Segfault in pixman_composite_src_8888_8888_asm_neon
Submitted by joh..@..ok.com
Assigned to Oded Gabbay
Link to original bug (#100299)
Description
Using pixman-0.34.0 with cairo-1.14.6 on an RPi3, both compiled with "-march=armv6zk -mtune=arm1176jzf-s -mfpu=vfp".
Using the fifth web browser, if the page-down key is used until the bottom of the displayed page is reached, it will crash with:
Thread 1 "fifth" received signal SIGSEGV, Segmentation fault. 0x745fde9c in pixman_composite_src_8888_8888_asm_neon () at pixman-arm-neon-asm.S:1169 1169 generate_composite_function \
(gdb) bt
#0 0x745fde9c in pixman_composite_src_8888_8888_asm_neon () at pixman-arm-neon-asm.S:1169
#1 0x745c7640 in neon_composite_src_8888_8888 (imp=0xc0f0a0, info=0x7eff86c0) at pixman-arm-neon.c:37
#2 0x743a4cf8 in pixman_image_composite32 (op=PIXMAN_OP_SRC, src=0xd013e0, mask=0x0, dest=0xd16f98, src_x=0, src_y=0,
mask_x=0, mask_y=0, dest_x=0, dest_y=0, width=561, height=33) at pixman.c:700
#3 0x74e1d6d0 in composite_boxes (_dst=0xd43c60, op=CAIRO_OPERATOR_SOURCE, abstract_src=0xd1ea58, abstract_mask=0x0,
src_x=0, src_y=0, mask_x=0, mask_y=0, dst_x=0, dst_y=0, boxes=0x7eff9020, extents=0x7eff92b8)
at cairo-image-compositor.c:538
#4 0x74e754cc in composite_aligned_boxes (compositor=0x74f40bec <spans>, extents=0x7eff9280, boxes=0x7eff9020)
at cairo-spans-compositor.c:683
#5 0x74e75d40 in clip_and_composite_boxes (compositor=0x74f40bec <spans>, extents=0x7eff9280, boxes=0x7eff9020)
at cairo-spans-compositor.c:882
#6 0x74e76008 in _cairo_spans_compositor_paint (_compositor=0x74f40bec <spans>, extents=0x7eff9280)
at cairo-spans-compositor.c:983
#7 0x74e0bb8c in _cairo_compositor_paint (compositor=0x74f40bec <spans>, surface=0xd43c60, op=CAIRO_OPERATOR_SOURCE,
source=0x7eff9600, clip=0x0) at cairo-compositor.c:65
#8 0x74e29374 in _cairo_image_surface_paint (abstract_surface=0xd43c60, op=CAIRO_OPERATOR_SOURCE, source=0x7eff9600,
clip=0x0) at cairo-image-surface.c:927
#9 0x74e7c2a8 in _cairo_surface_paint (surface=0xd43c60, op=CAIRO_OPERATOR_SOURCE, source=0x7eff9600, clip=0x0)
at cairo-surface.c:2117
#10 0x74ec6dd0 in surface_source (dst=0xcc7f50, pattern=0x7eff9ff8, is_mask=0, extents=0x7eff9fb0, sample=0x7eff9fd4,
src_x=0x7eff9734, src_y=0x7eff9730) at cairo-xlib-source.c:1039
#11 0x74ec72b4 in _cairo_xlib_source_create_for_pattern (_dst=0xcc7f50, pattern=0x7eff9ff8, is_mask=0, extents=0x7eff9fb0,
sample=0x7eff9fd4, src_x=0x7eff9734, src_y=0x7eff9730) at cairo-xlib-source.c:1152
#12 0x74e997d4 in composite_aligned_boxes (compositor=0x74f41414 <compositor>, extents=0x7eff9f78, boxes=0x7eff9b90)
at cairo-traps-compositor.c:1292
#13 0x74e9abe8 in clip_and_composite_boxes (compositor=0x74f41414 <compositor>, extents=0x7eff9f78, boxes=0x7eff9b90)
at cairo-traps-compositor.c:1792
#14 0x74e9b9d0 in _cairo_traps_compositor_fill (_compositor=0x74f41414 <compositor>, extents=0x7eff9f78, path=0xcc518c,
fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT)
at cairo-traps-compositor.c:2237
#15 0x74e0bf28 in _cairo_compositor_fill (compositor=0x74f41414 <compositor>, surface=0xcc7f50, op=CAIRO_OPERATOR_OVER,
source=0x7effa2c8, path=0xcc518c, fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001,
antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0xcc4838) at cairo-compositor.c:203
#16 0x74ecb018 in _cairo_xlib_surface_fill (_surface=0xcc7f50, op=CAIRO_OPERATOR_OVER, source=0x7effa2c8, path=0xcc518c,
fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0xcc4838)
at cairo-xlib-surface.c:1646
#17 0x74e7caa0 in _cairo_surface_fill (surface=0xcc7f50, op=CAIRO_OPERATOR_OVER, source=0x7effa2c8, path=0xcc518c,
fill_rule=CAIRO_FILL_RULE_WINDING, tolerance=0.10000000000000001, antialias=CAIRO_ANTIALIAS_DEFAULT, clip=0xcc4838)
at cairo-surface.c:2341
#18 0x74e17fa4 in _cairo_gstate_fill (gstate=0xd1e440, path=0xcc518c) at cairo-gstate.c:1317
#19 0x74e10680 in _cairo_default_context_fill (abstract_cr=0xcc4ea8) at cairo-default-context.c:1055
#20 0x74e03250 in cairo_fill (cr=0xcc4ea8) at cairo.c:2205
#21 0x0060a130 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Version: 0.34.x