box->x1 && box->y2 > box->y1);
+
     chunk = boxes->tail;
     if (unlikely (chunk->count == chunk->size)) {
        int size;

So yes, this suggests a far deeper problem than just the tesselate failure.

(In reply to comment #6)
> (In reply to comment #5)
> > Hi Massimo. Looks like you last patch with only 3 lines of code solved the
> > problem!
> > I applied here and no more segfault.
> > How i don't understand and i know nothing about cairo, i don't know if what
> > this patch do is the right thing or if is safe use it. All i know it is that
> > it solved, i think.
> >
> 
> To me it seems correct and safe, it only drops empty
> boxes from the list of boxes to be tessellated.

It is. Could you please write a nice commit log, adding

Reported-by: Henrique Lengler <henriqueleng@openmailbox.org>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=81699

and submit. Ideally we would love to have a test case to hit this problem as well. If you can capture it using cairo-trace that would be a good start.
 
> Empty boxes do not alter the insideness of any pixel
> because if a ray from the pixel intersects the top edge
> it also intersects the bottom edge, one from the left
> and the other from the right, so it should be correct
> for both (EVEN_ODD, WINDING) fill rules that cairo implements. 
> 
> OTOH these empty boxes are problematic as they possibly
> lead to a segfault.
> 
> It is possible that there are better places to discard
> these boxes.

diff --git a/src/cairo-boxes.c b/src/cairo-boxes.c
index 63b68dd..90afdbd 100644
--- a/src/cairo-boxes.c
+++ b/src/cairo-boxes.c
@@ -139,6 +139,8 @@ _cairo_boxes_add_internal (cairo_boxes_t *boxes,
     if (unlikely (boxes->status))
        return;
 
+    assert(box->x2 > box->x1 && box->y2 > box->y1);
+
     chunk = boxes->tail;
     if (unlikely (chunk->count == chunk->size)) {
        int size;

So yes, this suggests a far deeper problem than just the tesselate failure.

Ubuntucairo package

Comment 14 for bug 1391857

Ubuntu
cairo package