[cairo-bugs] [Bug 103335] New: Assert in _cairo_scaled_glyph_page_destroy !scaled_font->cache_frozen

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Oct 18 09:22:52 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=103335

            Bug ID: 103335
           Summary: Assert in _cairo_scaled_glyph_page_destroy
                    !scaled_font->cache_frozen
           Product: cairo
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: freetype font backend
          Assignee: david at freetype.org
          Reporter: carlosgc at gnome.org
        QA Contact: cairo-bugs at cairographics.org

This happens when _cairo_ft_scaled_glyph_init() returns
CAIRO_INT_STATUS_UNSUPPORTED when called from _cairo_scaled_glyph_lookup(). In
those cases _cairo_scaled_font_free_last_glyph() is called to release the glyph
that has just been allocated. If there aren't more glyphs,
_cairo_scaled_glyph_page_destroy() is called. The problem is that
_cairo_scaled_glyph_lookup() should always be called with the cache frozen, and
_cairo_scaled_glyph_page_destroy() without the cache frozen. A possible
solution could be to thaw/freeze in _cairo_scaled_font_free_last_glyph() when
num_glyphs is 0. I noticed this with WebKit, see the backtrace below.

#0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007fda0dc5642a in __GI_abort () at abort.c:89
#2  0x00007fda0dc4de67 in __assert_fail_base (fmt=<optimized out>,
assertion=assertion at entry=0x7fda1d456bbe "!scaled_font->cache_frozen", 
    file=file at entry=0x7fda1d456b9b "cairo-scaled-font.c", line=line at entry=456,
function=function at entry=0x7fda1d457060 <__PRETTY_FUNCTION__.10925>
"_cairo_scaled_glyph_page_destroy")
    at assert.c:92
#3  0x00007fda0dc4df12 in __GI___assert_fail
(assertion=assertion at entry=0x7fda1d456bbe "!scaled_font->cache_frozen",
file=file at entry=0x7fda1d456b9b "cairo-scaled-font.c", 
    line=line at entry=456, function=function at entry=0x7fda1d457060
<__PRETTY_FUNCTION__.10925> "_cairo_scaled_glyph_page_destroy") at assert.c:101
#4  0x00007fda1d3d1b3b in _cairo_scaled_glyph_page_destroy
(scaled_font=<optimized out>, page=<optimized out>) at cairo-scaled-font.c:456
#5  0x00007fda1d3d3c5b in _cairo_scaled_font_free_last_glyph
(scaled_glyph=0x563abcfc6ba0, scaled_font=0x563abcfc6800) at
cairo-scaled-font.c:2940
#6  _cairo_scaled_glyph_lookup (scaled_font=scaled_font at entry=0x563abcfc6800,
index=<optimized out>, info=info at entry=CAIRO_SCALED_GLYPH_INFO_PATH, 
    scaled_glyph_ret=scaled_glyph_ret at entry=0x7ffe70c85aa8) at
cairo-scaled-font.c:3013
#7  0x00007fda1d3d522f in _cairo_scaled_font_glyph_path
(scaled_font=0x563abcfc6800, glyphs=glyphs at entry=0x7ffe70c85b10,
num_glyphs=<optimized out>, path=path at entry=0x563abcb50b68)
    at cairo-scaled-font.c:2656
#8  0x00007fda1d39bba4 in _cairo_gstate_glyph_path (gstate=0x563abcb50830,
glyphs=0x7ffe70c86350, num_glyphs=<optimized out>, path=0x563abcb50b68) at
cairo-gstate.c:2144
#9  0x00007fda1d38dc62 in cairo_glyph_path (cr=0x563abcb50800,
glyphs=<optimized out>, num_glyphs=<optimized out>) at cairo.c:3865
#10 0x00007fda1bb85aa9 in WebCore::CairoGlyphToPathTranslator::path() () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#11 0x00007fda1bb8676f in
WebCore::FontCascade::dashesForIntersectionsWithRect(WebCore::TextRun const&,
WebCore::FloatPoint const&, WebCore::FloatRect const&) const ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#12 0x00007fda1ba3a345 in
WebCore::drawSkipInkUnderline(WebCore::GraphicsContext&, WebCore::FontCascade
const&, WebCore::TextRun const&, WebCore::FloatPoint const&,
WebCore::FloatPoint const&, float, float, bool, bool, WebCore::StrokeStyle) ()
from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#13 0x00007fda1ba3b651 in
WebCore::TextDecorationPainter::paintTextDecoration(WebCore::TextRun const&,
WebCore::FloatPoint const&, WebCore::FloatPoint const&) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#14 0x00007fda1b88128d in
WebCore::InlineTextBox::paintDecoration(WebCore::GraphicsContext&,
WebCore::FontCascade const&, WebCore::RenderCombineText*, WebCore::TextRun
const&, WebCore::FloatPoint const&, WebCore::FloatRect const&,
WebCore::TextDecoration, WebCore::TextPaintStyle, WebCore::ShadowData const*,
WebCore::FloatRect const&) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#15 0x00007fda1b886f39 in WebCore::InlineTextBox::paint(WebCore::PaintInfo&,
WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#16 0x00007fda1b87ea21 in WebCore::InlineFlowBox::paint(WebCore::PaintInfo&,
WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#17 0x00007fda1ba25d34 in WebCore::RootInlineBox::paint(WebCore::PaintInfo&,
WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#18 0x00007fda1b980f15 in
WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*,
WebCore::PaintInfo&, WebCore::LayoutPoint const&) const ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#19 0x00007fda1b88ca17 in
WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint
const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#20 0x00007fda1b899d94 in
WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint
const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#21 0x00007fda1b889b18 in WebCore::RenderBlock::paint(WebCore::PaintInfo&,
WebCore::LayoutPoint const&) () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#22 0x00007fda1b9e4e7c in
WebCore::RenderTableSection::paintCell(WebCore::RenderTableCell*,
WebCore::PaintInfo&, WebCore::LayoutPoint const&) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#23 0x00007fda1b9e51f8 in
WebCore::RenderTableSection::paintObject(WebCore::PaintInfo&,
WebCore::LayoutPoint const&) () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#24 0x00007fda1b9e5ce1 in
WebCore::RenderTableSection::paint(WebCore::PaintInfo&, WebCore::LayoutPoint
const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#25 0x00007fda1b9cd97c in
WebCore::RenderTable::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint
const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#26 0x00007fda1b9cdbcb in WebCore::RenderTable::paint(WebCore::PaintInfo&,
WebCore::LayoutPoint const&) () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#27 0x00007fda1b88cb05 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&,
WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool,
WebCore::RenderBlock::PaintBlockType) () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#28 0x00007fda1b88ceb6 in
WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint
const&, WebCore::PaintInfo&, bool) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#29 0x00007fda1b88ca04 in
WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint
const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#30 0x00007fda1b899d94 in
WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint
const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
---Type <return> to continue, or q <return> to quit---
#31 0x00007fda1b889b18 in WebCore::RenderBlock::paint(WebCore::PaintInfo&,
WebCore::LayoutPoint const&) () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#32 0x00007fda1b88cb05 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&,
WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool,
WebCore::RenderBlock::PaintBlockType) () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#33 0x00007fda1b88ceb6 in
WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint
const&, WebCore::PaintInfo&, bool) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#34 0x00007fda1b88ca04 in
WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint
const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#35 0x00007fda1b899d94 in
WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint
const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#36 0x00007fda1b889b18 in WebCore::RenderBlock::paint(WebCore::PaintInfo&,
WebCore::LayoutPoint const&) () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#37 0x00007fda1b88cb05 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&,
WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool,
WebCore::RenderBlock::PaintBlockType) () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#38 0x00007fda1b88ceb6 in
WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint
const&, WebCore::PaintInfo&, bool) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#39 0x00007fda1b88ca04 in
WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint
const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#40 0x00007fda1b899d94 in
WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint
const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#41 0x00007fda1b889b18 in WebCore::RenderBlock::paint(WebCore::PaintInfo&,
WebCore::LayoutPoint const&) () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#42 0x00007fda1b94d8cb in
WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase,
WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&,
WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&,
unsigned int, WebCore::RenderObject*) () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#43 0x00007fda1b95305c in
WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment,
1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&,
WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool,
WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int,
WebCore::RenderObject*) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#44 0x00007fda1b961c6c in
WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&,
WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#45 0x00007fda1b962b32 in
WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&,
WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#46 0x00007fda1b963620 in
WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul,
WTF::CrashOnOverflow, 16ul>*, WebCore::GraphicsContext&,
WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#47 0x00007fda1b961424 in
WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&,
WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#48 0x00007fda1b962b32 in
WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&,
WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#49 0x00007fda1b962dfc in
WebCore::RenderLayer::paint(WebCore::GraphicsContext&, WebCore::LayoutRect
const&, WebCore::LayoutSize const&, unsigned int, WebCore::RenderObject*,
unsigned int, WebCore::RenderLayer::SecurityOriginPaintPolicy) () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#50 0x00007fda1b6ca361 in
WebCore::FrameView::paintContents(WebCore::GraphicsContext&, WebCore::IntRect
const&, WebCore::Widget::SecurityOriginPaintPolicy) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#51 0x00007fda1b7751a2 in WebCore::ScrollView::paint(WebCore::GraphicsContext&,
WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy) ()
   from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#52 0x00007fda1af13140 in WebKit::WebPage::drawRect(WebCore::GraphicsContext&,
WebCore::IntRect const&) () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#53 0x00007fda1b0a344f in WebKit::DrawingAreaImpl::display(WebKit::UpdateInfo&)
() from /home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#54 0x00007fda1b0a5168 in WebKit::DrawingAreaImpl::display() () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37
#55 0x00007fda17e85d5a in
WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*)
() from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.0.so.18
#56 0x00007fda133695aa in g_main_dispatch (context=0x563abc9e5f10) at
gmain.c:3234
#57 g_main_context_dispatch (context=context at entry=0x563abc9e5f10) at
gmain.c:3899
#58 0x00007fda13369928 in g_main_context_iterate (context=0x563abc9e5f10,
block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at
gmain.c:3972
#59 0x00007fda13369c42 in g_main_loop_run (loop=0x563abca27790) at gmain.c:4168
#60 0x00007fda17e86118 in WTF::RunLoop::run() () from
/home/cgarcia/gnome/lib/libjavascriptcoregtk-4.0.so.18
#61 0x00007fda1b0aaa80 in WebProcessMainUnix () from
/home/cgarcia/gnome/lib/libwebkit2gtk-4.0.so.37

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20171018/25492bb0/attachment-0001.html>

More information about the cairo-bugs mailing list