Bug 353401 - dot segfault with multiple transformations
Summary: dot segfault with multiple transformations
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: graphviz
Version: 7
Hardware: x86_64
OS: Linux
medium
high
Target Milestone: ---
Assignee: Jima
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-10-25 22:58 UTC by Jerry James
Modified: 2008-02-01 16:06 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-02-01 16:06:18 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
Input file for dot (32.72 KB, text/plain)
2007-10-25 22:58 UTC, Jerry James 		no flags Details
View All

Description Jerry James 2007-10-25 22:58:18 UTC 
Description of problem:
This may be a cairo bug instead of a graphviz bug, but I'm filing it against the
component I was using when the segfault occurred.

While attempting to generate documentation with doxygen, I experienced multiple
dot failures.  Invoking dot from the command line shows that it is segfaulting.
 I will attach the input file to this bug report.  Here is the invocation that
produces the segfault:

dot classCVC3_1_1Assumptions_1_1iterator_1_1Proxy__coll__graph.dot -Tpng -o
classCVC3_1_1Assumptions_1_1iterator_1_1Proxy__coll__graph.png -Tcmap -o
classCVC3_1_1Assumptions_1_1iterator_1_1Proxy__coll__graph.map

Note that I am attempting two transformations at once.  It is faster than doing
the transformations one at a time.  The backtrace from the segfault is:

Program received signal SIGSEGV, Segmentation fault.
_cairo_pixman_composite_solid_mask_nx8x8888mmx (op=<value optimized out>, 
    pSrc=<value optimized out>, pMask=<value optimized out>, 
    pDst=<value optimized out>, xSrc=<value optimized out>, 
    ySrc=<value optimized out>, xMask=0, yMask=0, xDst=0, yDst=0, width=25014, 
    height=11541) at fbmmx.c:1615
1615                    *(ullong *)dst = srcsrc;
(gdb) bt
#0  _cairo_pixman_composite_solid_mask_nx8x8888mmx (op=<value optimized out>, 
    pSrc=<value optimized out>, pMask=<value optimized out>, 
    pDst=<value optimized out>, xSrc=<value optimized out>, 
    ySrc=<value optimized out>, xMask=0, yMask=0, xDst=0, yDst=0, width=25014, 
    height=11541) at fbmmx.c:1615
#1  0x00000035f404898b in _cairo_pixman_composite (op=PIXMAN_OPERATOR_OVER, 
    pSrc=0x9c6500, pMask=0x2aab0119fb98, pDst=0x9c6430, xSrc=0, ySrc=0, 
    xMask=0, yMask=0, xDst=0, yDst=0, width=25014, height=11546)
    at fbpict.c:1986
#2  0x00000035f401217c in _cairo_image_surface_composite_trapezoids (
    op=CAIRO_OPERATOR_OVER, pattern=0x7fffc7dbacd0, abstract_dst=0x9ff690, 
    antialias=<value optimized out>, src_x=0, src_y=0, dst_x=0, dst_y=0, 
    width=25014, height=11546, traps=0x7fffc7dbabf8, num_traps=1)
    at cairo-image-surface.c:1009
#3  0x00000035f401beb5 in _cairo_surface_composite_trapezoids (op=18480024, 
    pattern=0x7fffc7dbacd0, dst=0x9ff690, antialias=CAIRO_ANTIALIAS_DEFAULT, 
    src_x=0, src_y=0, dst_x=0, dst_y=0, width=25014, height=11546, 
    traps=0x7fffc7dbabf8, num_traps=1) at cairo-surface.c:1494
#4  0x00000035f401f1d6 in _composite_traps_draw_func (closure=0x7fffc7dbab10, 
    op=CAIRO_OPERATOR_OVER, src=0x7fffc7dbacd0, dst=0x9ff690, dst_x=0, 
    dst_y=0, extents=0x7fffc7dbab50) at cairo-surface-fallback.c:500
#5  0x00000035f401e364 in _clip_and_composite (clip=0x0, 
    op=CAIRO_OPERATOR_OVER, src=0x7fffc7dbacd0, 
    draw_func=0x35f401f110 <_composite_traps_draw_func>, 
    draw_closure=0x7fffc7dbab10, dst=0x9ff690, extents=0x7fffc7dbab50)
    at cairo-surface-fallback.c:394
#6  0x00000035f401ecf9 in _clip_and_composite_trapezoids (src=0x8, op=32767, 
    dst=0x9ff690, traps=0x7fffc7dbabd0, clip=0x0, 
    antialias=CAIRO_ANTIALIAS_DEFAULT) at cairo-surface-fallback.c:663
#7  0x00000035f401f0ff in _cairo_surface_fallback_fill (surface=0x9ff690, 
    op=CAIRO_OPERATOR_OVER, source=0x7fffc7dbacd0, path=0xa031a8, 
    fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001, 
    antialias=CAIRO_ANTIALIAS_DEFAULT) at cairo-surface-fallback.c:907
#8  0x00000035f401ca55 in _cairo_surface_fill (surface=0x9ff690, 
    op=CAIRO_OPERATOR_OVER, source=<value optimized out>, path=0xa031a8, 
    fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001, 
    antialias=CAIRO_ANTIALIAS_DEFAULT) at cairo-surface.c:1454
#9  0x00000035f400ff7c in _cairo_gstate_fill (gstate=0x9fb480, path=0xa031a8)
    at cairo-gstate.c:1044
#10 0x00000035f40097e0 in *INT_cairo_fill_preserve (cr=0xa02fe0)
    at cairo.c:2096
#11 0x00002aaaab560447 in cairogen_polygon (job=<value optimized out>, 
    A=0x7fffc7dbaf20, n=4, filled=1) at gvrender_pango.c:342
#12 0x00002aaaaaadee50 in gvrender_box (job=0x2aab0119fb98, B=
        {LL = {x = -4, y = -4}, UR = {x = -2147481276, y = 8656}}, filled=216)
    at gvrender.c:819
#13 0x00002aaaaaafeb0e in emit_background (job=0x60bef0, 
    g=<value optimized out>) at emit.c:728
#14 0x00002aaaaab03a21 in emit_graph (job=0x60bef0, g=0x611570) at emit.c:2088
#15 0x00002aaaaab05254 in gvRenderJobs (gvc=0x6032b0, g=0x611570)
    at emit.c:2686
#16 0x0000000000400cdf in main (argc=8, argv=<value optimized out>)
    at dot.c:177
#17 0x000000312621dab4 in __libc_start_main () from /lib64/libc.so.6
#18 0x0000000000400a89 in _start ()

Version-Release number of selected component (if applicable):
graphviz-2.12-8.fc7

How reproducible:
Always

Steps to Reproduce:
1. Invoke dot with the given command line parameters
  
Actual results:
dot segfaults

Expected results:
dot should produce the requested output

Additional info:
Comment 1 Jerry James 2007-10-25 22:58:18 UTC 
Created attachment 238171 [details]
Input file for dot
Comment 2 Jerry James 2007-10-25 23:01:47 UTC 
I thought the multiple transformations had something to do with it, but I'm
getting the same backtrace with just the png transformation.  In other words,
you can shorten the invocation to just:

dot classCVC3_1_1Assumptions_1_1iterator_1_1Proxy__coll__graph.dot -Tpng -o
classCVC3_1_1Assumptions_1_1iterator_1_1Proxy__coll__graph.png

The cmap transformation, on the other hand, works as expected.
Comment 3 Jerry James 2007-10-26 18:49:15 UTC 
I installed graphviz-gd and tried using -Tgif instead of -Tpng.  Then dot
consumed all physical memory, and my computer started thrashing and became
pretty much unusable for several minutes until swap space was depleted and the
program was killed.  So maybe the input file is pathological in some way. 
Nevertheless, it shouldn't segfault.
Comment 4 Jima 2007-12-03 20:58:50 UTC 
First off, I apologize for the delay in my response.

I don't presently have any Fedora 7 machines (real or virtual), but my testing
on a rawhide x86_64 xen guest (and a Fedora 8 xen host, as explained below)
seems to confirm that *something* is amiss, in the RPMs from both Fedora 7 *and* 8.

Can you grab RPMs from here and give them a spin?

http://koji.fedoraproject.org/koji/taskinfo?taskID=263562
(follow the Descendent Task for the appropriate arch)

Using those RPMs on a Fedora 8 guest, I was able to do both png & cmap or gif &
cmap in one pass.  I tried doing all three in one pass, but I think it OOMd the
512mb of memory I had assigned to that VM, so I tried again on its host (which
has about 3.5gb left) and was successful.  (And then just about killed my
desktop trying to actually view the files.  Sigh.)

If these fix your problem, I can see about pushing 2.16 to F8/F7.  I'm not
thrilled with the idea (soname change, etc), but if that's what needs to be
done, I'll do it. :-)

Thanks!
Comment 5 Jerry James 2007-12-20 04:22:32 UTC 
My turn to take a long time responding. :-)

My use case is of such minor importance that there's no point in bothering
everyone with an soname change.  It would be good to get the fix into rawhide,
though.  Anyway, the new rpms do seem to fix the problem.  Thanks for the work
you put in on this!  It's much appreciated.
Comment 6 Jima 2008-02-01 16:06:18 UTC 
Closing as RAWHIDE, thanks for bringing it to my attention!
Note You need to log in before you can comment on or make changes to this bug.