[cairo-bugs] [Bug 53384] New: Crash or memory corruption: _cairo_damage_add_boxes generates broken single list
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sat Aug 11 11:21:40 PDT 2012
https://bugs.freedesktop.org/show_bug.cgi?id=53384
Bug #: 53384
Summary: Crash or memory corruption: _cairo_damage_add_boxes
generates broken single list
Classification: Unclassified
Product: cairo
Version: 1.12.2
Platform: All
OS/Version: All
Status: NEW
Severity: critical
Priority: medium
Component: general
AssignedTo: cworth at cworth.org
ReportedBy: fmot.fics at gmail.com
QAContact: cairo-bugs at cairographics.org
It is necessary to add the following line to _cairo_damage_add_boxes function:
--- a/src/cairo-damage.c
+++ b/src/cairo-damage.c
@@ -128,6 +128,7 @@ _cairo_damage_add_boxes(cairo_damage_t *damage,
chunk->count = count;
damage->tail->next = chunk;
+ damage->tail = chunk;
damage->remain = size - count;
memcpy (damage->tail->base, boxes + n,
Otherwise the "tail" of the single list is not updated but the "remain" field
is. That leads to either crash or memory corruption (which I encountered).
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
More information about the cairo-bugs
mailing list