[cairo-bugs] [Bug 58061] New: Null pointer dereference in cairo_image_get_surface_data()

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sun Dec 9 12:56:29 PST 2012


          Priority: medium
            Bug ID: 58061
          Assignee: chris at chris-wilson.co.uk
           Summary: Null pointer dereference in
        QA Contact: cairo-bugs at cairographics.org
          Severity: normal
    Classification: Unclassified
                OS: Windows (All)
          Reporter: mov_ebpesp at yahoo.com
          Hardware: All
            Status: NEW
           Version: 1.12.8
         Component: general
           Product: cairo

Created attachment 71241
  --> https://bugs.freedesktop.org/attachment.cgi?id=71241&action=edit
Detailed information of the crash.

Bug found while running gnucash 2.4.11 on windows (cross bug from gnucash


Every now and then (once per 1-3 h) gnucash seems to crash. This can happen
after a save, or updating a transaction or even leaving the computer alone for
a while - when I come back it's crashed.

The crash is a null pointer exception inside
libcairo.cairo_image_get_surface_data where a comparison check is done against

68DE04E1  |.  8138 20AEE968 CMP DWORD PTR DS:[EAX],libcairo.68E9AE20

libcairo.68E9AE20 is just 00 00 00 00

This bug can be fixed by first checking EAX for 0 and then checking the pointer
pointed to by EAX if it's 0.

See attached "crash.txt" for more details.

Proposed fix (credits to John Ralls from gnucash team)

The actual patch is:
diff --git a/src/cairo-image-surface-inline.h
index 743d5fd..63e0c50 100644
--- a/src/cairo-image-surface-inline.h
+++ b/src/cairo-image-surface-inline.h
@@ -74,7 +74,7 @@ static inline cairo_bool_t
 _cairo_surface_is_image (const cairo_surface_t *surface)
     /* _cairo_surface_nil sets a NULL backend so be safe */
-    return surface->backend && surface->backend->type ==
+    return surface && surface->backend && surface->backend->type ==

You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20121209/6457a6e1/attachment.html>

More information about the cairo-bugs mailing list