Using an affine transform with a bad value with crash the window server.

Originator:brian
Number:rdar://15365273 Date Originated:10/31/13
Status:Closed Resolved:Fixed in 10.10
Product:Mac OS X Product Version:13Z603
Classification:Crash Reproducible:Always
 
Summary:
Using an affine transform with a bad value will crash the Mavericks window server, kicking you back to the login window.

Steps to Reproduce:
Make an NSView subclass with this code in a mac os x app. Activate the crashMe function.

- (id)initWithCoder:(NSCoder *)aDecoder
{
	if (self = [super initWithCoder:aDecoder])
    {
        CALayer *backingLayer = [CALayer layer];
        backingLayer.bounds = self.bounds;
        self.layer = backingLayer;
        [self setWantsLayer:YES];
    }
    
	return self;
}

-(IBAction)crashMe:(id)sender
{
    CAShapeLayer *badShape = [CAShapeLayer layer];
    badShape.strokeColor = [NSColor redColor].CGColor;

    [self.layer addSublayer:badShape];

    CGFloat length = 0.0;
    CGFloat nan = 1.0 / length;
    
    CGAffineTransform transform = (CGAffineTransform){ nan, nan, nan, nan, 0, 0 };
    CGMutablePathRef arrowPath = CGPathCreateMutable();
    CGPathMoveToPoint(arrowPath, &transform, length, 1);
    CGPathAddLineToPoint(arrowPath, &transform, length, 0);

    badShape.path = arrowPath;
    CGPathRelease(arrowPath);
}

Please see the attached example app.

Expected Results:
I would expect an error, or the app to quit or throw an exception. 

Actual Results:
The window server crashes and boots the user out to the login window

Version:
13Z603

https://gist.github.com/briandw/7255242

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!