[cairo-bugs] [Bug 90984] New: Potential _cairo_bentley_ottmann_tessellate_rectangular_traps bug

Mon Jun 15 12:16:26 PDT 2015

https://bugs.freedesktop.org/show_bug.cgi?id=90984

            Bug ID: 90984
           Summary: Potential
                    _cairo_bentley_ottmann_tessellate_rectangular_traps
                    bug
           Product: cairo
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
          Assignee: chris at chris-wilson.co.uk
          Reporter: twointofive at gmail.com
        QA Contact: cairo-bugs at cairographics.org

Created attachment 116523
  --> https://bugs.freedesktop.org/attachment.cgi?id=116523&action=edit
_cairo_bentley_ottmann_tessellate_rectangular_traps patch

This is being reported with reference to firefox bug 853889:
https://bugzilla.mozilla.org/show_bug.cgi?id=853889

As explained in that bug, using firefox's old version of cairo, there's a bug
related to _cairo_bentley_ottmann_tessellate_rectangular_traps:
if more than one trap is passed in then it's guaranteed that the returned traps
will have their left edge to the left of their right edge, but if only one trap
is passed in then the function always returns without doing anything.

I don't think that bug is reproducible with current cairo code (all current
calls to _cairo_bentley_ottmann_tessellate_rectangular_traps appear to be
guarded by traps.has_intersections checks, which I think implies more than one
trap), but it seems like it's still a potential hole for a future bug, and I
see a similar hole in _cairo_bentley_ottmann_tessellate_boxes has been fixed
already.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20150615/8756be43/attachment.html>