Bug 219005
Summary: | OOo crash during _cairo_bentley_ottmann_tessellate_polygon | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Darwin H. Webb <thethirddoorontheleft> | ||||||||
Component: | cairo | Assignee: | Behdad Esfahbod <behdad> | ||||||||
Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | |||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | rawhide | CC: | caolanm, cworth, triage | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | bzcl34nup | ||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2008-05-07 01:02:37 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Darwin H. Webb
2006-12-09 01:52:51 UTC
Created attachment 143201 [details]
OOCACL-crash.txt
looks like the crash took place in cairo from drawing some widget. Do you have any way to reproduce this ? I tried today and the spreadsheet was recovered with data intact. I re-entered the fomula with the function gui and it worked. I had updated the next days devel rawhide 11/09/06 so I can't varify it. Close this bug and if it happens again I'll add a comment. thanks, Darwin Created attachment 143275 [details]
mapped stack
stack mapped back to source lines
Here's the crashing bit of the stack, there's an awful lot of cairo stack here before the crash. method _cairo_bentley_ottmann_tessellate_polygon at... file:line of /usr/src/debug/cairo-1.3.6/src/cairo-bentley-ottmann.c:777 method _cairo_path_fixed_fill_to_traps at... file:line of /usr/src/debug/cairo-1.3.6/src/cairo-path-fill.c:197 method _cairo_clip_clip at... file:line of /usr/src/debug/cairo-1.3.6/src/cairo-clip.c:489 method _cairo_gstate_clip at... file:line of /usr/src/debug/cairo-1.3.6/src/cairo-gstate.c:1149 method *INT_cairo_clip_preserve at... file:line of /usr/src/debug/cairo-1.3.6/src/cairo.c:2194 method ge_gdk_drawable_to_cairo at... file:line of ./cairo-support.c:240 method clearlooks_style_draw_handle at... file:line of src/clearlooks_style.c:324 method IA__gtk_paint_handle at... file:line of /usr/src/debug/gtk+-2.10.6/gtk/gtkstyle.c:6272 Created attachment 143565 [details]
Patch to dump all tessellated polygons into a file
Could you apply the attached patch, rerun the crashing example, and return the
last few logged polygons from /tmp/polygon.log? Hopefully this would lead to a
smaller example for closer study.
Cheers,
Joonas
Here's what I could find by poking around the ClearLooks code, (or rather, the gtk-engines code as the crash doesn't appear to be coming from any clearlooks-specific code). Here's the function of interest: cairo_t * ge_gdk_drawable_to_cairo (GdkDrawable *window, GdkRectangle *area) { cairo_t *cr; g_return_val_if_fail (window != NULL, NULL); cr = (cairo_t*) gdk_cairo_create (window); cairo_set_line_width (cr, 1.0); cairo_set_line_cap (cr, CAIRO_LINE_CAP_SQUARE); cairo_set_line_join (cr, CAIRO_LINE_JOIN_MITER); if (area) { cairo_rectangle (cr, area->x, area->y, area->width, area->height); cairo_clip_preserve (cr); cairo_new_path (cr); } return cr; } So that suggests that the path that triggers the bug could be nothing other than a single integer rectangle. That's actually a rather surprising thing to be tripping up the tessellator. And meanwhile, it occurs to me that we did an optimization for single-rectangle path fills, but perhaps that missed single-rectangle path clips. I'll take a look at that now. In the meantime, if anybody manages to reproduce this, that would be great. (But from what I've seen here, it seems it didn't have anything to do with OpenOffice.org at all, but perhaps just some particular expose-event rectangle that managed to hit a bug). Joonas, care to take a pass through the tessellator looking for something that could go wrong if given a degenerate rectangle of some sort? -Carl (In reply to comment #7) > And meanwhile, it occurs to me that we did an optimization for single-rectangle > path fills, but perhaps that missed single-rectangle path clips. I'll take a > look at that now. I checked now, and confirmed that the optimization does in fact apply to both cairo_fill() and cairo_clip(). This optimization did not exist in any 1.3.x snapshot of cairo, but is in place for cairo 1.4.0 and beyond. And what the optimization does is to entirely bypass _cairo_bentley_ottmann_tessellate_polygon whenever the path is nothing but a single, axis-aligned rectangle. So, I think that as of cairo 1.4.x the original bug should not be reproducible. But I'd still very much like to find a polygon that triggers the failure in the tessellator so that we can fix it. -Carl Based on the date this bug was created, it appears to have been reported against rawhide during the development of a Fedora release that is no longer maintained. In order to refocus our efforts as a project we are flagging all of the open bugs for releases which are no longer maintained. If this bug remains in NEEDINFO thirty (30) days from now, we will automatically close it. If you can reproduce this bug in a maintained Fedora version (7, 8, or rawhide), please change this bug to the respective version and change the status to ASSIGNED. (If you're unable to change the bug's version or status, add a comment to the bug and someone will change it for you.) Thanks for your help, and we apologize again that we haven't handled these issues to this point. The process we're following is outlined here: http://fedoraproject.org/wiki/BugZappers/F9CleanUp We will be following the process here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this doesn't happen again. This bug has been in NEEDINFO for more than 30 days since feedback was first requested. As a result we are closing it. If you can reproduce this bug in the future against a maintained Fedora version please feel free to reopen it against that version. The process we're following is outlined here: http://fedoraproject.org/wiki/BugZappers/F9CleanUp |