[cairo-bugs] [Bug 65626] New: cairo-script-interpreter API changes

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Jun 10 18:58:23 PDT 2013


https://bugs.freedesktop.org/show_bug.cgi?id=65626

          Priority: medium
            Bug ID: 65626
          Assignee: chris at chris-wilson.co.uk
           Summary: cairo-script-interpreter API changes
        QA Contact: cairo-bugs at cairographics.org
          Severity: normal
    Classification: Unclassified
                OS: All
          Reporter: dmacks at netspace.org
          Hardware: All
            Status: NEW
           Version: 1.12.14
         Component: general
           Product: cairo

Going from cairo-1.12.8 to 1.12.10, cairo-script-interpreter.h was changed (via
146da77d85b304651949a819bc8b0a74819f0416) to add a new member to struct
cairo_script_interpreter_hooks. As far as I can tell, callers create variables
of this type themselves (via malloc or simple variable declarations) and access
its members before passing it to cairo_script_interpreter_install_hooks() in
libcairo. That means code that was compiled with the "old" typedef (that did
not have the new member) would be passing a pointer to a chunk of memory that
does not include allocated storage for that new member. But then "new" libcairo
tries to read the new member's value, meaning it's accessing memory that isn't
intended to be allocated to that struct. I don't know much about libcairo's
internals, but I don't see any protection or struct versioning that would
prevent this from happening, with undefined results.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20130611/922368b8/attachment.html>


More information about the cairo-bugs mailing list