[cairo-commit] src/cairo-surface-observer-private.h
Bryce Harrington
bryce at kemper.freedesktop.org
Thu Jul 9 14:49:07 PDT 2015
src/cairo-surface-observer-private.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 498fc2fbe31682754f1aa3864b764229d0b6838c
Author: Ashim <ashim.shah at samsung.com>
Date: Thu Jul 9 10:43:30 2015 +0530
Fix out of bound access in struct pattern->type
The pattern structure is hardcoded to hold 7 elements, yet the
pattern_names array in cairo-surface-observer.c is initialized with 8
strings. This causes a crash in print_array at line 1587 when it tries
to access the 8th member.
Hence changed the 'type' array from type[7] to type[8] to avoid out of
bound access.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=91266
Signed-off-by: Ashim <ashim.shah at samsung.com>
Reviewed-by: Bryce Harrington <bryce at osg.samsung.com>
diff --git a/src/cairo-surface-observer-private.h b/src/cairo-surface-observer-private.h
index 70c87db..6ed0c18 100644
--- a/src/cairo-surface-observer-private.h
+++ b/src/cairo-surface-observer-private.h
@@ -62,7 +62,7 @@ struct extents {
};
struct pattern {
- unsigned int type[7]; /* native/record/other surface/gradients */
+ unsigned int type[8]; /* native/record/other surface/gradients */
};
struct path {
More information about the cairo-commit
mailing list