[cairo-bugs] [Bug 63461] [Patch] Segmentation fault when accessing xlib backend from different endian systems

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Sep 17 21:40:10 PDT 2014


--- Comment #4 from Ryan Oliver <ryan.oliver at depi.vic.gov.au> ---
Issue will also affects the xcb backend.

There are 2 problems here with the byteswap code

1) The above mentioned looping while decrementing from MAXINT if width or
stride == 0
2) Dereferencing a null pointer if surface->data == NULL

The latter causes the segfault on solaris-sparc <-> solaris-x86.

Issue is triggered via the call to cairo_image_surface_create_for_data in
src/cairo-ft-font.c (_render_glyph_outline, called from
if the glyph requires a surface and width or height is 0.

What you end up with is a surface with a NULL pointer as its data member.

Whether this is sane or not for a surface, I don't know (XRenderAddGlyphs and
xcb_render_add_glyphs must deal with being passed a NULL data pointer as would
happens now for the non-byteswapped case...)

Attaching 2 patches

(replaces attachment 77856)

You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20140918/330034bb/attachment.html>

More information about the cairo-bugs mailing list