[cairo-bugs] [Bug 77931] NULL pointer dereference : _clip_and_composite_boxes() tries to destroy __cairo_clip_all's path

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sun Apr 27 11:00:03 PDT 2014


--- Comment #3 from Alexandre Rostovtsev <tetromino at gentoo.org> ---
(In reply to comment #2)
> Instead of your patch, could you try adding the following at the beginning
> of _clip_and_composite_boxes()? Thanks (Hm, and I'd be curious how exactly
> this can happen at all, the higher levels should check for all-clipped
> earlier, I thought):
> if (_cairo_clip_is_all_clipped (clip))

I cannot see how that could work.

Look at the abbreviated logic of _clip_and_composite_boxes() :

if ( extents->clip->path != NULL ) {
    cairo_clip_t *clip;
    clip = _cairo_clip_copy (extents->clip);
    clip = _cairo_clip_intersect_boxes (clip, boxes);
    clip = _cairo_clip_intersect_boxes (clip, boxes); // this crashes due to
NULL dereference

Since we know that extents->clip->path is not NULL, we are guaranteed that the
initial value of clip is *not* the all-clipped path. In other words, the
all-clipped path is coming from result of _cairo_clip_intersect_boxes(), not
from the parameters to _clip_and_composite_boxes(). So checking for all-clipped
at the beginning of _clip_and_composite_boxes() won't help.

You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20140427/540adc91/attachment.html>

More information about the cairo-bugs mailing list