Red Hat Bugzilla – Bug 219005
OOo crash during _cairo_bentley_ottmann_tessellate_polygon
Last modified: 2008-05-06 21:02:37 EDT
Description of problem:
OOCALC crahed popup text attached
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. =IF($A2=$A1,$A2) #trying to input a dup value check. It crashed when I was
in a lower level formula gui.
error, burp, blink, beep - but no crash.
Attached crash dump report
Created attachment 143201 [details]
looks like the crash took place in cairo from drawing some widget.
Do you have any way to reproduce this ?
I tried today and the spreadsheet was recovered with data intact.
I re-entered the fomula with the function gui and it worked.
I had updated the next days devel rawhide 11/09/06 so I can't varify it.
Close this bug and if it happens again I'll add a comment.
Created attachment 143275 [details]
stack mapped back to source lines
Here's the crashing bit of the stack, there's an awful lot of cairo stack here
before the crash.
method _cairo_bentley_ottmann_tessellate_polygon at...
file:line of /usr/src/debug/cairo-1.3.6/src/cairo-bentley-ottmann.c:777
method _cairo_path_fixed_fill_to_traps at...
file:line of /usr/src/debug/cairo-1.3.6/src/cairo-path-fill.c:197
method _cairo_clip_clip at...
file:line of /usr/src/debug/cairo-1.3.6/src/cairo-clip.c:489
method _cairo_gstate_clip at...
file:line of /usr/src/debug/cairo-1.3.6/src/cairo-gstate.c:1149
method *INT_cairo_clip_preserve at...
file:line of /usr/src/debug/cairo-1.3.6/src/cairo.c:2194
method ge_gdk_drawable_to_cairo at...
file:line of ./cairo-support.c:240
method clearlooks_style_draw_handle at...
file:line of src/clearlooks_style.c:324
method IA__gtk_paint_handle at...
file:line of /usr/src/debug/gtk+-2.10.6/gtk/gtkstyle.c:6272
Created attachment 143565 [details]
Patch to dump all tessellated polygons into a file
Could you apply the attached patch, rerun the crashing example, and return the
last few logged polygons from /tmp/polygon.log? Hopefully this would lead to a
smaller example for closer study.
Here's what I could find by poking around the ClearLooks code, (or rather, the
gtk-engines code as the crash doesn't appear to be coming from any
Here's the function of interest:
ge_gdk_drawable_to_cairo (GdkDrawable *window, GdkRectangle *area)
g_return_val_if_fail (window != NULL, NULL);
cr = (cairo_t*) gdk_cairo_create (window);
cairo_set_line_width (cr, 1.0);
cairo_set_line_cap (cr, CAIRO_LINE_CAP_SQUARE);
cairo_set_line_join (cr, CAIRO_LINE_JOIN_MITER);
cairo_rectangle (cr, area->x, area->y, area->width, area->height);
So that suggests that the path that triggers the bug could be nothing other than
a single integer rectangle. That's actually a rather surprising thing to be
tripping up the tessellator.
And meanwhile, it occurs to me that we did an optimization for single-rectangle
path fills, but perhaps that missed single-rectangle path clips. I'll take a
look at that now.
In the meantime, if anybody manages to reproduce this, that would be great. (But
from what I've seen here, it seems it didn't have anything to do with
OpenOffice.org at all, but perhaps just some particular expose-event rectangle
that managed to hit a bug).
Joonas, care to take a pass through the tessellator looking for something that
could go wrong if given a degenerate rectangle of some sort?
(In reply to comment #7)
> And meanwhile, it occurs to me that we did an optimization for single-rectangle
> path fills, but perhaps that missed single-rectangle path clips. I'll take a
> look at that now.
I checked now, and confirmed that the optimization does in fact apply to both
cairo_fill() and cairo_clip(). This optimization did not exist in any 1.3.x
snapshot of cairo, but is in place for cairo 1.4.0 and beyond.
And what the optimization does is to entirely bypass
_cairo_bentley_ottmann_tessellate_polygon whenever the path is nothing but a
single, axis-aligned rectangle.
So, I think that as of cairo 1.4.x the original bug should not be reproducible.
But I'd still very much like to find a polygon that triggers the failure in the
tessellator so that we can fix it.
Based on the date this bug was created, it appears to have been reported
against rawhide during the development of a Fedora release that is no
longer maintained. In order to refocus our efforts as a project we are
flagging all of the open bugs for releases which are no longer
maintained. If this bug remains in NEEDINFO thirty (30) days from now,
we will automatically close it.
If you can reproduce this bug in a maintained Fedora version (7, 8, or
rawhide), please change this bug to the respective version and change
the status to ASSIGNED. (If you're unable to change the bug's version
or status, add a comment to the bug and someone will change it for you.)
Thanks for your help, and we apologize again that we haven't handled
these issues to this point.
The process we're following is outlined here:
We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.
This bug has been in NEEDINFO for more than 30 days since feedback was
first requested. As a result we are closing it.
If you can reproduce this bug in the future against a maintained Fedora
version please feel free to reopen it against that version.
The process we're following is outlined here: