[cairo-commit] src/cairo-analysis-surface.c src/cairoint.h src/cairo-pdf-surface.c src/cairo-scaled-font.c src/cairo-surface-fallback.c src/cairo-win32-private.h src/cairo-xcb-surface.c src/cairo-xlib-surface.c
Vladimir Vukicevic
vladimir at kemper.freedesktop.org
Tue Jan 22 15:32:21 PST 2008
src/cairo-analysis-surface.c | 3 +++
src/cairo-pdf-surface.c | 6 +++---
src/cairo-scaled-font.c | 24 ++++++++++++------------
src/cairo-surface-fallback.c | 9 ++-------
src/cairo-win32-private.h | 2 +-
src/cairo-xcb-surface.c | 4 ++--
src/cairo-xlib-surface.c | 4 ++--
src/cairoint.h | 2 +-
8 files changed, 26 insertions(+), 28 deletions(-)
New commits:
commit 02970ac8cf27bc9d42cf27848a97019d9dd13b6d
Author: Vladimir Vukicevic <vladimir at pobox.com>
Date: Tue Jan 22 15:32:11 2008 -0800
Fix usage of cairo_rectangle_int16_t leading to memory corruption
cairo_rectangle_int16_t was being used in a number of places instead
of cairo_rectangle_int_t, which led to memory corruption when cairo was
using a fixed point format with a bigger space than 16.16 (such as 24.8).
diff --git a/src/cairo-analysis-surface.c b/src/cairo-analysis-surface.c
index a223086..edface2 100644
--- a/src/cairo-analysis-surface.c
+++ b/src/cairo-analysis-surface.c
@@ -586,6 +586,9 @@ static const cairo_surface_backend_t cairo_analysis_surface_backend = {
_cairo_analysis_surface_fill,
_cairo_analysis_surface_show_glyphs,
NULL, /* snapshot */
+ NULL, /* is_similar */
+ NULL, /* reset */
+ NULL, /* fill_stroke */
};
cairo_surface_t *
diff --git a/src/cairo-pdf-surface.c b/src/cairo-pdf-surface.c
index 22053e9..075fb05 100644
--- a/src/cairo-pdf-surface.c
+++ b/src/cairo-pdf-surface.c
@@ -1551,7 +1551,7 @@ _cairo_pdf_surface_emit_meta_surface (cairo_pdf_surface_t *surface,
double old_width, old_height;
cairo_matrix_t old_cairo_to_pdf;
cairo_paginated_mode_t old_paginated_mode;
- cairo_rectangle_int16_t meta_extents;
+ cairo_rectangle_int_t meta_extents;
cairo_status_t status;
int alpha = 0;
@@ -1621,7 +1621,7 @@ _cairo_pdf_surface_emit_surface_pattern (cairo_pdf_surface_t *surface,
cairo_matrix_t cairo_p2d, pdf_p2d;
cairo_extend_t extend = cairo_pattern_get_extend (&pattern->base);
double xstep, ystep;
- cairo_rectangle_int16_t surface_extents;
+ cairo_rectangle_int_t surface_extents;
int pattern_width = 0; /* squelch bogus compiler warning */
int pattern_height = 0; /* squelch bogus compiler warning */
int bbox_x, bbox_y;
@@ -1629,7 +1629,7 @@ _cairo_pdf_surface_emit_surface_pattern (cairo_pdf_surface_t *surface,
if (_cairo_surface_is_meta (pattern->surface)) {
cairo_surface_t *meta_surface = pattern->surface;
- cairo_rectangle_int16_t pattern_extents;
+ cairo_rectangle_int_t pattern_extents;
status = _cairo_pdf_surface_emit_meta_surface (surface,
meta_surface,
diff --git a/src/cairo-scaled-font.c b/src/cairo-scaled-font.c
index 6a6412e..c5752ba 100644
--- a/src/cairo-scaled-font.c
+++ b/src/cairo-scaled-font.c
@@ -1126,12 +1126,12 @@ cairo_status_t
_cairo_scaled_font_glyph_device_extents (cairo_scaled_font_t *scaled_font,
const cairo_glyph_t *glyphs,
int num_glyphs,
- cairo_rectangle_int16_t *extents)
+ cairo_rectangle_int_t *extents)
{
cairo_status_t status = CAIRO_STATUS_SUCCESS;
int i;
- short min_x = INT16_MAX, max_x = INT16_MIN;
- short min_y = INT16_MAX, max_y = INT16_MIN;
+ cairo_point_int_t min = { CAIRO_RECT_INT_MIN, CAIRO_RECT_INT_MIN };
+ cairo_point_int_t max = { CAIRO_RECT_INT_MAX, CAIRO_RECT_INT_MAX };
if (scaled_font->status)
return scaled_font->status;
@@ -1158,16 +1158,16 @@ _cairo_scaled_font_glyph_device_extents (cairo_scaled_font_t *scaled_font,
right = x + _cairo_fixed_integer_ceil(scaled_glyph->bbox.p2.x);
bottom = y + _cairo_fixed_integer_ceil (scaled_glyph->bbox.p2.y);
- if (left < min_x) min_x = left;
- if (right > max_x) max_x = right;
- if (top < min_y) min_y = top;
- if (bottom > max_y) max_y = bottom;
+ if (left < min.x) min.x = left;
+ if (right > max.x) max.x = right;
+ if (top < min.y) min.y = top;
+ if (bottom > max.y) max.y = bottom;
}
- if (min_x < max_x && min_y < max_y) {
- extents->x = min_x;
- extents->width = max_x - min_x;
- extents->y = min_y;
- extents->height = max_y - min_y;
+ if (min.x < max.x && min.y < max.y) {
+ extents->x = min.x;
+ extents->width = max.x - min.x;
+ extents->y = min.y;
+ extents->height = max.y - min.y;
} else {
extents->x = extents->y = 0;
extents->width = extents->height = 0;
diff --git a/src/cairo-surface-fallback.c b/src/cairo-surface-fallback.c
index 02a2e9d..2eb4eae 100644
--- a/src/cairo-surface-fallback.c
+++ b/src/cairo-surface-fallback.c
@@ -997,8 +997,7 @@ _cairo_surface_fallback_show_glyphs (cairo_surface_t *surface,
return status;
if (_cairo_operator_bounded_by_mask (op)) {
- cairo_rectangle_int16_t glyph_extents;
- cairo_rectangle_int_t glyph_extents_full;
+ cairo_rectangle_int_t glyph_extents;
status = _cairo_scaled_font_glyph_device_extents (scaled_font,
glyphs,
num_glyphs,
@@ -1006,11 +1005,7 @@ _cairo_surface_fallback_show_glyphs (cairo_surface_t *surface,
if (status)
return status;
- glyph_extents_full.x = glyph_extents.x;
- glyph_extents_full.y = glyph_extents.y;
- glyph_extents_full.width = glyph_extents.width;
- glyph_extents_full.height = glyph_extents.height;
- _cairo_rectangle_intersect (&extents, &glyph_extents_full);
+ _cairo_rectangle_intersect (&extents, &glyph_extents);
}
status = _cairo_clip_intersect_to_rectangle (surface->clip, &extents);
diff --git a/src/cairo-win32-private.h b/src/cairo-win32-private.h
index 7857d18..6d30da8 100644
--- a/src/cairo-win32-private.h
+++ b/src/cairo-win32-private.h
@@ -128,7 +128,7 @@ _cairo_win32_surface_finish (void *abstract_surface);
cairo_int_status_t
_cairo_win32_surface_get_extents (void *abstract_surface,
- cairo_rectangle_int16_t *rectangle);
+ cairo_rectangle_int_t *rectangle);
uint32_t
_cairo_win32_flags_for_dc (HDC dc);
diff --git a/src/cairo-xcb-surface.c b/src/cairo-xcb-surface.c
index 2b1f888..6187db2 100644
--- a/src/cairo-xcb-surface.c
+++ b/src/cairo-xcb-surface.c
@@ -313,7 +313,7 @@ _get_image_surface (cairo_xcb_surface_t *surface,
y2 = surface->height;
if (interest_rect) {
- cairo_rectangle_int16_t rect;
+ cairo_rectangle_int_t rect;
rect.x = interest_rect->x;
rect.y = interest_rect->y;
@@ -2405,7 +2405,7 @@ _cairo_xcb_surface_show_glyphs (void *abstract_dst,
(cairo_surface_t **) &src,
&attributes);
} else {
- cairo_rectangle_int16_t glyph_extents;
+ cairo_rectangle_int_t glyph_extents;
status = _cairo_scaled_font_glyph_device_extents (scaled_font,
glyphs,
diff --git a/src/cairo-xlib-surface.c b/src/cairo-xlib-surface.c
index 93cd6f8..be5aa09 100644
--- a/src/cairo-xlib-surface.c
+++ b/src/cairo-xlib-surface.c
@@ -473,7 +473,7 @@ _get_image_surface (cairo_xlib_surface_t *surface,
y2 = surface->height;
if (interest_rect) {
- cairo_rectangle_int16_t rect;
+ cairo_rectangle_int_t rect;
rect.x = interest_rect->x;
rect.y = interest_rect->y;
@@ -3207,7 +3207,7 @@ _cairo_xlib_surface_show_glyphs (void *abstract_dst,
if (status)
goto BAIL0;
} else {
- cairo_rectangle_int16_t glyph_extents;
+ cairo_rectangle_int_t glyph_extents;
status = _cairo_scaled_font_glyph_device_extents (scaled_font,
glyphs,
diff --git a/src/cairoint.h b/src/cairoint.h
index 0dc6871..b5b69d2 100644
--- a/src/cairoint.h
+++ b/src/cairoint.h
@@ -1418,7 +1418,7 @@ cairo_private cairo_status_t
_cairo_scaled_font_glyph_device_extents (cairo_scaled_font_t *scaled_font,
const cairo_glyph_t *glyphs,
int num_glyphs,
- cairo_rectangle_int16_t *extents);
+ cairo_rectangle_int_t *extents);
cairo_private cairo_status_t
_cairo_scaled_font_show_glyphs (cairo_scaled_font_t *scaled_font,
More information about the cairo-commit
mailing list