[cairo-bugs] [Bug 77931] NULL pointer dereference : _clip_and_composite_boxes() tries to destroy __cairo_clip_all's path
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sun Apr 27 11:00:03 PDT 2014
https://bugs.freedesktop.org/show_bug.cgi?id=77931
--- Comment #3 from Alexandre Rostovtsev <tetromino at gentoo.org> ---
(In reply to comment #2)
> Instead of your patch, could you try adding the following at the beginning
> of _clip_and_composite_boxes()? Thanks (Hm, and I'd be curious how exactly
> this can happen at all, the higher levels should check for all-clipped
> earlier, I thought):
>
> if (_cairo_clip_is_all_clipped (clip))
> return CAIRO_STATUS_SUCCESS;
I cannot see how that could work.
Look at the abbreviated logic of _clip_and_composite_boxes() :
if ( extents->clip->path != NULL ) {
cairo_clip_t *clip;
clip = _cairo_clip_copy (extents->clip);
clip = _cairo_clip_intersect_boxes (clip, boxes);
clip = _cairo_clip_intersect_boxes (clip, boxes); // this crashes due to
NULL dereference
}
Since we know that extents->clip->path is not NULL, we are guaranteed that the
initial value of clip is *not* the all-clipped path. In other words, the
all-clipped path is coming from result of _cairo_clip_intersect_boxes(), not
from the parameters to _clip_and_composite_boxes(). So checking for all-clipped
at the beginning of _clip_and_composite_boxes() won't help.
--
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20140427/540adc91/attachment.html>
More information about the cairo-bugs
mailing list