<html> <head> <base href="https://bugs.freedesktop.org/" /> </head> <body> <div> <a class="bz_bug_link bz_status_NEW " title="NEW --- - [Patch] Segmentation fault when accessing xlib backend from different endian systems" href="https://bugs.freedesktop.org/show_bug.cgi?id=63461#c4">Comment # 4</a> on <a class="bz_bug_link bz_status_NEW " title="NEW --- - [Patch] Segmentation fault when accessing xlib backend from different endian systems" href="https://bugs.freedesktop.org/show_bug.cgi?id=63461">bug 63461</a> from <a class="email" href="mailto:ryan.oliver@depi.vic.gov.au" title="Ryan Oliver <ryan.oliver@depi.vic.gov.au>"> Ryan Oliver</a> <pre>Issue will also affects the xcb backend. There are 2 problems here with the byteswap code 1) The above mentioned looping while decrementing from MAXINT if width or stride == 0 2) Dereferencing a null pointer if surface->data == NULL The latter causes the segfault on solaris-sparc <-> solaris-x86. Issue is triggered via the call to cairo_image_surface_create_for_data in src/cairo-ft-font.c (_render_glyph_outline, called from _cairo_ft_scaled_glyph_init) if the glyph requires a surface and width or height is 0. What you end up with is a surface with a NULL pointer as its data member. Whether this is sane or not for a surface, I don't know (XRenderAddGlyphs and xcb_render_add_glyphs must deal with being passed a NULL data pointer as would happens now for the non-byteswapped case...) Attaching 2 patches cairo-1.12.16-xlib_xcb_dont_decrement_from_zero_in_byteswap_code-1.patch (replaces <a href="attachment.cgi?id=77856" name="attach_77856" title="Proposed patch to the bug">attachment 77856</a> <a href="attachment.cgi?id=77856&action=edit" title="Proposed patch to the bug">[details]</a>) cairo-1.12.16-xlib_xcb_avoid_null_pointer_dereference_in_byteswap_code-1.patch</pre> </div> <hr> You are receiving this mail because: <ul> <li>You are the QA Contact for the bug.</li> </ul> </body> </html>