[cairo-bugs] [Bug 65626] New: cairo-script-interpreter API changes
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Jun 10 18:58:23 PDT 2013
https://bugs.freedesktop.org/show_bug.cgi?id=65626
Priority: medium
Bug ID: 65626
Assignee: chris at chris-wilson.co.uk
Summary: cairo-script-interpreter API changes
QA Contact: cairo-bugs at cairographics.org
Severity: normal
Classification: Unclassified
OS: All
Reporter: dmacks at netspace.org
Hardware: All
Status: NEW
Version: 1.12.14
Component: general
Product: cairo
Going from cairo-1.12.8 to 1.12.10, cairo-script-interpreter.h was changed (via
146da77d85b304651949a819bc8b0a74819f0416) to add a new member to struct
cairo_script_interpreter_hooks. As far as I can tell, callers create variables
of this type themselves (via malloc or simple variable declarations) and access
its members before passing it to cairo_script_interpreter_install_hooks() in
libcairo. That means code that was compiled with the "old" typedef (that did
not have the new member) would be passing a pointer to a chunk of memory that
does not include allocated storage for that new member. But then "new" libcairo
tries to read the new member's value, meaning it's accessing memory that isn't
intended to be allocated to that struct. I don't know much about libcairo's
internals, but I don't see any protection or struct versioning that would
prevent this from happening, with undefined results.
--
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20130611/922368b8/attachment.html>
More information about the cairo-bugs
mailing list