33071 – [Cairo] crash of cairo on Path::strokeBoundingBox

Bug 33071 - [Cairo] crash of cairo on Path::strokeBoundingBox

Summary: [Cairo] crash of cairo on Path::strokeBoundingBox

Status:	RESOLVED WONTFIX

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	525.x (Safari 3.1)
Hardware:	PC OS X 10.5

Importance:	P2 Normal
Assignee:	Nobody

URL:	http://www.geofoto.ch/geophotomap/
Keywords:

Depends on:
Blocks:

Reported:	2009-12-30 23:53 PST by Dirk Schulze
Modified:	2010-01-01 11:33 PST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dirk Schulze 2009-12-30 23:53:40 PST

After calling the link above, webkit crashes.

BT:
#0  0x002d6422 in __kernel_vsyscall ()
#1  0x019394d1 in raise () from /lib/tls/i686/cmov/libc.so.6
#2  0x0193c932 in abort () from /lib/tls/i686/cmov/libc.so.6
#3  0x0196fee5 in ?? () from /lib/tls/i686/cmov/libc.so.6
#4  0x01979ff1 in ?? () from /lib/tls/i686/cmov/libc.so.6
#5  0x0197b6f2 in ?? () from /lib/tls/i686/cmov/libc.so.6
#6  0x0197e79d in free () from /lib/tls/i686/cmov/libc.so.6
#7  0x00577c22 in _tessellate_fan (stroker=<value optimized out>, 
    in_vector=<value optimized out>, out_vector=0xbfffd4d0, midpt=0xbfffd538, 
    inpt=0xbfffd540, outpt=0xbfffd530, clockwise=0) at cairo-path-stroke.c:392
#8  0x00577f12 in _cairo_stroker_add_cap (stroker=0xbfffd65c, 
    f=<value optimized out>) at cairo-path-stroke.c:675
#9  0x00577faf in _cairo_stroker_add_leading_cap (stroker=0x0, 
    face=<value optimized out>) at cairo-path-stroke.c:756
#10 0x00578115 in _cairo_stroker_add_caps (stroker=0xbfffd65c)
    at cairo-path-stroke.c:893
#11 0x005788df in _cairo_path_fixed_stroke_to_polygon (path=0x83a4104, 
    stroke_style=0x83a3ea8, ctm=0x83a3f34, ctm_inverse=0x83a3f64, 
    tolerance=0.10000000000000001, polygon=0xbfffdad0)
    at cairo-path-stroke.c:1387
#12 0x00578a22 in _cairo_path_fixed_stroke_to_traps (path=0x83a4104, 
    stroke_style=0x83a3ea8, ctm=0x83a3f34, ctm_inverse=0x83a3f64, 
    tolerance=0.10000000000000001, traps=0xbfffdef4)
---Type <return> to continue, or q <return> to quit---
    at cairo-path-stroke.c:1423
#13 0x00568471 in _cairo_gstate_stroke_extents (gstate=0x83a3e98, 
    path=0x83a4104, x1=0xbfffe240, y1=0xbfffe230, x2=0xbfffe238, y2=0xbfffe228)
    at cairo-gstate.c:1303
#14 0x0055eccd in cairo_stroke_extents (cr=0x83a3e78, x1=0xbfffe240, y1=0x6, 
    x2=0x53fd, y2=0xbfffe228) at cairo.c:2434
#15 0x010536c0 in WebCore::Path::strokeBoundingRect(WebCore::StrokeStyleApplier*) ()


It's a release build but the relevant code is maybe in Cairo.

Comment 1 Benjamin Otte 2010-01-01 10:39:22 PST

http://cgit.freedesktop.org/cairo/commit/?id=3ae9d04c6ddd311ffab91170fb9342e37c5530a8 fixes this.

Feel free to close as FIXED or NOTOURBUG.

Comment 2 Dirk Schulze 2010-01-01 11:33:47 PST

(In reply to comment #1)
> http://cgit.freedesktop.org/cairo/commit/?id=3ae9d04c6ddd311ffab91170fb9342e37c5530a8
> fixes this.
> 
> Feel free to close as FIXED or NOTOURBUG.

Thank you Benjamin