ubuntu-x-swat team mailing list archive

Thread
Date

[Bug 756237] Re: wxRuby crashes with segmentation fault in pixman_image_composite32

To: ubuntu-x-swat@xxxxxxxxxxxxxxxxxxx
From: David Foerster <756237@xxxxxxxxxxxxxxxxxx>
Date: Mon, 20 Jun 2011 20:30:50 -0000
Reply-to: Bug 756237 <756237@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I can confirm David Beswick's findings and add a few details.

I experience this bug with versions 0.20.2, 0.22.0 and 0.23.1 (from today's git
master). Please have a look at my attached gdb trace (pixman git master on
Ubuntu 11.04 x86_64, all optimizations disabled (./configure --disable-openmp
--disable-mmx --disable-sse2 --disable-vmx --disable-arm-simd
--disable-arm-neon CFLAGS='-g -O0')).
The interesting parts are:

[...]
#0  0x00007fffea9b64d3 in lookup_composite_function (op=PIXMAN_OP_SRC,
src=0xf93b80, mask=0x0, dest=0xf93fb0, src_x=0, src_y=0, mask_x=0, mask_y=0,
dest_x=0, dest_y=0, width=8, height=1) at ../../pixman/pixman.c:378
        info = 0x8
[...]
rax            0x8    8
[...]
=> 0x7fffea9b64d3 <pixman_image_composite32+883>:    mov    (%rax),%eax

The corresponding part in pixman/pixman.c:378 is:

369 for (i = 0; i < N_CACHED_FAST_PATHS; ++i)
    {
    const pixman_fast_path_t *info = &(cache->cache[i].fast_path);

    /* Note that we check for equality here, not whether
     * the cached fast path matches. This is to prevent
     * us from selecting an overly general fast path
     * when a more specific one would work.
     */
378    if (info->op == op            &&
        info->src_format == src_format    &&
        info->mask_format == mask_format    &&
        info->dest_format == dest_format    &&
        info->src_flags == src_flags    &&
        info->mask_flags == mask_flags    &&
        info->dest_flags == dest_flags    &&
        info->func)
    {
        *out_imp = cache->cache[i].imp;
        *out_func = cache->cache[i].fast_path.func;

        goto update_cache;
    }
392 }

So in line 378 pixman tries to read from a bad pointer.

When I comment that code part, everything seems fine.

** Attachment added: "stacktrace of crash in libpixman with wxruby's minimal example"
   https://bugs.launchpad.net/ubuntu/+source/pixman/+bug/756237/+attachment/2176306/+files/stacktrace.txt

-- 
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to pixman in Ubuntu.
https://bugs.launchpad.net/bugs/756237

Title:
  wxRuby crashes with segmentation fault in pixman_image_composite32

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pixman/+bug/756237/+subscriptions

References

[Bug 756237] [NEW] wxRuby crashes with segmentation fault in pixman_image_composite32
From: David Beswick, 2011-04-10