Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-19157

Crash in QGLContextPrivate::bindTexture() when using QPainter::fillRect() with a brush having a size > max_texture_size

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 4.7.4
    • 4.7.4
    • GUI: OpenGL
    • None
    • 1c5da7207a21cc44a4a08d291c290ffcd9b958fd

    Description

      This crash originates from Maemo: https://projects.maemo.org/bugzilla/show_bug.cgi?id=248298

      When rendering with an image > max_texture_size, the application crashes.
      Stack trace:
      Signal 11 (SIGSEGV)
      0 QGLContextPrivate::bindTexture (this=0x1f8ba900, target=3553) at
      qgl.cpp:2587
      1 0x3d4dd774 QGL2PaintEngineExPrivate::updateBrushTexture
      (this=0x1f932a58) at gl2paintengineex/qpaintengineex_opengl2.cpp:235
      2 0x3d4e14a4 QGL2PaintEngineExPrivate::prepareForDraw (this=0x0,
      srcPixelsAreOpaque=false) at gl2paintengineex/qpaintengineex_opengl2.cpp:1047
      3 0x3d4e2ad8 QGL2PaintEngineExPrivate::fill (this=0x1f932a58) at
      gl2paintengineex/qpaintengineex_opengl2.cpp:708
      4 0x3c2dbf14 QPaintEngineEx::fillRect (this=0x0) at
      painting/qpaintengineex.cpp:698
      5 0x3c2ef724 QPainter::fillRect (this=0xaefe40ec) at
      painting/qpainter.cpp:6934
      6 0x3b89b510 WebCore::Image::drawPattern (this=0x42c2a3a8,
      ctxt=0xaefe181c) at .../../WebCore/platform/graphics/qt/ImageQt.cpp:116
      7 0x3b73bba8 WebCore::Image::drawTiled (this=0x42c2a3a8) at
      .../../WebCore/platform/graphics/Image.cpp:142
      8 0x3b7390ac WebCore::GraphicsContext::drawTiledImage (this=0xaefe181c,
      image=0x42c2a3a8) at .../../WebCore/platform/graphics/GraphicsContext.cpp:422
      9 0x3b7dc7b4 WebCore::RenderBoxModelObject::paintFillLayerExtended
      (this=0x42c505a0, bgLayer=0x42cd0444, tx=0, ty=0, w=660, h=199, box=0x0,
      backgroundObject=0x42c506d0) at
      .../../WebCore/rendering/RenderBoxModelObject.cpp:618
      10 0x3b7d0888 WebCore::RenderBox::paintFillLayer (this=0x0,
      fillLayer=0x1fd60bf8, tx=0, ty=0, width=660, height=199,
      backgroundObject=0x42c506d0) at .../../WebCore/rendering/RenderBox.cpp:775

      The following code of QGL2PaintEngineExPrivate::updateBrushTexture() seems to be the problem:
      if (currentBrushPixmap.width() > max_texture_size || currentBrushPixmap.height() > max_texture_size)
      currentBrushPixmap = currentBrushPixmap.scaled(max_texture_size, max_texture_size, Qt::KeepAspectRatio);
      It returns a null QPixmap instead of a valid pixmap. When the pixmap data is used later in the stack, it happily crashes.

      The attached file is a reduction to reproduce the crash (on device).

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            rodal Samuel Rødal
            poulain Benjamin Poulain (closed Nokia identity) (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes