Bug 41036 - Crash intersecting clip region with translated graphics
Summary: Crash intersecting clip region with translated graphics
Status: NEW
Alias: None
Product: Class Libraries
Classification: Mono
Component: System.Drawing ()
Version: 4.2.0 (C6)
Hardware: Macintosh Mac OS
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2016-05-11 20:06 UTC by Stephen Darnell
Modified: 2016-05-11 20:07 UTC (History)
2 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report for Bug 41036 on GitHub or Developer Community if you have new information to add and do not yet see a matching new report.

If the latest results still closely match this report, you can use the original description:

  • Export the original title and description: GitHub Markdown or Developer Community HTML
  • Copy the title and description into the new report. Adjust them to be up-to-date if needed.
  • Add your new information.

In special cases on GitHub you might also want the comments: GitHub Markdown with public comments

Related Links:
Status:
NEW

Description Stephen Darnell 2016-05-11 20:06:40 UTC
Description of Problem:
A simple app that draws to an offscreen bitmap crashes with SIGSEGV when doing a combination of translation, and setting a simple rectangular path region clip (Graphics.IntersectClip()).

Steps to reproduce the problem:
1. Create a simple console app, and insert this code, and run:

using System;
using System.Drawing;
using System.Drawing.Drawing2D;

namespace MonoClipBug
{
    class MainClass
    {
        public static void Main(string[] args)
        {
            var bitmap = new Bitmap(4000, 4000);
            var g = Graphics.FromImage(bitmap);
            dumpRegion(g.Clip, "Fresh Graphics");
            Console.WriteLine("VisibleClipBounds = {0}", g.VisibleClipBounds);

            // This causes a different error (OutOfMemory)
            // g.SetClip(new Rectangle(0,0, 4000,4000));

            g.TranslateTransform(4040, 463);
            dumpRegion(g.Clip, "After translation");

            GraphicsPath p = new GraphicsPath();

            p.AddLine(4, 4, 680, 4);
            p.AddLine(680, 4, 680, 430);
            p.AddLine(680, 430, 4, 430);
            p.CloseFigure();

            var r = new Region(p);
            dumpRegion(r, "Path region");
            g.IntersectClip(r);
            dumpRegion(g.Clip, "After IntersectClip");
        }

        private static void dumpRegion(Region r, string prefix)
        {
            var scans = r.GetRegionScans(new Matrix());
            Console.WriteLine("{0} Region scans {1}", prefix, scans.Length);
            foreach (var s in scans) Console.WriteLine(" scan {0}", s);
        }
    }
}

Actual Results:

Loaded assembly: /Library/Frameworks/Mono.framework/Versions/4.2.3/lib/mono/gac/System.Drawing/4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
Loaded assembly: /Library/Frameworks/Mono.framework/Versions/4.2.3/lib/mono/gac/System/4.0.0.0__b77a5c561934e089/System.dll
Fresh Graphics Region scans 1
 scan {X=-4194304,Y=-4194304,Width=8388608,Height=8388608}
VisibleClipBounds = {X=0,Y=0,Width=4000,Height=4000}
After translation Region scans 1
 scan {X=-4194304,Y=-4194304,Width=8388608,Height=8388608}
Path region Region scans 1
 scan {X=4,Y=4,Width=676,Height=426}

** (process:88226): WARNING **: Requested 526870 bytes. Maximum size for region is 262144 bytes.
Stacktrace:

  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.Drawing.GDIPlus.GdipSetClipRegion (intptr,intptr,System.Drawing.Drawing2D.CombineMode) <IL 0x0002b, 0xffffffff>
  at System.Drawing.Graphics.IntersectClip (System.Drawing.Region) [0x00011] in /private/tmp/source-mono-4.2.3/bockbuild-mono-4.2.0-branch/profiles/mono-mac-xamarin/build-root/mono-4.2.3/mcs/class/System.Drawing/System.Drawing/Graphics.cs:1811
  at (wrapper remoting-invoke-with-check) System.Drawing.Graphics.IntersectClip (System.Drawing.Region) <IL 0x00039, 0xffffffff>
  at MonoClipBug.MainClass.Main (string[]) [0x000b7] in /Users/stephendarnell/Projects/MonoClipBug/MonoClipBug/Program.cs:31
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void_object (object,intptr,intptr,intptr) <IL 0x00058, 0xffffffff>

Native stacktrace:


Debug info from gdb:

(lldb) command source -s 0 '/tmp/mono-gdb-commands.Zd5yQb'
Executing commands in '/tmp/mono-gdb-commands.Zd5yQb'.
(lldb) process attach --pid 88226
Process 88226 stopped
* thread #1: tid = 0xa6d47f, 0x9cfb4cee libsystem_kernel.dylib`__wait4 + 10, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x9cfb4cee libsystem_kernel.dylib`__wait4 + 10
libsystem_kernel.dylib`__wait4:
->  0x9cfb4cee <+10>: jae    0x9cfb4cfe                ; <+26>
    0x9cfb4cf0 <+12>: calll  0x9cfb4cf5                ; <+17>
    0x9cfb4cf5 <+17>: popl   %edx
    0x9cfb4cf6 <+18>: movl   0x734832f(%edx), %edx

Executable module set to "/Library/Frameworks/Mono.framework/Versions/4.2.3/bin/mono".
Architecture set to: i386-apple-macosx.
(lldb) thread list
Process 88226 stopped
* thread #1: tid = 0xa6d47f, 0x9cfb4cee libsystem_kernel.dylib`__wait4 + 10, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  thread #2: tid = 0xa6d480, 0x9cfb43ea libsystem_kernel.dylib`__psynch_cvwait + 10
  thread #3: tid = 0xa6d482, 0x9cfad4d6 libsystem_kernel.dylib`semaphore_wait_trap + 10
  thread #4: tid = 0xa6d483, 0x9cfb4d5e libsystem_kernel.dylib`__workq_kernreturn + 10
  thread #5: tid = 0xa6d484, 0x9cfb57fa libsystem_kernel.dylib`kevent_qos + 10, queue = 'com.apple.libdispatch-manager'
  thread #6: tid = 0xa6d485, 0x9cfb4646 libsystem_kernel.dylib`__recvfrom + 10
  thread #7: tid = 0xa6d4b7, 0x9cfb4d5e libsystem_kernel.dylib`__workq_kernreturn + 10
(lldb) thread backtrace all
* thread #1: tid = 0xa6d47f, 0x9cfb4cee libsystem_kernel.dylib`__wait4 + 10, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  * frame #0: 0x9cfb4cee libsystem_kernel.dylib`__wait4 + 10
    frame #1: 0x9bd5e7dc libsystem_c.dylib`waitpid$UNIX2003 + 48
    frame #2: 0x000c7f0d mono`mono_handle_native_sigsegv(signal=11, ctx=0x00727fe0, info=0x00727fa0) + 541 at mini-exceptions.c:2193 [opt]
    frame #3: 0x00114462 mono`mono_arch_handle_altstack_exception(sigctx=<unavailable>, siginfo=<unavailable>, fault_addr=<unavailable>, stack_ovf=0) + 162 at exceptions-x86.c:1097 [opt]
    frame #4: 0x0001533e mono`mono_sigsegv_signal_handler(_dummy=<unavailable>, _info=<unavailable>, context=<unavailable>) + 446 at mini-runtime.c:2471 [opt]
    frame #5: 0x9c58a79b libsystem_platform.dylib`_sigtramp + 43
    frame #6: 0x01958236 libgdiplus.dylib`gdip_region_bitmap_union + 214
    frame #7: 0x01957c26 libgdiplus.dylib`gdip_region_bitmap_combine + 214
    frame #8: 0x01953b99 libgdiplus.dylib`gdip_combine_pathbased_region + 121
    frame #9: 0x019539f4 libgdiplus.dylib`GdipCombineRegionRegion + 676
    frame #10: 0x01921794 libgdiplus.dylib`GdipSetClipRegion + 228
    frame #11: 0x080935c0
    frame #12: 0x080934f8
    frame #13: 0x0809340c
    frame #14: 0x0068a574
    frame #15: 0x0068a7e0
    frame #16: 0x000181aa mono`mono_jit_runtime_invoke(method=<unavailable>, obj=<unavailable>, params=<unavailable>, exc=<unavailable>) + 714 at mini-runtime.c:2344 [opt]
    frame #17: 0x001dd4ff mono`mono_runtime_invoke(method=0x7ab018c8, obj=0x00000000, params=<unavailable>, exc=<unavailable>) + 127 at object.c:2783 [opt]
    frame #18: 0x001e3251 mono`mono_runtime_exec_main(method=0x7ab018c8, args=<unavailable>, exc=0x00000000) + 401 at object.c:4040 [opt]
    frame #19: 0x001e300a mono`mono_runtime_run_main(method=0x7ab018c8, argc=<unavailable>, argv=<unavailable>, exc=<unavailable>) + 618 at object.c:3666 [opt]
    frame #20: 0x00090bdd mono`mono_jit_exec(domain=0x7966a630, assembly=0x79685290, argc=<unavailable>, argv=<unavailable>) + 93 at driver.c:1007 [opt]
    frame #21: 0x00092f31 mono`mono_main [inlined] main_thread_handler + 7985 at driver.c:1066 [opt]
    frame #22: 0x00092ef3 mono`mono_main(argc=<unavailable>, argv=<unavailable>) + 7923 at driver.c:2079 [opt]
    frame #23: 0x0000aa80 mono`main [inlined] mono_main_with_options(argc=<unavailable>, argv=<unavailable>) + 768 at main.c:94 [opt]
    frame #24: 0x0000a79d mono`main(argc=<unavailable>, argv=<unavailable>) + 29 at main.c:125 [opt]
    frame #25: 0x0000a775 mono`start + 53

  thread #2: tid = 0xa6d480, 0x9cfb43ea libsystem_kernel.dylib`__psynch_cvwait + 10
    frame #0: 0x9cfb43ea libsystem_kernel.dylib`__psynch_cvwait + 10
    frame #1: 0x95139538 libsystem_pthread.dylib`_pthread_cond_wait + 757
    frame #2: 0x9513b276 libsystem_pthread.dylib`pthread_cond_wait$UNIX2003 + 71
    frame #3: 0x0023b7d2 mono`thread_func(thread_data=0x00000000) + 466 at sgen-thread-pool.c:118 [opt]
    frame #4: 0x95138780 libsystem_pthread.dylib`_pthread_body + 138
    frame #5: 0x951386f6 libsystem_pthread.dylib`_pthread_start + 155
    frame #6: 0x95135f7a libsystem_pthread.dylib`thread_start + 34

  thread #3: tid = 0xa6d482, 0x9cfad4d6 libsystem_kernel.dylib`semaphore_wait_trap + 10
    frame #0: 0x9cfad4d6 libsystem_kernel.dylib`semaphore_wait_trap + 10
    frame #1: 0x0025e2ca mono`mono_sem_wait(sem=0x0033e090, alertable=1) + 26 at mono-semaphore.c:109 [opt]
    frame #2: 0x001db3fe mono`finalizer_thread(unused=0x00000000) + 158 at gc.c:1096 [opt]
    frame #3: 0x001b5441 mono`start_wrapper [inlined] start_wrapper_internal + 516 at threads.c:725 [opt]
    frame #4: 0x001b523d mono`start_wrapper(data=<unavailable>) + 29 at threads.c:772 [opt]
    frame #5: 0x00265e60 mono`inner_start_thread(arg=<unavailable>) + 240 at mono-threads-posix.c:97 [opt]
    frame #6: 0x95138780 libsystem_pthread.dylib`_pthread_body + 138
    frame #7: 0x951386f6 libsystem_pthread.dylib`_pthread_start + 155
    frame #8: 0x95135f7a libsystem_pthread.dylib`thread_start + 34

  thread #4: tid = 0xa6d483, 0x9cfb4d5e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #0: 0x9cfb4d5e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #1: 0x9513834b libsystem_pthread.dylib`_pthread_wqthread + 1289
    frame #2: 0x95135f56 libsystem_pthread.dylib`start_wqthread + 34

  thread #5: tid = 0xa6d484, 0x9cfb57fa libsystem_kernel.dylib`kevent_qos + 10, queue = 'com.apple.libdispatch-manager'
    frame #0: 0x9cfb57fa libsystem_kernel.dylib`kevent_qos + 10
    frame #1: 0x953ea7ea libdispatch.dylib`_dispatch_mgr_invoke + 234
    frame #2: 0x953ea3be libdispatch.dylib`_dispatch_mgr_thread + 52

  thread #6: tid = 0xa6d485, 0x9cfb4646 libsystem_kernel.dylib`__recvfrom + 10
    frame #0: 0x9cfb4646 libsystem_kernel.dylib`__recvfrom + 10
    frame #1: 0x9bd5e9df libsystem_c.dylib`recv$UNIX2003 + 55
    frame #2: 0x000fc948 mono`socket_transport_recv(buf=<unavailable>, len=<unavailable>) + 168 at debugger-agent.c:1130 [opt]
    frame #3: 0x000edb37 mono`debugger_thread [inlined] transport_recv(len=11) + 35 at debugger-agent.c:1515 [opt]
    frame #4: 0x000edb14 mono`debugger_thread(arg=0x00000000) + 1572 at debugger-agent.c:9573 [opt]
    frame #5: 0x00265e60 mono`inner_start_thread(arg=<unavailable>) + 240 at mono-threads-posix.c:97 [opt]
    frame #6: 0x95138780 libsystem_pthread.dylib`_pthread_body + 138
    frame #7: 0x951386f6 libsystem_pthread.dylib`_pthread_start + 155
    frame #8: 0x95135f7a libsystem_pthread.dylib`thread_start + 34

  thread #7: tid = 0xa6d4b7, 0x9cfb4d5e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #0: 0x9cfb4d5e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #1: 0x9513834b libsystem_pthread.dylib`_pthread_wqthread + 1289
    frame #2: 0x95135f56 libsystem_pthread.dylib`start_wqthread + 34
(lldb) detach

=================================================================
Got a SIGSEGV while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries 
used by your application.
=================================================================

Expected Results: (as reported from Win 7)

Fresh Graphics Region scans 1
 scan {X=-4194304,Y=-4194304,Width=8388608,Height=8388608}
VisibleClipBounds = {X=0,Y=0,Width=4000,Height=4000}
After translation Region scans 1
 scan {X=-4194304,Y=-4194304,Width=8388608,Height=8388608}
Path region Region scans 1
 scan {X=4,Y=4,Width=676,Height=426}
After IntersectClip Region scans 1
 scan {X=4,Y=4,Width=676,Height=426}

How often does this happen? 

Very frequently for my app which draws components, where before drawing each component we translate and clip to the component.
Other cases occur even when not using the simple square path region.

Additional Information:

If I clip to the bitmap size first, this triggers a different, OutOfMemory exception which I'll raise separately.