[cairo-bugs] [Bug 63461] [Patch] Segmentation fault when accessing xlib backend from different endian systems
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Sep 17 21:40:10 PDT 2014
https://bugs.freedesktop.org/show_bug.cgi?id=63461
--- Comment #4 from Ryan Oliver <ryan.oliver at depi.vic.gov.au> ---
Issue will also affects the xcb backend.
There are 2 problems here with the byteswap code
1) The above mentioned looping while decrementing from MAXINT if width or
stride == 0
2) Dereferencing a null pointer if surface->data == NULL
The latter causes the segfault on solaris-sparc <-> solaris-x86.
Issue is triggered via the call to cairo_image_surface_create_for_data in
src/cairo-ft-font.c (_render_glyph_outline, called from
_cairo_ft_scaled_glyph_init)
if the glyph requires a surface and width or height is 0.
What you end up with is a surface with a NULL pointer as its data member.
Whether this is sane or not for a surface, I don't know (XRenderAddGlyphs and
xcb_render_add_glyphs must deal with being passed a NULL data pointer as would
happens now for the non-byteswapped case...)
Attaching 2 patches
cairo-1.12.16-xlib_xcb_dont_decrement_from_zero_in_byteswap_code-1.patch
(replaces attachment 77856)
cairo-1.12.16-xlib_xcb_avoid_null_pointer_dereference_in_byteswap_code-1.patch
--
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20140918/330034bb/attachment.html>
More information about the cairo-bugs
mailing list