[cairo-commit] 2 commits - src/cairo-xcb-shm.c src/cairo-xcb-surface-render.c
Uli Schlachter
psychon at kemper.freedesktop.org
Tue Nov 15 10:48:37 PST 2011
src/cairo-xcb-shm.c | 2 +-
src/cairo-xcb-surface-render.c | 20 +++++++++++---------
2 files changed, 12 insertions(+), 10 deletions(-)
New commits:
commit 3a94f4c7091ea6262007e7960e4cd915e17b33c0
Author: Uli Schlachter <psychon at znc.in>
Date: Tue Nov 15 19:46:46 2011 +0100
xcb: Fix xcb-huge-image-shm
The test failed with the following message:
cairo-surface.c:2265: _cairo_surface_create_in_error: Assertion `status <
CAIRO_STATUS_LAST_STATUS' failed.
_cairo_xcb_surface_create_shm_image() passed the error from
_cairo_xcb_connection_allocate_shm_info() to _create_in_error().
Fix this by never returning CAIRO_INT_STATUS_UNSUPPORTED from
_allocate_shm_info(). All other error cases in that function return
CAIRO_STATUS_NO_MEMORY, too.
Signed-off-by: Uli Schlachter <psychon at znc.in>
diff --git a/src/cairo-xcb-shm.c b/src/cairo-xcb-shm.c
index 6972720..7eee83d 100644
--- a/src/cairo-xcb-shm.c
+++ b/src/cairo-xcb-shm.c
@@ -577,7 +577,7 @@ _cairo_xcb_connection_allocate_shm_info (cairo_xcb_connection_t *connection,
connection->flags &= ~CAIRO_XCB_HAS_SHM;
free (pool);
CAIRO_MUTEX_UNLOCK (connection->shm_mutex);
- return CAIRO_INT_STATUS_UNSUPPORTED;
+ return _cairo_error (CAIRO_STATUS_NO_MEMORY);
}
pool->base = shmat (pool->shmid, NULL, 0);
commit edc238b40fba2e0e10b09521d87775edbf6f7814
Author: Uli Schlachter <psychon at znc.in>
Date: Tue Nov 15 19:10:50 2011 +0100
xcb: Fix some invalid casts
cairo-xcb was deciding which type to cast a surface to based on its "type"
member. This is wrong, it should use "backend->type".
This bug was hit via xlib-xcb. This was painting a subsurface of a xlib-xcb
surface to an xcb surface. Because surface->type said "xlib", the code was
trying to check if the xcb surface had a fallback. However, this was done on the
subsurface. The end result was dereferencing a pointer to 0x28.
This was noticed while looking into
https://bugs.freedesktop.org/show_bug.cgi?id=42889
No test for this bug since I didn't manage to come up with one.
Signed-off-by: Uli Schlachter <psychon at znc.in>
diff --git a/src/cairo-xcb-surface-render.c b/src/cairo-xcb-surface-render.c
index 033aef9..5bc8b09 100644
--- a/src/cairo-xcb-surface-render.c
+++ b/src/cairo-xcb-surface-render.c
@@ -1050,10 +1050,11 @@ _cairo_xcb_surface_picture (cairo_xcb_surface_t *target,
picture = NULL;
}
- if (source->type == CAIRO_SURFACE_TYPE_XCB && ((cairo_xcb_surface_t *) source)->fallback == NULL)
+ if (source->type == CAIRO_SURFACE_TYPE_XCB)
{
if (source->backend->type == CAIRO_SURFACE_TYPE_XCB) {
- if (((cairo_xcb_surface_t *) source)->screen == target->screen) {
+ cairo_xcb_surface_t *xcb = (cairo_xcb_surface_t *) source;
+ if (xcb->screen == target->screen && xcb->fallback == NULL) {
picture = _copy_to_picture ((cairo_xcb_surface_t *) source);
if (unlikely (picture->base.status))
return picture;
@@ -1063,7 +1064,7 @@ _cairo_xcb_surface_picture (cairo_xcb_surface_t *target,
cairo_xcb_surface_t *xcb = (cairo_xcb_surface_t *) sub->target;
/* XXX repeat interval with source clipping? */
- if (FALSE && xcb->screen == target->screen) {
+ if (FALSE && xcb->screen == target->screen && xcb->fallback == NULL) {
xcb_rectangle_t rect;
picture = _copy_to_picture (xcb);
@@ -1088,7 +1089,7 @@ _cairo_xcb_surface_picture (cairo_xcb_surface_t *target,
cairo_surface_snapshot_t *snap = (cairo_surface_snapshot_t *) source;
cairo_xcb_surface_t *xcb = (cairo_xcb_surface_t *) snap->target;
- if (xcb->screen == target->screen) {
+ if (xcb->screen == target->screen && xcb->fallback == NULL) {
picture = _copy_to_picture (xcb);
if (unlikely (picture->base.status))
return picture;
@@ -1096,11 +1097,12 @@ _cairo_xcb_surface_picture (cairo_xcb_surface_t *target,
}
}
#if CAIRO_HAS_XLIB_XCB_FUNCTIONS
- else if (source->type == CAIRO_SURFACE_TYPE_XLIB && ((cairo_xlib_xcb_surface_t *) source)->xcb->fallback == NULL)
+ else if (source->type == CAIRO_SURFACE_TYPE_XLIB)
{
if (source->backend->type == CAIRO_SURFACE_TYPE_XLIB) {
- if (((cairo_xlib_xcb_surface_t *) source)->xcb->screen == target->screen) {
- picture = _copy_to_picture (((cairo_xlib_xcb_surface_t *) source)->xcb);
+ cairo_xcb_surface_t *xcb = ((cairo_xlib_xcb_surface_t *) source)->xcb;
+ if (xcb->screen == target->screen && xcb->fallback == NULL) {
+ picture = _copy_to_picture (xcb);
if (unlikely (picture->base.status))
return picture;
}
@@ -1108,7 +1110,7 @@ _cairo_xcb_surface_picture (cairo_xcb_surface_t *target,
cairo_surface_subsurface_t *sub = (cairo_surface_subsurface_t *) source;
cairo_xcb_surface_t *xcb = ((cairo_xlib_xcb_surface_t *) sub->target)->xcb;
- if (FALSE && xcb->screen == target->screen) {
+ if (FALSE && xcb->screen == target->screen && xcb->fallback == NULL) {
xcb_rectangle_t rect;
picture = _copy_to_picture (xcb);
@@ -1133,7 +1135,7 @@ _cairo_xcb_surface_picture (cairo_xcb_surface_t *target,
cairo_surface_snapshot_t *snap = (cairo_surface_snapshot_t *) source;
cairo_xcb_surface_t *xcb = ((cairo_xlib_xcb_surface_t *) snap->target)->xcb;
- if (xcb->screen == target->screen) {
+ if (xcb->screen == target->screen && xcb->fallback == NULL) {
picture = _copy_to_picture (xcb);
if (unlikely (picture->base.status))
return picture;
More information about the cairo-commit
mailing list