[cairo] crash with pixman-0.17.4

Yogish Kulkarni yogish.kulkarni at azingo.com
Sat Jan 23 02:58:25 PST 2010 

I am using Xorg Version: 1.5.3 with 16bpp, crash is observed while
runing GTK app.

I tried pixman-0.17.4 with disabling neon & simd, now it crashes in
fetch_scanline_r5g6b5 function while reading a pixel from source image.
I have attached GDB trace and register dump. Since crash is while
reading some memory location, now I am thinking there might be bug in X
version I am using or in the app itself.

Previously I mentioned that if 6bd17f1e9861693262fa88bfeff5d3279b3f6e7d
& c7b84f8b043018368fade4ad13730cfcaaf5c8cc commits are reverted from
pixman-0.17.4 no crash is observed. I have attached gdb trace for this
situation too. But it seems that in this case control never reaches to
fetch_scanline_r5g6b5, as _pixman_walk_composite_region() -->
pixman_compute_composite_region32() evaluates to false and hence do not
take walk_region_internal() path leading to fetch_scanline_r5g6b5.

-- Yogish

On Fri, 2010-01-22 at 16:47 +0200, Siarhei Siamashka wrote:
> On Friday 22 January 2010, Yogish Kulkarni wrote:
> > I got crash in neon_composite_src_0565_8888 with latest pixman version.
> > I have done some analysis,
> >
> > [1] No crash before commit 6bd17f1e9861693262fa88bfeff5d3279b3f6e7d
> > [2] If reverted commits 6bd17f1e9861693262fa88bfeff5d3279b3f6e7d &
> > c7b84f8b043018368fade4ad13730cfcaaf5c8cc from pixman-0.17.4 NO crash
> >
> > I guess this crash is related to pixman out of bound work around.
> > Anyone has clue ?
> 
> Thanks for reporting the problem. Out of bound workaround was added
> quite a long time ago, that's why it's a bit surprising to see this
> problem showing up only now.
> 
> Just because NEON optimization for this particular function (16bpp to 32bpp
> color format conversion) was added only in pixman-0.17.4, could you also try
> downgrading to pixman-0.17.2 to see if it changes anything?
> 
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x4019dbdc in pixman_composite_src_0565_8888_asm_neon () at
> > pixman-arm-neon-asm.h:565
> > 565 */
> > Current language:  auto; currently asm
> > (gdb) bt
> > #0  0x4019dbdc in pixman_composite_src_0565_8888_asm_neon () at
> > pixman-arm-neon-asm.h:565
> > #1  0x4019ca70 in neon_composite_src_0565_8888 (imp=<value optimized
> > out>, op=<value optimized out>, src_image=0x247538, mask_image=<value
> > optimized out>, dst_image=0x2475f8,
> >     src_x=108, src_y=930, mask_x=0, mask_y=0, dest_x=0, dest_y=0,
> > width=263, height=74) at pixman-arm-neon.c:257
> > #2  0x40196d9c in walk_region_internal (imp=0x15ad40, op=PIXMAN_OP_SRC,
> > src_image=0x247538, mask_image=0x0, dst_image=0x2475f8, src_x=108,
> > src_y=930, mask_x=0, mask_y=0,
> >     dest_x=0, dest_y=0, width=263, height=74, src_repeat=0,
> > mask_repeat=0, region=0xbe8ac234, composite_rect=0x4019ca0c
> > <neon_composite_src_0565_8888>) at pixman-utils.c:444
> [snip]
> 
> If out of bound workaround was at fault, I would expect the bug to be
> rather 'crossplatform', but apparently it was caught on ARM.
> 
> Could you please provide some more details about the steps needed to
> reproduce the problem? What version of xserver do you have, what is the
> desktop color depth (is it 32bpp?), screen resolution, what application are 
> you running before crash and what are you trying to do with it.
> 
> If the crash turns out to be hard to reproduce, additionally the output
> of 'info registers' and 'disassemble' (the snippet of code which includes
> the address from PC register) gdb commands would be helpful.
> 
> -- 
> Best regards,
> Siarhei Siamashka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gdb.log
Type: text/x-log
Size: 15926 bytes
Desc: not available
Url : http://lists.cairographics.org/archives/cairo/attachments/20100123/26058d6f/attachment-0003.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: regdump.log
Type: text/x-log
Size: 5188 bytes
Desc: not available
Url : http://lists.cairographics.org/archives/cairo/attachments/20100123/26058d6f/attachment-0004.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gdb-nocrash.log
Type: text/x-log
Size: 11398 bytes
Desc: not available
Url : http://lists.cairographics.org/archives/cairo/attachments/20100123/26058d6f/attachment-0005.bin

More information about the cairo mailing list