[cairo-commit] 2 commits - boilerplate/cairo-boilerplate.c src/cairo-paginated-surface.c

Chris Wilson ickle at kemper.freedesktop.org
Fri Apr 30 04:40:09 PDT 2010


 boilerplate/cairo-boilerplate.c |   13 ++++++++++---
 src/cairo-paginated-surface.c   |    1 -
 2 files changed, 10 insertions(+), 4 deletions(-)

New commits:
commit c6dc8ad7dc46d03899cd37fff40bd7f3a60339e2
Author: Chris Wilson <chris at chris-wilson.co.uk>
Date:   Fri Apr 30 12:38:25 2010 +0100

    Revert "paginated: Call surface finish explicitly on recording surface"
    
    This reverts commit 5fc04bba9fa8ddda8cf7d7a97015f21a21429172.
    
    Whilst this fixes the self-referential reference leak, it however
    introduces use-after-finish into normal behaviour. Close, but not quite.

diff --git a/src/cairo-paginated-surface.c b/src/cairo-paginated-surface.c
index a2c61dd..064cd1e 100644
--- a/src/cairo-paginated-surface.c
+++ b/src/cairo-paginated-surface.c
@@ -473,7 +473,6 @@ _cairo_paginated_surface_show_page (void *abstract_surface)
     if (unlikely (status))
 	return status;
 
-    cairo_surface_finish (surface->recording_surface);
     status = surface->recording_surface->status;
     if (unlikely (status))
 	return status;
commit b972669c9ac87d1c2ca922e12024ef5da394aa6b
Author: Chris Wilson <chris at chris-wilson.co.uk>
Date:   Fri Apr 30 12:37:16 2010 +0100

    boilerplate: Fix use after free from 3ae5723
    
    If we want to access the surface during the cleanup, we must hold our
    own reference to it. Make it so for the forced finish of the recording
    surface.

diff --git a/boilerplate/cairo-boilerplate.c b/boilerplate/cairo-boilerplate.c
index 062c99e..3b97ded 100644
--- a/boilerplate/cairo-boilerplate.c
+++ b/boilerplate/cairo-boilerplate.c
@@ -184,7 +184,14 @@ _cairo_boilerplate_recording_create_surface (const char		     *name,
     extents.y = 0;
     extents.width = width;
     extents.height = height;
-    return *closure = cairo_recording_surface_create (content, &extents);
+    return *closure = cairo_surface_reference (cairo_recording_surface_create (content, &extents));
+}
+
+static void
+_cairo_boilerplate_recording_surface_cleanup (void *closure)
+{
+    cairo_surface_finish (closure);
+    cairo_surface_destroy (closure);
 }
 #endif
 
@@ -351,7 +358,7 @@ static const cairo_boilerplate_target_t builtin_targets[] = {
 	NULL, NULL,
 	_cairo_boilerplate_get_image_surface,
 	cairo_surface_write_to_png,
-	(cairo_boilerplate_cleanup_t) cairo_surface_finish,
+	_cairo_boilerplate_recording_surface_cleanup,
 	NULL,
 	FALSE, FALSE, TRUE
     },
@@ -363,7 +370,7 @@ static const cairo_boilerplate_target_t builtin_targets[] = {
 	NULL, NULL,
 	_cairo_boilerplate_get_image_surface,
 	cairo_surface_write_to_png,
-	(cairo_boilerplate_cleanup_t) cairo_surface_finish,
+	_cairo_boilerplate_recording_surface_cleanup,
 	NULL,
 	FALSE, FALSE, TRUE
     },


More information about the cairo-commit mailing list