[cairo] Access violation in SSE2 pixman code?

Damian Frank damian.frank at gmail.com
Thu Oct 2 14:58:54 PDT 2008


I've found what may be a bug in the SSE2 code in pixman, although I
don't have much good information on reproduction.  It happens in a
fairly complex application when drawing to a fairly large (~1900x1100)
image surface.  The application will have created, used, and discarded
many surfaces by the time the bug occurs, although it is 100%
reproducible in a specific case.

Disabling SSE2 when building pixman seems to make the bug go away.
Note that I do not seem to see this bug on Linux, only on Windows.

I'm using the 1.8.0 release of cairo against the current git version of pixman.


The exception reported by the debugger is:

First-chance exception at 0x01a6ff08 (curl-gfx-internal-cairo.dll) in
curl-builder-aca.exe: 0xC0000005: Access violation reading location
0xffffffff.

The call stack looks like this:

gfx-internal-cairo.dll!coreCombineAddUsse2
gfx-internal-cairo.dll!sse2CombineAddU
gfx-internal-cairo.dll!pixman_composite_rect_general_no_accessors
gfx-internal-cairo.dll!pixman_composite_rect_general
gfx-internal-cairo.dll!pixman_image_composite_rect
gfx-internal-cairo.dll!pixman_walk_composite_region
gfx-internal-cairo.dll!pixman_image_composite
gfx-internal-cairo.dll!_cairo_image_surface_composite
gfx-internal-cairo.dll!_cairo_surface_composite
gfx-internal-cairo.dll!_cairo_surface_fallback_composite
gfx-internal-cairo.dll!_cairo_surface_composite
gfx-internal-cairo.dll!_clip_and_composite_source
gfx-internal-cairo.dll!_clip_and_composite
gfx-internal-cairo.dll!_clip_and_composite_trapezoids
gfx-internal-cairo.dll!_cairo_surface_fallback_fill
gfx-internal-cairo.dll!_cairo_surface_fill
gfx-internal-cairo.dll!_cairo_gstate_fill
gfx-internal-cairo.dll!cairo_fill_preserve
gfx-internal-cairo.dll!cairo_fill
<non-cairo frames>


Or, the full call stack from MSVC with arguments:

gfx-internal-cairo.dll!coreCombineAddUsse2(unsigned int *
dst=0x04fbfa28, const unsigned int * src=0x00d566c8, int width=99)
Line 1144 + 0x10 C
gfx-internal-cairo.dll!sse2CombineAddU(unsigned int * dst=0x04fbfa28,
const unsigned int * src=0x00d566c8, int width=99)  Line 2207 + 0x11 C
gfx-internal-cairo.dll!pixman_composite_rect_general_no_accessors(const
_FbComposeData * data=0x00d5c6ec, void * src_buffer=0x00d566c8, void *
mask_buffer=0x00d56854, void * dest_buffer=0x00d569e0, const int
wide=0)  Line 538 + 0x37 C
gfx-internal-cairo.dll!pixman_composite_rect_general(const
_FbComposeData * data=0x00d5c6ec)  Line 589 + 0x22 C
gfx-internal-cairo.dll!pixman_image_composite_rect(pixman_op_t
op=PIXMAN_OP_ADD, pixman_image * src=0x031002f0, pixman_image *
mask=0x03101ba0, pixman_image * dest=0x0032ae30, short src_x=10, short
src_y=691, short mask_x=0, short mask_y=0, short dest_x=10, short
dest_y=691, unsigned short width=99, unsigned short height=20)  Line
1338 + 0x9 C
gfx-internal-cairo.dll!pixman_walk_composite_region(pixman_op_t
op=PIXMAN_OP_ADD, pixman_image * pSrc=0x031002f0, pixman_image *
pMask=0x03101ba0, pixman_image * pDst=0x0032ae30, short xSrc=10, short
ySrc=691, short xMask=0, short yMask=0, short xDst=10, short yDst=691,
unsigned short width=99, unsigned short height=20, int srcRepeat=0,
int maskRepeat=0, void (pixman_op_t, pixman_image *, pixman_image *,
pixman_image *, short, short, short, short, short, short, unsigned
short, unsigned short)* compositeRect=0x01a5afc0)  Line 1290 + 0x3b C
gfx-internal-cairo.dll!pixman_image_composite(pixman_op_t
op=PIXMAN_OP_ADD, pixman_image * pSrc=0x031002f0, pixman_image *
pMask=0x03101ba0, pixman_image * pDst=0x0032ae30, short xSrc=10, short
ySrc=691, short xMask=0, short yMask=0, short xDst=10, short yDst=691,
unsigned short width=99, unsigned short height=20)  Line 1968 + 0x49 C
gfx-internal-cairo.dll!_cairo_image_surface_composite(_cairo_operator
op=CAIRO_OPERATOR_ADD, _cairo_pattern * src_pattern=0x031003b8,
_cairo_pattern * mask_pattern=0x00d5ca08, void *
abstract_dst=0x00327990, int src_x=10, int src_y=691, int mask_x=0,
int mask_y=0, int dst_x=10, int dst_y=691, unsigned int width=99,
unsigned int height=20)  Line 978 + 0x60 C
gfx-internal-cairo.dll!_cairo_surface_composite(_cairo_operator
op=CAIRO_OPERATOR_ADD, _cairo_pattern * src=0x031003b8, _cairo_pattern
* mask=0x00d5ca08, _cairo_surface * dst=0x00327990, int src_x=10, int
src_y=691, int mask_x=0, int mask_y=0, int dst_x=10, int dst_y=691,
unsigned int width=99, unsigned int height=20)  Line 1279 + 0x38 C
gfx-internal-cairo.dll!_cairo_surface_fallback_composite(_cairo_operator
op=CAIRO_OPERATOR_ADD, _cairo_pattern * src=0x031003b8, _cairo_pattern
* mask=0x00d5ca08, _cairo_surface * dst=0x00327768, int src_x=10, int
src_y=691, int mask_x=0, int mask_y=0, int dst_x=10, int dst_y=691,
unsigned int width=99, unsigned int height=20)  Line 1108 + 0x3b C
gfx-internal-cairo.dll!_cairo_surface_composite(_cairo_operator
op=CAIRO_OPERATOR_ADD, _cairo_pattern * src=0x031003b8, _cairo_pattern
* mask=0x00d5ca08, _cairo_surface * dst=0x00327768, int src_x=10, int
src_y=691, int mask_x=0, int mask_y=0, int dst_x=10, int dst_y=691,
unsigned int width=99, unsigned int height=20)  Line 1290 + 0x35 C
gfx-internal-cairo.dll!_clip_and_composite_source(_cairo_clip *
clip=0x03101988, _cairo_pattern * src=0x031003b8, _cairo_status (void
*, _cairo_operator, _cairo_pattern *, _cairo_surface *, int, int,
const _cairo_rectangle_int32 *)* draw_func=0x01a5ea50, void *
draw_closure=0x00d5cb78, _cairo_surface * dst=0x00327768, const
_cairo_rectangle_int32 * extents=0x00d5cb80)  Line 318 + 0x3f C
gfx-internal-cairo.dll!_clip_and_composite(_cairo_clip *
clip=0x03101988, _cairo_operator op=CAIRO_OPERATOR_SOURCE,
_cairo_pattern * src=0x031003b8, _cairo_status (void *,
_cairo_operator, _cairo_pattern *, _cairo_surface *, int, int, const
_cairo_rectangle_int32 *)* draw_func=0x01a5ea50, void *
draw_closure=0x00d5cb78, _cairo_surface * dst=0x00327768, const
_cairo_rectangle_int32 * extents=0x00d5cb80)  Line 381 + 0x1d C
gfx-internal-cairo.dll!_clip_and_composite_trapezoids(_cairo_pattern *
src=0x031003b8, _cairo_operator op=CAIRO_OPERATOR_SOURCE,
_cairo_surface * dst=0x00327768, _cairo_traps * traps=0x00d5cc18,
_cairo_clip * clip=0x03101988, _cairo_antialias
antialias=CAIRO_ANTIALIAS_GRAY)  Line 662 + 0x22 C
gfx-internal-cairo.dll!_cairo_surface_fallback_fill(_cairo_surface *
surface=0x00327768, _cairo_operator op=CAIRO_OPERATOR_SOURCE,
_cairo_pattern * source=0x031003b8, _cairo_path_fixed *
path=0x00327ed4, _cairo_fill_rule fill_rule=CAIRO_FILL_RULE_EVEN_ODD,
double tolerance=0.10000000000000001, _cairo_antialias
antialias=CAIRO_ANTIALIAS_GRAY)  Line 901 + 0x23 C
gfx-internal-cairo.dll!_cairo_surface_fill(_cairo_surface *
surface=0x00327768, _cairo_operator op=CAIRO_OPERATOR_SOURCE,
_cairo_pattern * source=0x00d5ccd4, _cairo_path_fixed *
path=0x00327ed4, _cairo_fill_rule fill_rule=CAIRO_FILL_RULE_EVEN_ODD,
double tolerance=0.10000000000000001, _cairo_antialias
antialias=CAIRO_ANTIALIAS_GRAY)  Line 1673 + 0x26 C
gfx-internal-cairo.dll!_cairo_gstate_fill(_cairo_gstate *
gstate=0x031018f8, _cairo_path_fixed * path=0x00327ed4)  Line 1006 +
0x3a C
gfx-internal-cairo.dll!cairo_fill_preserve(_cairo * cr=0x00327d40)
Line 2155 + 0x16 C
gfx-internal-cairo.dll!cairo_fill(_cairo * cr=0x00327d40)  Line 2131 + 0x9 C

<non-cairo frames>


More information about the cairo mailing list