[cairo-bugs] [Bug 90120] Image compositor can pass invalid coordinates to pixman_fill()
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Apr 20 14:46:39 PDT 2015
https://bugs.freedesktop.org/show_bug.cgi?id=90120
--- Comment #2 from Federico Mena-Quintero <federico at gnome.org> ---
For reference, this is the top of the backtrace when the invalid write happens:
#0 0x000000000b530d04 in sse2_fill (imp=0xf5e2390, bits=0x12461330, stride=80,
bpp=32, x=1, y=1, width=18, height=-14, filler=4294901760) at
pixman-sse2.c:3394
#1 0x000000000b497319 in _pixman_implementation_fill (imp=0xf5e2390,
bits=0x12461330, stride=20, bpp=32, x=1, y=1, width=18, height=-2,
filler=4294901760) at pixman-implementation.c:277
#2 0x000000000b2abced in pixman_fill (bits=0x12461330, stride=20, bpp=32, x=1,
y=1, width=18, height=-2, filler=4294901760) at pixman.c:766
#3 0x0000000006c3895d in fill_boxes (_dst=0x12461730,
op=CAIRO_OPERATOR_SOURCE, color=0x7feffeee8, boxes=0x7feffe990) at
cairo-image-compositor.c:349
#4 0x0000000006c84450 in composite_aligned_boxes (compositor=0x6f72dc0
<spans.11385>, extents=0x7feffedf0, boxes=0x7feffe990) at
cairo-spans-compositor.c:619
#5 0x0000000006c84dbd in clip_and_composite_boxes (compositor=0x6f72dc0
<spans.11385>, extents=0x7feffedf0, boxes=0x7feffe990) at
cairo-spans-compositor.c:873
#6 0x0000000006c852d1 in _cairo_spans_compositor_stroke (_compositor=0x6f72dc0
<spans.11385>, extents=0x7feffedf0, path=0x1245f538, style=0x7fefff210,
ctm=0x12464a40, ctm_inverse=0x12464a70, tolerance=0.10000000000000001,
antialias=CAIRO_ANTIALIAS_DEFAULT) at cairo-spans-compositor.c:1029
#7 0x0000000006c29d02 in _cairo_compositor_stroke (compositor=0x6f72dc0
<spans.11385>, surface=0x12461730, op=CAIRO_OPERATOR_OVER, source=0x7fefff240,
path=0x1245f538, style=0x7fefff210, ctm=0x12464a40, ctm_inverse=0x12464a70,
tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0x0)
at cairo-compositor.c:157
#8 0x0000000006c4162f in _cairo_image_surface_stroke
(abstract_surface=0x12461730, op=CAIRO_OPERATOR_OVER, source=0x7fefff240,
path=0x1245f538, style=0x7fefff210, ctm=0x12464a40, ctm_inverse=0x12464a70,
tolerance=0.10000000000000001,
antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0x0) at cairo-image-surface.c:961
#9 0x0000000006c8aad8 in _cairo_surface_stroke (surface=0x12461730,
op=CAIRO_OPERATOR_OVER, source=0x7fefff240, path=0x1245f538,
stroke_style=0x7fefff210, ctm=0x12464a40, ctm_inverse=0x12464a70,
tolerance=0.10000000000000001,
antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0x0) at cairo-surface.c:2210
#10 0x0000000006c33fd3 in _cairo_gstate_stroke (gstate=0x12464950,
path=0x1245f538) at cairo-gstate.c:1185
#11 0x0000000006c2dbad in _cairo_default_context_stroke
(abstract_cr=0x1245f1d0) at cairo-default-context.c:1013
#12 0x0000000006c225e5 in INT_cairo_stroke (cr=0x1245f1d0) at cairo.c:2146
#13 0x0000000004e5ae8e in rsvg_cairo_render_path (ctx=0x12463af0,
path=<optimized out>) at rsvg-cairo-draw.c:549
--
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20150420/ecd8a87f/attachment.html>
More information about the cairo-bugs
mailing list