[cairo-bugs] [Bug 14701] evince crashed with SIGSEGV in cairo_image_surface_get_width(

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Feb 29 02:58:01 PST 2008


http://bugs.freedesktop.org/show_bug.cgi?id=14701


James Cloos <cloos at jhcloos.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cloos at jhcloos.com




--- Comment #2 from James Cloos <cloos at jhcloos.com>  2008-02-29 02:57:59 PST ---
Would it not be appropriate for cairo_image_surface_get_width() to throw a
@CAIRO_STATUS_NULL_POINTER in that case rather than allow the null pointer to
be dereferenced in _cairo_surface_is_image()?

Something like:

    if (!surface) {
        _cairo_error_throw (CAIRO_STATUS_NULL_POINTER);
        return 0;
    }

It would be needed of course in each of the cairo_image_surface_get... funtions
before the 

    if (!_cairo_surface_is_image (surface)) {
        _cairo_error_throw (CAIRO_STATUS_SURFACE_TYPE_MISMATCH);
        return 0;
    }

blocks.

I suppose the question is just how vigilant cairo should be in avoiding SEGVs
from bogus input?


-- 
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.


More information about the cairo-bugs mailing list