Propagate the true status value back from the _cairo_gstate_init_copy()
instead of assuming that is a NO_MEMORY and re-raising the error in the
caller.
I was wrong in my assertion that the call to
_cairo_path_fixed_interpret_flat() could not possibly fail with the
given _cairo_path_bounder_* callbacks - as I had missed the implicit
spline decomposition. (An interesting exercise would be to avoid the
spline allocation...) As a result we do have to check and propagate the
status return through the call stack.
Minor correction for a build failure on AIX:
"mozilla/gfx/cairo/cairo/src/cairo-gstate.c", line 45.43: 1506-294 (S)
Syntax error in expression on #if directive.
(Fixes https://bugzilla.mozilla.org/show_bug.cgi?id=415867.)
This new function gets the extents of the current path, whether
or not they would be inked by a 'fill'. It differs from
cairo_fill_extents() when the area enclosed by the path is 0.
Includes documentation and updated test.
Ensure that the ctm remains invertible after multiplying the user
supplied matrices. Although the arguments are checked so that they are
valid per se, we double check that the result after multiplication is
still a valid invertible matrix. This should catch pathological cases
where the user concatenates a long series of matrix operations, which
either exceed our numerical limits or become degenerate through rounding
errors.
Previously, _cairo_traps_extents () returned the extents
p1={INT_MAX, INT_MAX} p2={INT_MIN, INT_MIN} for an empty traps leading
to integer overflow when computing the width using p2-p1 and causing
further overflows within libpixman. [For example this caused the
allocation of massive regions with test/mask and the PS backend.]
Test for an invalid matrix before use. Whilst this has no effect on the
result, an INVALID_MATRIX error will be raised on the context, placing
the guards first makes the code obviously safe and avoids manipulation
of invalid matrices.
In http://bugs.freedesktop.org/show_bug.cgi?id=13699, Pavel Vozenilek
reports a duplicate define for computing the appropriate length for an
on-stack array. The macro in question, and a few other places, was
performing CAIRO_STACK_BUF_SIZE/sizeof(stack[0]) so we can simplify
them slightly by using a common macro.
Missed calling _cairo_error() for the CAIRO_STATUS_NULL_POINTER
returned by _cairo_gstate_init(). Rearrange the code to avoid the
overly complicated return statement. We note that _cairo_gstate_init()
is special as _cairo_gstate_fini() will always be called, even if an
error is thrown, and so do not do the usual cleanup in the case of an
aborted initialization.
Bill Spitzak said
"If you really want to match when the determinant is non-zero in the
resulting matrix, use sx*sy != 0. This appears the same as sx&&sy but
may also catch when underflow makes the determinant zero."
Return CAIRO_STATUS_INVALID_MATRIX if we know the user input will
generate a degenerate matrix. For additional paranoia we could recompute
and validate the inverse each time as well.
Every time we assign or return a hard-coded error status wrap that value
with a call to _cairo_error(). So the idiom becomes:
status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
or
return _cairo_error (CAIRO_STATUS_INVALID_DASH);
This ensures that a breakpoint placed on _cairo_error() will trigger
immediately cairo detects the error.
At some point during the blitz, I accidentally wrote
_cairo_error (CAIRO_STATUS_SUCCESS) and then proceeded to paste it into
the next 30 error sites! s/CAIRO_STATUS_SUCCESS/CAIRO_STATUS_NO_MEMORY/
The cairo_matrix_multiply(out,a,b) docs say that it is equivalent to applying
matrix a first, followed by b. Looking at _cairo_gstate_backend_to_user() we should
apply device_transform_inverse followed by ctm_inverse. That's what we do now.
This patch adds cairo_surface_copy_page and cairo_surface_show_page
as public methods, leaving the previous cairo_show_page variants as
shorthands. copy_page/show_page are specific to the surface, not
to the context, so they need to be surface methods.
This reverts commit 919bea6dbb.
Sadly as Behdad points out some backends do modify the glyph array and,
for example cairo-xlib-surface, hide this from the compiler with some
evil casts.
Skip the memory duplication of the incoming glyphs if we do not need
to transform them into the backend coordinate system.
As a consequence we need to constify the glyphs passed to the backend
functions.
This patch introduces three macros: _cairo_malloc_ab,
_cairo_malloc_abc, _cairo_malloc_ab_plus_c and replaces various calls
to malloc(a*b), malloc(a*b*c), and malloc(a*b+c) with them. The macros
return NULL if int overflow would occur during the allocation. See
CODING_STYLE for more information.
Set the cairo_t status to be the surface->status when the context is
created, and special case the NO_MEMORY status in order to avoid a
redundant allocation.
After using the public API to access the scaled font, which only sets
the status field in the font, check the scaled font status. This will
then correctly propagate errors during glyph loading to the context.
Add an initial guard in _cairo_gstate_ensure_scaled_font() and
_cairo_gstate_ensure_font_face() to check that there is no prior
error status on the objects.
cairo_scaled_font_create() returns a nil object on failure whereas a few
callers were checking for NULL.
Secondly review the public entry points for cairo_scaled_font_*() to
ensure that all check that they will not attempt to overwrite the
read-only nil object.
During the copy, allocation of the gradient may fail and so the callers
need to check for a pattern that returned in an error state. No callers
did so and in order to force all callers to check the error status,
the status return was added to _cairo_pattern_init_copy(). The early
error checking may appear redundant for an object with an embedded
structure, however it does fix an error where an uninitialised pattern
was being used:
==1922== Process terminating with default action of signal 11 (SIGSEGV)
==1922== Access not within mapped region at address 0x55555555
==1922== at 0x402CF6F: _cairo_array_index (cairo-array.c:208)
==1922== by 0x402D4F3: _cairo_user_data_array_fini (cairo-array.c:370)
==1922== by 0x4046464: _cairo_pattern_fini (cairo-pattern.c:188)
==1922== by 0x404992A: _cairo_meta_surface_paint (cairo-meta-surface.c:266)
==1922== by 0x403FCE0: _cairo_surface_paint (cairo-surface.c:1331)
==1922== by 0x405CB5E: _test_meta_surface_paint (test-meta-surface.c:195)
==1922== by 0x403FCE0: _cairo_surface_paint (cairo-surface.c:1331)
==1922== by 0x4032A60: _cairo_gstate_paint (cairo-gstate.c:822)
==1922== by 0x402B2D1: cairo_paint (cairo.c:1879)
==1922== by 0x804A4F7: draw (radial-gradient.c:73)
==1922== by 0x804AFA4: cairo_test_expecting (cairo-test.c:326)
==1922== by 0x804A57C: main (radial-gradient.c:109)
==1922== Injected fault at:
==1922== at 0x4020EA5: malloc (vg_replace_malloc.c:207)
==1922== by 0x404475C: _cairo_pattern_init_copy (cairo-pattern.c:136)
==1922== by 0x403F779: _cairo_surface_copy_pattern_for_destination (cairo-surface.c:2153)
==1922== by 0x403FCC1: _cairo_surface_paint (cairo-surface.c:1328)
==1922== by 0x405CB5E: _test_meta_surface_paint (test-meta-surface.c:195)
==1922== by 0x403FCE0: _cairo_surface_paint (cairo-surface.c:1331)
==1922== by 0x4032A60: _cairo_gstate_paint (cairo-gstate.c:822)
==1922== by 0x402B2D1: cairo_paint (cairo.c:1879)
==1922== by 0x804A4F7: draw (radial-gradient.c:73)
==1922== by 0x804AFA4: cairo_test_expecting (cairo-test.c:326)
==1922== by 0x804A57C: main (radial-gradient.c:109)
The design is for the user to create a cairo_font_options_t object with
cairo_font_options_create() and then is free to use it with any Cairo
operation. This requires us to check when we may be about to overwrite
the read-only nil object.
This allows for the surface acquired from the pattern to have the
same content. In particular, in a case such as cairo_paint_with_alpha
we can now acquire an A8 mask surface instead of an ARGB32 mask
surface which can be rendered much more efficiently. This results
in a 4x speedup when using the OVER operator with the recently
added paint-with-alpha test:
Speedups
========
image-rgb paint-with-alpha_image_rgb_over-256 2.25 -> 0.60: 4.45x speedup
███▌
It does slowdown the same test when using the SOURCE operator, but
I don't think we care. Performing SOURCE with a mask is already a very
slow operation, (hitting compositeGeneral), so the slowdown here is
likely from having to convert from A8 back to ARGB32 before the
generalized compositing. So if someone cares about this slowdown,
(though SOURCE with cairo_paint_with_alpha doesn't seem extremely
useful), they will probably be motivated enough to contribute a
customized compositing function to replace compositeGeneral in which
case this slowdown should go away:
image-rgba paint-with-alpha_image_rgb_source-256 3.84 -> 8.86%: 1.94x slowdown
█
Fixing this uncovered a leak of a CAIRO_INT_STATUS_UNSUPPORTED value
up to cairo_show_page, (and similarly to cairo_copy_page). There was
really no good reason for _cairo_surface_show_page and
_cairo_surface_copy_page to be returning cairo_int_status_t. Fix
this by simply handling the UNSUPPORTED return at the surface layer
instead of the gstate layer.
This is just multiplication after all, so there's nothing that can fail.
And we can get rid of a lot of useless error-checking code this way.
The corrected functions are:
_cairo_gstate_user_to_device
_cairo_gstate_user_to_device_distance
_cairo_gstate_device_to_user
_cairo_gstate_device_to_user_distance
Now that we have the warn_unused_result attribute enabled, (thanks
Chris!), it's actually harmful to have a function return an
uncoditional value of CAIRO_STATUS_SUCCESS. The harm is that
it would force lots of unnecessary error-checking paths that
just add clutter.
It is much better to simply give a function that cannot fail
a return type of void.
