283220 – x11-libs/pixman-0.15.20 segfaults when fixefox is used

Bug 283220 - x11-libs/pixman-0.15.20 segfaults when fixefox is used

Summary: x11-libs/pixman-0.15.20 segfaults when fixefox is used

Status:	RESOLVED DUPLICATE of bug 270120

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo X packagers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2009-08-30 08:23 UTC by Andrew Savchenko
Modified:	2009-09-08 17:06 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Savchenko gentoo-dev

2009-08-30 08:23:32 UTC

Hello, I suffer occasional firefox segfaults (currently 3.5.2-r1 is in use, but it happens with lower versions within 3.x branch too).

gdb shows that segfault occurs in libpixman, so I recompiled pixman with -g in CFLAGS and FEATURES="splitdebug". Here is the result:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7d106e0 (LWP 32546)]
fast_path_fill (imp=0xaf3e5000, bits=0xab10d000, stride=30, bpp=8, x=20, y=20, width=77, height=20, xor=255) at pixman-fast-path.c:1344
1344    pixman-fast-path.c: No such file or directory.
        in pixman-fast-path.c
(gdb) bt
#0  fast_path_fill (imp=0xaf3e5000, bits=0xab10d000, stride=30, bpp=8, x=20, y=20, width=77, height=20, xor=255) at pixman-fast-path.c:1344
#1  0xb5f71ddd in _pixman_implementation_fill (imp=0xaf3e5000, bits=0xab10d000, stride=30, bpp=8, x=20, y=20, width=77, height=20, xor=255)
    at pixman-implementation.c:266
#2  0xb5fa99b0 in mmx_fill (imp=0xaf3e5800, bits=0xab10d000, stride=30, bpp=8, x=20, y=20, width=77, height=20, xor=255)
    at pixman-mmx.c:3374
#3  0xb5f71ddd in _pixman_implementation_fill (imp=0xaf3e5800, bits=0xab10d000, stride=30, bpp=8, x=20, y=20, width=77, height=20, xor=255)
    at pixman-implementation.c:266
#4  0xb5f9b891 in pixman_fill (bits=0xab10d000, stride=30, bpp=8, x=20, y=20, width=77, height=20, xor=255) at pixman.c:256
#5  0xb5f9c000 in pixman_image_fill_rectangles (op=PIXMAN_OP_OVER, dest=0xabb24a40, color=0xbf8dd78c, n_rects=4, rects=0xbf8dcf8c)
    at pixman.c:376
#6  0xb68f0bab in ?? () from /usr/lib/libcairo.so.2
#7  0x00000003 in ?? ()
#8  0xabb24a40 in ?? ()
#9  0xbf8dd78c in ?? ()
#10 0x00000004 in ?? ()
#11 0xbf8dcf8c in ?? ()
#12 0xbf8dcfa4 in ?? ()
#13 0x00000001 in ?? ()
#14 0xb69009e6 in ?? () from /usr/lib/libcairo.so.2
#15 0xbf8de198 in ?? ()
#16 0xbf8dcfa4 in ?? ()
#17 0x00140014 in ?? ()
#18 0x0014004d in ?? ()
#19 0x00280014 in ?? ()
#20 0x00140014 in ?? ()
#21 0x0028004c in ?? ()
#22 0x00140015 in ?? ()
#23 0x003c0014 in ?? ()
#24 0x0014004d in ?? ()
#25 0x0000049b in ?? ()
#26 0xb6955ff4 in ?? () from /usr/lib/libcairo.so.2
#27 0x00000000 in ?? ()

And, as usual:
$ emerge --info
Portage 2.2_rc39 (default/linux/x86/2008.0, gcc-4.4.1, glibc-2.10.1-r0, 2.6.29.2-yoruichi i686)
=================================================================
System uname: Linux-2.6.29.2-yoruichi-i686-AMD_Athlon-tm-_XP_3200+-with-gentoo-2.0.1
Timestamp of tree: Sat, 22 Aug 2009 18:45:01 +0000
distcc 3.1 i686-pc-linux-gnu [disabled]
ccache version 2.4 [enabled]
app-shells/bash:     4.0_p28
dev-java/java-config: 2.1.8-r1
dev-lang/python:     2.6.2-r1, 3.1.1
dev-python/pycrypto: 2.0.1-r8
dev-util/ccache:     2.4-r8
dev-util/cmake:      2.6.4-r2
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.4.3-r3
sys-apps/sandbox:    2.0
sys-devel/autoconf:  2.13, 2.63-r1
sys-devel/automake:  1.4_p6, 1.6.3, 1.8.5-r3, 1.9.6-r2, 1.10.2, 1.11
sys-devel/binutils:  2.19.51.0.14
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.29
ACCEPT_KEYWORDS="x86 ~x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=athlon-xp -m32 --param l1-cache-line-size=64 --param l1-cache-size=64 --param l2-cache-size=512 -O2 -funswitch-loops -fpredictive-commoning -fgcse-after-reload -ftree-vectorize -fomit-frame-pointer -mfpmath=sse -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/bind /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=athlon-xp -m32 --param l1-cache-line-size=64 --param l1-cache-size=64 --param l2-cache-size=512 -O2 -funswitch-loops -fpredictive-commoning -fgcse-after-reload -ftree-vectorize -fomit-frame-pointer -mfpmath=sse -pipe"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps y"
FEATURES="assume-digests ccache collision-protect distlocks fixpackages parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch userpriv usersandbox"
FFLAGS="-march=athlon-xp -m32 --param l1-cache-line-size=64 --param l1-cache-size=64 --param l2-cache-size=512 -O2 -funswitch-loops -fpredictive-commoning -fgcse-after-reload -ftree-vectorize -fomit-frame-pointer -mfpmath=sse -pipe"
GENTOO_MIRRORS=" ftp://orionis/distributions/1Linux/gentoo/portage ftp://ftp.chg.ru/pub/Linux/gentoo http://mirror.yandex.ru/gentoo-distfiles  ftp://ftp.corbina.net/pub/Linux/gentoo http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo http://mirror.netcologne.de/gentoo"
LANG="en_US.UTF-8"
LC_ALL=""
LDFLAGS="-Wl,-O1"
LINGUAS="ru en ja"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage/layman/science /usr/local/portage/layman/java-overlay /usr/local/portage/layman/sunrise /usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="3dnow X a52 aac aalib acl acpi adns afs aften aim alsa amr amrnb amrwb ao audiofile bash-completion bcmath bidi binfilter blas bluetooth branding bzip2 cairo calendar canna caps ccache cddb cdinstall cdparanoia cdr chasen cjk cleartype cli clisp colordiff cracklib crypt cscope css ctype cups curl curlwrappers cvs cxx cyrillic dbus device-mapper dga dia dirac directfb djvu dmx doc dri dts dv dvd dvdr dvdread dvi editor elf encode enscript ermt examples exif expat faac faad fbcon festival ffmpeg fftw firefox flac fontconfig foomaticdb fortran fpx freetds freetype ftp gcj gcrypt gd gdbm geoip ggi gif gimp ginac git glibc-omitfp glitz glut gmp gnuplot gnutls gpgme gphoto2 gpm gps graphviz gs gsl gsm gtk gucharmap h224 h281 h323 hdf5 hdri iconv icq icu id3tag idn imagemagick imap imlib immqt-bc inkjar ipod iproute2 ipv6 isdnlog jabber jack jadetex java6 javascript jbig jingle jpeg jpeg2k kdehiddenvisibility kerberos keyscrub kpathsea kqemu ladspa lame lapack lash latex lcms libcaca libnotify libsamplerate libwww lm_sensors logrotate lzo mad maildir mailwrapper matroska mbox md5sum mhash mikmod mime mjpeg mmap mmx mng modplug mp3 mpeg mplayer mppe-mppc msn mudflap musepack musicbrainz mysql mysqli nas ncurses netcdf network network-cron nls nntp nocd nodrm nptlonly nsplugin nuv objc objc++ offensive ogg openal openexr opengl oscar otr pam pango pcntl pcre pda pdf perl pgf plotutils png pop portaudio posix postproc postscript ppds pppd pronounce pstricks qt3 qt3support qt4 quicktime raw rdesktop readline recode reflection restrict-javascript rle rrdtool samba scanner schroedinger sdl session sharedmem shorten sip sipim slang slp smi smime sms smtp sndfile sockets socks5 soundtouch sox sparse speex spell spl sqlite sqlite3 srtp sse ssl startup-notification subversion supernodal svg svga sysfs syslog szip t1lib taglib tcpd theora tiff timezone timidity tordns truetype twolame type3 unicode usb v4l v4l2 vamp vcd videos vim vim-syntax vnc vorbis wav wavpack wifi win32codecs wireshark wmf x264 x86 xattr xcb xface xft xinerama xorg xosd xpm xprint xrandr xscreensaver xulrunner xv xvid yahoo yaz ziffy zlib" ALSA_CARDS="intel8x0" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authz_host dir mime" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ru en ja" USERLAND="GNU" VIDEO_CARDS="nvidia nv vesa"
Unset:  CPPFLAGS, CTARGET, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 1 Rémi Cardona (RETIRED) gentoo-dev

2009-08-30 16:42:06 UTC

1) Try with _sane_ CFLAGS
2) Disable ccache
3) Try downgrading pixman back to 0.14.0-r1

Comment 2 Andrew Savchenko gentoo-dev

2009-09-07 17:28:52 UTC

(In reply to comment #1)
> 1) Try with _sane_ CFLAGS

I tried with "-O2 -g", it still fails. And now, please, point me to even single unsafe flag in my options. Actually this is nothing more, but distcc-friendly notation of "-O3 -fno-inline-functions -march=native -fomit-frame-pointer -pipe -mfpmath=sse".

> 2) Disable ccache

I disabled ccache and distcc, with no positive result. Yes, the latter is used, but not via portage FEATURES due to a numerous reasons.

But requirement of ccache disabling is nonsense. It is used worldwide for years and no single problem is known due to ccache failure of any recent ccache versions.

> 3) Try downgrading pixman back to 0.14.0-r1

I tried 0.16.0 instead. Things are unchanged.

However, I looked into the code. The problem occurs at memory access in user-supplied buffer, so this is not libpixman fault, but improper usage by firefox or xullrunner or some another library. Thus I close this bug because it seems to be related to another software. I really have no intention to debug xulrunner to verify precisely what is wrong.

Comment 3 Rémi Cardona (RETIRED) gentoo-dev

2009-09-07 20:46:13 UTC

(In reply to comment #2)
> But requirement of ccache disabling is nonsense. It is used worldwide for years
> and no single problem is known due to ccache failure of any recent ccache
> versions.

FYI, just take a look through our bugzilla and you'll see how many bugs are caused by ccache. It's not because ccache is used worldwide that it suddenly bug-free.

I asked you to disable ccache, not because I don't like it but, because it _is_ a source of problems.

Anyhow, thanks for the follow up, we appreciate it.

Thanks

Comment 4 Nirbheek Chauhan (RETIRED) gentoo-dev

2009-09-08 04:29:09 UTC

(In reply to comment #0)
[snip]
> $ emerge --info
> Portage 2.2_rc39 (default/linux/x86/2008.0, gcc-4.4.1, glibc-2.10.1-r0,
> 2.6.29.2-yoruichi i686)
[snip]
> CFLAGS="-march=athlon-xp -m32 --param l1-cache-line-size=64 --param
> l1-cache-size=64 --param l2-cache-size=512 -O2 -funswitch-loops
> -fpredictive-commoning -fgcse-after-reload -ftree-vectorize
> -fomit-frame-pointer -mfpmath=sse -pipe"

gcc-4.4 + x86 + -ftree-vectorize == gcc fail

Comment 5 Nirbheek Chauhan (RETIRED) gentoo-dev

2009-09-08 04:29:41 UTC

Dupe of bug 270120 per previous comment.

*** This bug has been marked as a duplicate of bug 270120 ***

Comment 6 Andrew Savchenko gentoo-dev

2009-09-08 17:06:30 UTC

(In reply to comment #4)
> gcc-4.4 + x86 + -ftree-vectorize == gcc fail

Yes, that's it! Now I get rid of firefox, ld segfaults and some other weird problems. I suspected binutils, my hardware, but not unmasked gcc 8-).

Thank you for pointing out.