[cairo-bugs] [Bug 49089] evince crashes with "*** buffer overflow detected ***: evince terminated" while trying to print

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Apr 23 14:17:18 PDT 2012


Chris Wilson <chris at chris-wilson.co.uk> changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #1 from Chris Wilson <chris at chris-wilson.co.uk> 2012-04-23 14:17:18 PDT ---
commit f736cd144305f7c9147912f6ec081962b3191e3d
Author: Jeff Mahoney <jeffm at suse.com>
Date:   Mon Apr 23 22:04:48 2012 +0100

    pdf: Fix wrong allocation in _cairo_pdf_surface_add_source_surface

    _cairo_pdf_surface_add_source_surface allocates unique_id with
    size unique_id_length but then copies surface_key.unique_id_length into it.

    This causes e.g. evince to crash predictably while trying to print with:
    *** buffer overflow detected ***: evince terminated

    We should be using surface_key.unique_id_length instead.

    Reported-by: Dominique Leuenberger
<dominique-freedesktop.org at leuenberger.ne
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=49089
    Signed-off-by: Jeff Mahoney <jeffm at suse.com>

Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.

More information about the cairo-bugs mailing list