After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 543209 - gdk_window_begin_paint_region() passes NULL to cairo_surface_set_device_offset() and crashes
gdk_window_begin_paint_region() passes NULL to cairo_surface_set_device_offse...
Status: RESOLVED DUPLICATE of bug 562574
Product: gtk+
Classification: Platform
Component: Backend: Win32
Other Windows
: Normal critical
: ---
Assigned To: gtk-win32 maintainers
Depends on:
Reported: 2008-07-16 02:25 UTC by David Grohmann
Modified: 2010-01-30 19:10 UTC
See Also:
GNOME target: ---
GNOME version: ---

Description David Grohmann 2008-07-16 02:25:05 UTC
Steps to reproduce:
1. Using pidgin on windows with latest gtk+ installed
2. Open the log viewer for conversations with a certain buddy
3. search for a word that appears often
4. alternate clicking between any two conversations.
5. application crashes in libcairo-2.dll because of error in libgdk-win32-2.0-0.dll  gdk_window_begin_paint_region

Stack trace:

Error occured on Tuesday, July 15, 2008 at 00:56:09.

Windows Version 5.1 Build 2600 Service Pack 2

C:\Program Files\Pidgin\pidgin.exe caused an Access Violation at location 68dd6cff in module C:\Program Files\Common Files\GTK\2.0\bin\libcairo-2.dll Reading from location 000000bc.

eax=00000000 ebx=02f60510 ecx=ffffffff edx=fffffe11 esi=01c5e5b8 edi=06febde8
eip=68dd6cff esp=0022f340 ebp=0022f358 iopl=0         nv up ei pl nz na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010202

Call stack:
68DD6CFF C:\Program Files\Common Files\GTK\2.0\bin\libcairo-2.dll  cairo_surface_set_device_offset
         C:\Program Files\Common Files\GTK\2.0\bin\libgdk-win32-2.0-0.dll []
6B05B397 C:\Program Files\Common Files\GTK\2.0\bin\libgdk-win32-2.0-0.dll  gdk_window_begin_paint_region
         C:\Program Files\Common Files\GTK\2.0\bin\libgtk-win32-2.0-0.dll []
6058ADC8 C:\Program Files\Common Files\GTK\2.0\bin\libgtk-win32-2.0-0.dll  gtk_main_do_event
         C:\Program Files\Common Files\GTK\2.0\bin\libgdk-win32-2.0-0.dll []
6B05C513 C:\Program Files\Common Files\GTK\2.0\bin\libgdk-win32-2.0-0.dll  gdk_window_clear_area_e
6B05C5E9 C:\Program Files\Common Files\GTK\2.0\bin\libgdk-win32-2.0-0.dll  gdk_window_process_all_updates
         C:\Program Files\Common Files\GTK\2.0\bin\libgtk-win32-2.0-0.dll []
604E87B9 C:\Program Files\Common Files\GTK\2.0\bin\libgtk-win32-2.0-0.dll  gtk_container_check_resize
         C:\Program Files\Common Files\GTK\2.0\bin\libgdk-win32-2.0-0.dll []
6B041838 C:\Program Files\Common Files\GTK\2.0\bin\libgdk-win32-2.0-0.dll  gdk_threads_set_lock_functions
         C:\Program Files\Common Files\GTK\2.0\bin\libglib-2.0-0.dll []
685E70E7 C:\Program Files\Common Files\GTK\2.0\bin\libglib-2.0-0.dll  g_main_context_dispatch
685E85BB C:\Program Files\Common Files\GTK\2.0\bin\libglib-2.0-0.dll  g_main_context_acquire
685E87AA C:\Program Files\Common Files\GTK\2.0\bin\libglib-2.0-0.dll  g_main_loop_run
         C:\Program Files\Common Files\GTK\2.0\bin\libgtk-win32-2.0-0.dll []
6058A02E C:\Program Files\Common Files\GTK\2.0\bin\libgtk-win32-2.0-0.dll  gtk_main
         C:\Program Files\Pidgin\pidgin.dll []
64A8ED51 C:\Program Files\Pidgin\pidgin.dll  pidgin_main  /home/stu/build/win32/pidgin-2.4.3-mtn/pidgin/gtkmain.c:897
         C:\Program Files\Pidgin\pidgin.exe []
00401EFF C:\Program Files\Pidgin\pidgin.exe  WinMain@16  win32/winpidgin.c:658
00402736 C:\Program Files\Pidgin\pidgin.exe
004010B6 C:\Program Files\Pidgin\pidgin.exe  __mingw_CRTStartup  /home/bitwalk/redhat/BUILD/mingw-3.14/mingw-runtime-3.14/crt1.c:237
00401138 C:\Program Files\Pidgin\pidgin.exe

Other information:
Comment 1 David Grohmann 2008-07-16 02:27:02 UTC
Using the gtk 2.12.10 available for download on GTK+ for windows site  I see
this printed out

(23:54:51) stun: got public ip
(23:55:08) Gdk: gdkgc-win32.c:823: SaveDC failed: Not enough storage is
available to process this command.
(23:55:08) Gdk: gdkdrawable-win32.c:1534: BitBlt failed: The operation
completed successfully.
(23:55:08) Gdk: gdkgc-win32.c:963: RestoreDC failed: The parameter is
(23:55:08) Gdk: gdkgc-win32.c:823: SaveDC failed: Not enough storage is
available to process this command.
(23:55:08) Gdk: gdkgc-win32.c:963: RestoreDC failed: The parameter is
(23:55:08) Gdk: gdkpixmap-win32.c:302: CreateDIBSection failed: The parameter
is incorrect.
(23:55:08) Gdk: gdkpixmap-win32.c:114: DeleteObject failed: The operation
completed successfully.
(23:55:08) Gdk: _gdk_drawable_ref_cairo_surface: assertion `GDK_IS_DRAWABLE
(drawable)' failed

Comment 2 David Grohmann 2008-07-16 02:30:02 UTC
_gdk_drawable_ref_cairo_surface() can return NULL, but
gdk_window_begin_paint_region() does not check if it did so before passing the
result to cairo_surface_set_device_offset(), which also doesn't check if it's
NULL before dereferencing it. 

Is it possible my error is a NULL pointer dereference?
Excerpt from gdkwindow.c line 970-1026 
gdk_window_begin_paint_region (GdkWindow *window,
                               GdkRegion *region)
  paint->surface = _gdk_drawable_ref_cairo_surface (paint->pixmap);
  cairo_surface_set_device_offset (paint->surface,
                                   - paint->x_offset, - paint->y_offset);
Excerpt from  gdkdraw.c lines 1257-1275
 * _gdk_drawable_ref_cairo_surface:
 * @drawable: a #GdkDrawable
 * Obtains a #cairo_surface_t for the given drawable. If a
 * #cairo_surface_t for the drawable already exists, it will be
 * referenced, otherwise a new surface will be created.
 * Return value: a newly referenced #cairo_surface_t that points
 *  to @drawable. Unref with cairo_surface_destroy()
cairo_surface_t *
_gdk_drawable_ref_cairo_surface (GdkDrawable *drawable)
  g_return_val_if_fail (GDK_IS_DRAWABLE (drawable), NULL);

  return GDK_DRAWABLE_GET_CLASS (drawable)->ref_cairo_surface (drawable);
Comment 3 Daniel Atallah 2008-09-12 22:07:18 UTC
This comes in kind of a roundabout way from the reporter of this bug via the pidgin ticket.

Based on tml's suggestion in #gtk+, the output immediately prior to the crash with G_DEBUG=events:misc is :

679	(16:37:32) Gdk: gdkwindow-win32.c:2075: CopyCursor failed: The operation completed successfully.
680	(16:37:32) Gdk: gdkpixmap-win32.c:302: CreateDIBSection failed: The parameter is incorrect.
681	(16:37:32) Gdk: gdkpixmap-win32.c:114: DeleteObject failed: The operation completed successfully.
682	(16:37:32) Gdk: _gdk_drawable_ref_cairo_surface: assertion `GDK_IS_DRAWABLE (drawable)' failed 

(This seems like not a lot of output, should there be more?)

I'm sure that Dave will be happy to provide any additional output.
Comment 4 David Grohmann 2008-09-12 22:48:03 UTC
yes the output looked similar to that from my comment #1 but please let me know if I can provide any more information.  

May I ask why we are investigating this? 

It looked clear to me that a NULL pointer was being passed to a cairo function and according to the cairo people (Carl Worth) here  [] that is not allowed and should be guarded against in gdk_window_begin_paint_region().

why  _gdk_drawable_ref_cairo_surface() is returning NULL might be an important thing to figure out, but we should stop the crashing caused gdk_window_begin_paint_region() by since _gdk_drawable_ref_cairo_surface() is documented as possibly returning a null pointer. Because the cast to GDK_IS_DRAWABLE failed.
Comment 5 David Grohmann 2008-10-11 02:47:59 UTC
please see cairo bug comment# 13

  ------- Comment  #13 From Chris Wilson  2008-10-10 11:30:08 PST  -------

The crash is caused by GTK+ passing a NULL surface to cairo, something which
should not happen. In particular, it looks like GTK+ made an error when trying
to create the win32 drawable and that should be fixed at source.

Comment 6 Jack 2009-01-07 16:20:46 UTC
I get this crash daily.
Comment 7 Hans Breuer 2009-01-07 19:14:34 UTC
reminds me on what I saw with bug #562574 - a GDI leak will crash a gtk+ application sooner or later and all the debug spew looks like one. 
You can check yourself with task manager (gdi objects) if the value is near 10000, which apparently is the limit on XP. To be a duplicate of bug #562574 Pidgin needs to create and (try to) destroy a lot of Pango(Cairo)Font though.
Comment 8 David Grohmann 2009-01-25 05:55:45 UTC
pidgin is def. leaking gdi.

every time I double click on a user to send an im, and then close that. there is always a net increase of at least 2 GDI objects in use by pidgin.

in the case of the steps used to cause this particular crash , opening the log viewer and clicking around. on different logs.  pidgin leaks 10-100 GDI per click.

how do we pinpoint whether pidgin is not using gtk correctly and thus pidgins fault, or that pidgin is using gtk correctly but gtk is not managing gdi correctly, as was found to be the case in the bug Hans mentioned.

also, just when opening the log viewer, 200 GDI are leaked each time.
Comment 9 David Grohmann 2009-01-25 06:34:22 UTC
downloaded Pango  	1.22.4 from here 

this appears to have fixed the worst gdi leaks.

previous pango dlls were dated before the patch in bug #562574 was accepted (2008-11-28)

01/25/2009  01:23 AM    <DIR>          .
01/25/2009  01:23 AM    <DIR>          ..
11/04/2008  10:54 AM           320,299 libpango-1.0-0.dll
11/04/2008  10:54 AM            77,792 libpangocairo-1.0-0.dll
11/04/2008  10:54 AM           272,802 libpangoft2-1.0-0.dll
11/04/2008  10:54 AM            99,648 libpangowin32-1.0-0.dll
11/04/2008  10:54 AM            25,925 pango-querymodules.exe
Comment 10 Hans Breuer 2010-01-30 19:10:55 UTC
resolving as duplicate

*** This bug has been marked as a duplicate of bug 562574 ***