[cairo-bugs] [Bug 77931] New: NULL pointer dereference : _clip_and_composite_boxes() tries to destroy __cairo_clip_all's path

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Apr 25 07:40:25 PDT 2014 

https://bugs.freedesktop.org/show_bug.cgi?id=77931

          Priority: medium
            Bug ID: 77931
          Assignee: psychon at znc.in
           Summary: NULL pointer dereference : _clip_and_composite_boxes()
                    tries to destroy __cairo_clip_all's path
        QA Contact: cairo-bugs at cairographics.org
          Severity: normal
    Classification: Unclassified
                OS: All
          Reporter: tetromino at gentoo.org
          Hardware: Other
            Status: NEW
           Version: 1.12.16
         Component: xcb backend
           Product: cairo

(As reported downstream at https://bugs.gentoo.org/show_bug.cgi?id=507478)

Gentoo users who tried linking firefox-28 with vanilla cairo-1.12.16 with the
xcb backend enabled (instead of using the patched cairo that's bundled with
firefox) have reported NULL pointer dereferences in _cairo_clip_path_destroy().

The crash is caused by _clip_and_composite_boxes() failing to check whether the
clip path being freed belongs to the constant __cairo_clip_all.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20140425/6a8ae6ac/attachment.html>

More information about the cairo-bugs mailing list