[cairo-commit] Branch '1.14' - 11 commits - autogen.sh build/configure.ac.system src/cairo-bentley-ottmann-rectangular.c src/cairo-cff-subset.c src/cairo-fixed-private.h src/cairo-ft-font.c src/cairo-output-stream.c src/cairo-path-stroke-boxes.c src/cairo-path-stroke.c src/cairo-path-stroke-polygon.c src/cairo-path-stroke-tristrip.c src/cairo-pdf-surface.c src/cairo-png.c src/cairo-ps-surface.c src/cairo-scaled-font.c src/cairo-scaled-font-subsets.c src/cairo-svg-surface.c src/cairo-toy-font-face.c src/cairo-truetype-subset.c src/cairo-type1-fallback.c src/cairo-type1-subset.c util/cairo-script util/font-view.c

Bryce Harrington bryce at kemper.freedesktop.org
Tue Dec 5 00:41:17 UTC 2017


 autogen.sh                                   |    2 -
 build/configure.ac.system                    |    8 ++++---
 src/cairo-bentley-ottmann-rectangular.c      |    8 ++++++-
 src/cairo-cff-subset.c                       |    2 -
 src/cairo-fixed-private.h                    |    2 -
 src/cairo-ft-font.c                          |    2 -
 src/cairo-output-stream.c                    |   12 +++++++----
 src/cairo-path-stroke-boxes.c                |    2 -
 src/cairo-path-stroke-polygon.c              |    2 -
 src/cairo-path-stroke-tristrip.c             |    2 -
 src/cairo-path-stroke.c                      |    2 -
 src/cairo-pdf-surface.c                      |    2 -
 src/cairo-png.c                              |   17 ++++++++++-----
 src/cairo-ps-surface.c                       |    2 -
 src/cairo-scaled-font-subsets.c              |    2 -
 src/cairo-scaled-font.c                      |    7 ++++++
 src/cairo-svg-surface.c                      |    2 -
 src/cairo-toy-font-face.c                    |    2 -
 src/cairo-truetype-subset.c                  |   29 +++++++++++++++++++++------
 src/cairo-type1-fallback.c                   |    2 -
 src/cairo-type1-subset.c                     |    2 -
 util/cairo-script/cairo-script-interpreter.c |   11 ++++++++++
 util/cairo-script/cairo-script-private.h     |   11 +---------
 util/font-view.c                             |    2 +
 24 files changed, 91 insertions(+), 44 deletions(-)

New commits:
commit 5d5c5ee9c5479677de30aa8faff7ccd51b944b91
Author: Behdad Esfahbod <behdad at behdad.org>
Date:   Mon Sep 11 22:00:00 2017 -0700

    Fix undefined-behavior with integer math
    
    As reported to me:
    
    "A calculation on signed integers has undefined behaviour if the result is not
    representable in the type. In this case, it's trying to negate int_min, aka
    -2^31 but the range of an int is [-2^31, 2^31-1] so it doesn't fit. Instead,
    cast to unsigned which has 2's complement wrap-around arithmetic which is what
    this particular function expects."

diff --git a/src/cairo-fixed-private.h b/src/cairo-fixed-private.h
index 9ff8f750..5f9ce684 100644
--- a/src/cairo-fixed-private.h
+++ b/src/cairo-fixed-private.h
@@ -223,7 +223,7 @@ _cairo_fixed_integer_ceil (cairo_fixed_t f)
     if (f > 0)
 	return ((f - 1)>>CAIRO_FIXED_FRAC_BITS) + 1;
     else
-	return - (-f >> CAIRO_FIXED_FRAC_BITS);
+	return - ((cairo_fixed_t)(-(cairo_fixed_unsigned_t)f) >> CAIRO_FIXED_FRAC_BITS);
 }
 
 /* A bunch of explicit 16.16 operators; we need these
commit ea42e027d9abb3ba13cf8c63949a166797991daf
Author: Adrian Johnson <ajohnson at redneon.com>
Date:   Sat Sep 2 19:09:49 2017 +0930

    build: use _WIN32 instead of windows.h to check for windows build
    
    ifdef _WIN32 is the recommended way to check for a windows build [1]
    and avoids identifying cygwin as windows.
    
    based on the patch at [2]
    
    [1] https://lists.gnu.org/archive/html/autoconf/2012-02/msg00008.html
    [2] https://lists.gnu.org/archive/html/autoconf/2012-02/msg00009.html

diff --git a/build/configure.ac.system b/build/configure.ac.system
index b9d71c8d..915b42b4 100644
--- a/build/configure.ac.system
+++ b/build/configure.ac.system
@@ -110,9 +110,11 @@ dnl check for misc headers and functions
 AC_CHECK_HEADERS([libgen.h byteswap.h signal.h setjmp.h fenv.h sys/wait.h])
 AC_CHECK_FUNCS([ctime_r drand48 flockfile funlockfile getline link strndup])
 
-dnl check for win32 headers (this detects mingw as well)
-AC_CHECK_HEADERS([windows.h], have_windows=yes, have_windows=no)
-
+dnl Check if the runtime platform is a native Win32 host.
+AC_COMPILE_IFELSE([[
+#ifdef _WIN32
+ choke me
+#endif]], [have_windows=no], [have_windows=yes])
 
 dnl Possible headers for mkdir
 AC_CHECK_HEADERS([sys/stat.h io.h])
commit 36209baf7f372aee64b2c5a6eec81ec2d545f5ba
Author: Adrian Johnson <ajohnson at redneon.com>
Date:   Sat Sep 2 19:17:37 2017 +0930

    replace _BSD_SOURCE with _DEFAULT_SOURCE
    
    fixes the warning:
    
    warning: #warning "_BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"

diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c
index 775ca61b..c93a8bd8 100644
--- a/src/cairo-cff-subset.c
+++ b/src/cairo-cff-subset.c
@@ -41,7 +41,7 @@
  * http://www.adobe.com/content/dam/Adobe/en/devnet/font/pdfs/5177.Type2.pdf
  */
 
-#define _BSD_SOURCE /* for snprintf(), strdup() */
+#define _DEFAULT_SOURCE /* for snprintf(), strdup() */
 #include "cairoint.h"
 
 #include "cairo-array-private.h"
diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
index a997b93b..462d1e25 100644
--- a/src/cairo-ft-font.c
+++ b/src/cairo-ft-font.c
@@ -38,7 +38,7 @@
  *      Carl Worth <cworth at cworth.org>
  */
 
-#define _BSD_SOURCE /* for strdup() */
+#define _DEFAULT_SOURCE /* for strdup() */
 #include "cairoint.h"
 
 #include "cairo-error-private.h"
diff --git a/src/cairo-output-stream.c b/src/cairo-output-stream.c
index cac0f121..05d9a2a0 100644
--- a/src/cairo-output-stream.c
+++ b/src/cairo-output-stream.c
@@ -33,7 +33,7 @@
  *	Kristian Høgsberg <krh at redhat.com>
  */
 
-#define _BSD_SOURCE /* for snprintf() */
+#define _DEFAULT_SOURCE /* for snprintf() */
 #include "cairoint.h"
 
 #include "cairo-output-stream-private.h"
diff --git a/src/cairo-path-stroke-boxes.c b/src/cairo-path-stroke-boxes.c
index 7f25bf76..fba170c6 100644
--- a/src/cairo-path-stroke-boxes.c
+++ b/src/cairo-path-stroke-boxes.c
@@ -36,7 +36,7 @@
  *	Chris Wilson <chris at chris-wilson.co.uk>
  */
 
-#define _BSD_SOURCE /* for hypot() */
+#define _DEFAULT_SOURCE /* for hypot() */
 #include "cairoint.h"
 
 #include "cairo-box-inline.h"
diff --git a/src/cairo-path-stroke-polygon.c b/src/cairo-path-stroke-polygon.c
index e5082bbe..29050fa7 100644
--- a/src/cairo-path-stroke-polygon.c
+++ b/src/cairo-path-stroke-polygon.c
@@ -37,7 +37,7 @@
  *	Chris Wilson <chris at chris-wilson.co.uk>
  */
 
-#define _BSD_SOURCE /* for hypot() */
+#define _DEFAULT_SOURCE /* for hypot() */
 #include "cairoint.h"
 
 #include "cairo-box-inline.h"
diff --git a/src/cairo-path-stroke-tristrip.c b/src/cairo-path-stroke-tristrip.c
index 6ce4131c..31787656 100644
--- a/src/cairo-path-stroke-tristrip.c
+++ b/src/cairo-path-stroke-tristrip.c
@@ -37,7 +37,7 @@
  *	Chris Wilson <chris at chris-wilson.co.uk>
  */
 
-#define _BSD_SOURCE /* for hypot() */
+#define _DEFAULT_SOURCE /* for hypot() */
 #include "cairoint.h"
 
 #include "cairo-box-inline.h"
diff --git a/src/cairo-path-stroke.c b/src/cairo-path-stroke.c
index 4d4ede81..64cec8f2 100644
--- a/src/cairo-path-stroke.c
+++ b/src/cairo-path-stroke.c
@@ -36,7 +36,7 @@
  *	Chris Wilson <chris at chris-wilson.co.uk>
  */
 
-#define _BSD_SOURCE /* for hypot() */
+#define _DEFAULT_SOURCE /* for hypot() */
 #include "cairoint.h"
 
 #include "cairo-box-inline.h"
diff --git a/src/cairo-pdf-surface.c b/src/cairo-pdf-surface.c
index ef94e39f..fd7dc7d5 100644
--- a/src/cairo-pdf-surface.c
+++ b/src/cairo-pdf-surface.c
@@ -39,7 +39,7 @@
  *	Adrian Johnson <ajohnson at redneon.com>
  */
 
-#define _BSD_SOURCE /* for snprintf() */
+#define _DEFAULT_SOURCE /* for snprintf() */
 #include "cairoint.h"
 
 #include "cairo-pdf.h"
diff --git a/src/cairo-ps-surface.c b/src/cairo-ps-surface.c
index fbec9f29..3b66b275 100644
--- a/src/cairo-ps-surface.c
+++ b/src/cairo-ps-surface.c
@@ -53,7 +53,7 @@
  *   2. Using gs to do PS -> PDF and PDF -> PS will always work well.
  */
 
-#define _BSD_SOURCE /* for ctime_r(), snprintf(), strdup() */
+#define _DEFAULT_SOURCE /* for ctime_r(), snprintf(), strdup() */
 #include "cairoint.h"
 
 #include "cairo-ps.h"
diff --git a/src/cairo-scaled-font-subsets.c b/src/cairo-scaled-font-subsets.c
index bf05fbd5..a239ec9b 100644
--- a/src/cairo-scaled-font-subsets.c
+++ b/src/cairo-scaled-font-subsets.c
@@ -40,7 +40,7 @@
  *	Adrian Johnson <ajohnson at redneon.com>
  */
 
-#define _BSD_SOURCE /* for snprintf(), strdup() */
+#define _DEFAULT_SOURCE /* for snprintf(), strdup() */
 #include "cairoint.h"
 #include "cairo-error-private.h"
 
diff --git a/src/cairo-svg-surface.c b/src/cairo-svg-surface.c
index 372ef45b..d9f4b926 100644
--- a/src/cairo-svg-surface.c
+++ b/src/cairo-svg-surface.c
@@ -39,7 +39,7 @@
  *	Carl Worth <cworth at cworth.org>
  */
 
-#define _BSD_SOURCE /* for snprintf() */
+#define _DEFAULT_SOURCE /* for snprintf() */
 #include "cairoint.h"
 
 #include "cairo-svg.h"
diff --git a/src/cairo-toy-font-face.c b/src/cairo-toy-font-face.c
index 4fe94ab0..516f3919 100644
--- a/src/cairo-toy-font-face.c
+++ b/src/cairo-toy-font-face.c
@@ -39,7 +39,7 @@
  *      Behdad Esfahbod <behdad at behdad.org>
  */
 
-#define _BSD_SOURCE /* for strdup() */
+#define _DEFAULT_SOURCE /* for strdup() */
 #include "cairoint.h"
 #include "cairo-error-private.h"
 
diff --git a/src/cairo-truetype-subset.c b/src/cairo-truetype-subset.c
index 11069b70..b650ebe8 100644
--- a/src/cairo-truetype-subset.c
+++ b/src/cairo-truetype-subset.c
@@ -40,7 +40,7 @@
  * http://www.microsoft.com/typography/specs/default.htm
  */
 
-#define _BSD_SOURCE /* for snprintf(), strdup() */
+#define _DEFAULT_SOURCE /* for snprintf(), strdup() */
 #include "cairoint.h"
 
 #include "cairo-array-private.h"
diff --git a/src/cairo-type1-fallback.c b/src/cairo-type1-fallback.c
index 4a657413..c8e7e908 100644
--- a/src/cairo-type1-fallback.c
+++ b/src/cairo-type1-fallback.c
@@ -33,7 +33,7 @@
  *	Adrian Johnson <ajohnson at redneon.com>
  */
 
-#define _BSD_SOURCE /* for snprintf(), strdup() */
+#define _DEFAULT_SOURCE /* for snprintf(), strdup() */
 #include "cairoint.h"
 
 #include "cairo-array-private.h"
diff --git a/src/cairo-type1-subset.c b/src/cairo-type1-subset.c
index b1566350..feac2836 100644
--- a/src/cairo-type1-subset.c
+++ b/src/cairo-type1-subset.c
@@ -40,7 +40,7 @@
  */
 
 
-#define _BSD_SOURCE /* for snprintf(), strdup() */
+#define _DEFAULT_SOURCE /* for snprintf(), strdup() */
 #include "cairoint.h"
 
 #include "cairo-array-private.h"
commit 49d396efa91968237329071202dfb82bd7fc12d8
Author: Aleksander Morgado <aleksander at aleksander.es>
Date:   Mon Aug 28 11:23:34 2017 +0200

    build: fix minor typo in autogen.sh
    
    Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=102452
    Reviewed-by: Bryce Harrington <bryce at osg.samsung.com>

diff --git a/autogen.sh b/autogen.sh
index 4d113f8b..4b10251d 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -9,7 +9,7 @@ cd $srcdir
 
 AUTORECONF=`which autoreconf`
 if test -z $AUTORECONF; then
-        echo "*** No autoreconf found, please intall it ***"
+        echo "*** No autoreconf found, please install it ***"
         exit 1
 fi
 
commit 6491b686be37bab6c7f9f6e621baf2b298e75341
Author: Adrian Johnson <ajohnson at redneon.com>
Date:   Fri Sep 22 20:10:10 2017 +0930

    truetype: reserve space in subset arrays for .notdef
    
    Subset array sizes are allocated based on the number of glyphs in the
    font. In this bug the fonts did not contain the mandatory .notdef
    glyph, hence the subset arrays were not large enough.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=102922

diff --git a/src/cairo-truetype-subset.c b/src/cairo-truetype-subset.c
index 3212d6dc..11069b70 100644
--- a/src/cairo-truetype-subset.c
+++ b/src/cairo-truetype-subset.c
@@ -202,13 +202,17 @@ _cairo_truetype_font_create (cairo_scaled_font_subset_t  *scaled_font_subset,
     if (unlikely (status))
 	goto fail1;
 
-    font->glyphs = calloc (font->num_glyphs_in_face + 1, sizeof (subset_glyph_t));
+    /* Add 2: +1 case font does not contain .notdef, and +1 because an extra
+     * entry is required to contain the end location of the last glyph.
+     */
+    font->glyphs = calloc (font->num_glyphs_in_face + 2, sizeof (subset_glyph_t));
     if (unlikely (font->glyphs == NULL)) {
 	status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
 	goto fail1;
     }
 
-    font->parent_to_subset = calloc (font->num_glyphs_in_face, sizeof (int));
+    /* Add 1 in case font does not contain .notdef */
+    font->parent_to_subset = calloc (font->num_glyphs_in_face + 1, sizeof (int));
     if (unlikely (font->parent_to_subset == NULL)) {
 	status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
 	goto fail2;
@@ -247,7 +251,8 @@ _cairo_truetype_font_create (cairo_scaled_font_subset_t  *scaled_font_subset,
                  scaled_font_subset->subset_id);
     }
 
-    font->base.widths = calloc (font->num_glyphs_in_face, sizeof (int));
+    /* Add 1 in case font does not contain .notdef */
+    font->base.widths = calloc (font->num_glyphs_in_face + 1, sizeof (int));
     if (unlikely (font->base.widths == NULL)) {
 	status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
 	goto fail4;
commit 6b6926239d8fae6cd0393fd4c18c017e106704be
Author: Adrian Johnson <ajohnson at redneon.com>
Date:   Fri Oct 13 19:27:03 2017 +1030

    output-stream: allow %s strings larger than 512 chars
    
    https://bugs.freedesktop.org/show_bug.cgi?id=103249

diff --git a/src/cairo-output-stream.c b/src/cairo-output-stream.c
index 369a59bf..cac0f121 100644
--- a/src/cairo-output-stream.c
+++ b/src/cairo-output-stream.c
@@ -490,9 +490,13 @@ _cairo_output_stream_vprintf (cairo_output_stream_t *stream,
                           single_fmt, va_arg (ap, long int));
             }
 	    break;
-	case 's':
-	    snprintf (buffer, sizeof buffer,
-		      single_fmt, va_arg (ap, const char *));
+	case 's': {
+	    /* Write out strings as they may be larger than the buffer. */
+	    const char *s = va_arg (ap, const char *);
+	    int len = strlen(s);
+	    _cairo_output_stream_write (stream, s, len);
+	    buffer[0] = 0;
+	    }
 	    break;
 	case 'f':
 	    _cairo_dtostr (buffer, sizeof buffer, va_arg (ap, double), FALSE);
commit 47b7392416584f17583649e14459decda2d69135
Author: Adrian Johnson <ajohnson at redneon.com>
Date:   Fri Oct 13 19:44:45 2017 +1030

    truetype: limit font name to 127 chars
    
    Some broken fonts have long strings of garbage in the font name
    
    https://bugs.freedesktop.org/show_bug.cgi?id=103249

diff --git a/src/cairo-truetype-subset.c b/src/cairo-truetype-subset.c
index e3449a0d..3212d6dc 100644
--- a/src/cairo-truetype-subset.c
+++ b/src/cairo-truetype-subset.c
@@ -1420,6 +1420,12 @@ cleanup:
     return status;
 }
 
+/*
+ * Sanity check on font name length as some broken fonts may return very long
+ * strings of garbage. 127 is maximum length of a PS name.
+ */
+#define MAX_FONT_NAME_LENGTH 127
+
 static cairo_status_t
 find_name (tt_name_t *name, int name_id, int platform, int encoding, int language, char **str_out)
 {
@@ -1438,11 +1444,17 @@ find_name (tt_name_t *name, int name_id, int platform, int encoding, int languag
             be16_to_cpu (record->encoding) == encoding &&
 	    (language == -1 || be16_to_cpu (record->language) == language)) {
 
-	    str = malloc (be16_to_cpu (record->length) + 1);
+	    len = be16_to_cpu (record->length);
+	    if (platform == 3 && len > MAX_FONT_NAME_LENGTH*2) /* UTF-16 name */
+		break;
+
+	    if (len > MAX_FONT_NAME_LENGTH)
+		break;
+
+	    str = malloc (len + 1);
 	    if (str == NULL)
 		return _cairo_error (CAIRO_STATUS_NO_MEMORY);
 
-	    len = be16_to_cpu (record->length);
 	    memcpy (str,
 		    ((char*)name) + be16_to_cpu (name->strings_offset) + be16_to_cpu (record->offset),
 		    len);
commit d53db01d01a48c48a1633a8d531f979a99d316bd
Author: Adrian Johnson <ajohnson at redneon.com>
Date:   Sat Oct 21 13:02:42 2017 +1030

    fix warning: variable X might be clobbered by 'longjmp'
    
    Move calls to setjmp into separate function to avoid clobbering
    local variables.

diff --git a/src/cairo-bentley-ottmann-rectangular.c b/src/cairo-bentley-ottmann-rectangular.c
index 5541bdc3..cb2e30c8 100644
--- a/src/cairo-bentley-ottmann-rectangular.c
+++ b/src/cairo-bentley-ottmann-rectangular.c
@@ -593,6 +593,12 @@ sweep_line_insert (sweep_line_t	*sweep, rectangle_t *rectangle)
     pqueue_push (sweep, rectangle);
 }
 
+static int
+sweep_line_setjmp (sweep_line_t *sweep_line)
+{
+    return setjmp (sweep_line->unwind);
+}
+
 static cairo_status_t
 _cairo_bentley_ottmann_tessellate_rectangular (rectangle_t	**rectangles,
 					       int			  num_rectangles,
@@ -609,7 +615,7 @@ _cairo_bentley_ottmann_tessellate_rectangular (rectangle_t	**rectangles,
 		     rectangles, num_rectangles,
 		     fill_rule,
 		     do_traps, container);
-    if ((status = setjmp (sweep_line.unwind)))
+    if ((status = sweep_line_setjmp (&sweep_line)))
 	return status;
 
     rectangle = rectangle_pop_start (&sweep_line);
diff --git a/src/cairo-png.c b/src/cairo-png.c
index 068617d5..e64b14a5 100644
--- a/src/cairo-png.c
+++ b/src/cairo-png.c
@@ -158,6 +158,14 @@ png_simple_warning_callback (png_structp png,
      */
 }
 
+static int
+png_setjmp (png_struct *png)
+{
+#ifdef PNG_SETJMP_SUPPORTED
+    return setjmp (png_jmpbuf (png));
+#endif
+    return 0;
+}
 
 /* Starting with libpng-1.2.30, we must explicitly specify an output_flush_fn.
  * Otherwise, we will segfault if we are writing to a stream. */
@@ -229,10 +237,8 @@ write_png (cairo_surface_t	*surface,
 	goto BAIL4;
     }
 
-#ifdef PNG_SETJMP_SUPPORTED
-    if (setjmp (png_jmpbuf (png)))
+    if (png_setjmp (png))
 	goto BAIL4;
-#endif
 
     png_set_write_fn (png, closure, write_func, png_simple_output_flush_fn);
 
@@ -571,12 +577,11 @@ read_png (struct png_read_closure_t *png_closure)
     png_set_read_fn (png, png_closure, stream_read_func);
 
     status = CAIRO_STATUS_SUCCESS;
-#ifdef PNG_SETJMP_SUPPORTED
-    if (setjmp (png_jmpbuf (png))) {
+
+    if (png_setjmp (png)) {
 	surface = _cairo_surface_create_in_error (status);
 	goto BAIL;
     }
-#endif
 
     png_read_info (png, info);
 
commit 0aa4628557a6dca5941e78848a6c710ff1417d84
Author: Adrian Johnson <ajohnson at redneon.com>
Date:   Sat Oct 21 20:05:56 2017 +1030

    util/font-view: fix build error

diff --git a/util/font-view.c b/util/font-view.c
index 07d9e2e9..6a3322a8 100644
--- a/util/font-view.c
+++ b/util/font-view.c
@@ -24,6 +24,8 @@
  * Author: Chris Wilson <chris at chris-wilson.co.uk>
  */
 
+#include <stdlib.h>
+#include <string.h>
 #include <gtk/gtk.h>
 #include <cairo.h>
 
commit 47b40ad2d5d4337349a93c3607e24115f3ec24bd
Author: Adrian Johnson <ajohnson at redneon.com>
Date:   Sat Oct 21 13:05:26 2017 +1030

    fix warning: inlining failed in call to '_csi_stack_push'

diff --git a/util/cairo-script/cairo-script-interpreter.c b/util/cairo-script/cairo-script-interpreter.c
index dfce8a1a..a578ec43 100644
--- a/util/cairo-script/cairo-script-interpreter.c
+++ b/util/cairo-script/cairo-script-interpreter.c
@@ -179,6 +179,17 @@ _csi_slab_free (csi_t *ctx, void *ptr, int size)
 #endif
 }
 
+csi_status_t
+_csi_stack_push (csi_t *ctx, csi_stack_t *stack,
+		 const csi_object_t *obj)
+{
+    if (_csi_unlikely (stack->len == stack->size))
+	return _csi_stack_push_internal (ctx, stack, obj);
+
+    stack->objects[stack->len++] = *obj;
+    return CSI_STATUS_SUCCESS;
+}
+
 static void
 _csi_perm_fini (csi_t *ctx)
 {
diff --git a/util/cairo-script/cairo-script-private.h b/util/cairo-script/cairo-script-private.h
index 8d158d60..c2d86504 100644
--- a/util/cairo-script/cairo-script-private.h
+++ b/util/cairo-script/cairo-script-private.h
@@ -906,16 +906,9 @@ csi_number_get_value (const csi_object_t *obj)
     }
 }
 
-static inline csi_status_t
+csi_status_t
 _csi_stack_push (csi_t *ctx, csi_stack_t *stack,
-		 const csi_object_t *obj)
-{
-    if (_csi_unlikely (stack->len == stack->size))
-	return _csi_stack_push_internal (ctx, stack, obj);
-
-    stack->objects[stack->len++] = *obj;
-    return CSI_STATUS_SUCCESS;
-}
+		 const csi_object_t *obj);
 
 static inline csi_boolean_t
 _csi_check_ostack (csi_t *ctx, csi_integer_t count)
commit bc21c580c8eda1e04a3cd14edd0f22d0cc54ade9
Author: Carlos Garcia Campos <cgarcia at igalia.com>
Date:   Wed Oct 18 11:33:25 2017 +0200

    scaled-font: Fix assert when destroying glyph page
    
    This happens when _cairo_ft_scaled_glyph_init() returns
    CAIRO_INT_STATUS_UNSUPPORTED when called from
    _cairo_scaled_glyph_lookup(). In those cases
    _cairo_scaled_font_free_last_glyph() is called to release the glyph that
    has just been allocated. If there aren't more glyphs,
    _cairo_scaled_glyph_page_destroy() is called. The problem is that
    _cairo_scaled_glyph_lookup() should always be called with the cache
    frozen, and _cairo_scaled_glyph_page_destroy() without the cache
    frozen. We can simply thaw/freeze the font before calling
    _cairo_scaled_glyph_page_destroy().
    
    https://bugs.freedesktop.org/show_bug.cgi?id=103335

diff --git a/src/cairo-scaled-font.c b/src/cairo-scaled-font.c
index a22b36ee..53a370d3 100644
--- a/src/cairo-scaled-font.c
+++ b/src/cairo-scaled-font.c
@@ -2907,6 +2907,7 @@ _cairo_scaled_font_free_last_glyph (cairo_scaled_font_t *scaled_font,
 {
     cairo_scaled_glyph_page_t *page;
 
+    assert (scaled_font->cache_frozen);
     assert (! cairo_list_is_empty (&scaled_font->glyph_pages));
     page = cairo_list_last_entry (&scaled_font->glyph_pages,
                                   cairo_scaled_glyph_page_t,
@@ -2916,6 +2917,9 @@ _cairo_scaled_font_free_last_glyph (cairo_scaled_font_t *scaled_font,
     _cairo_scaled_glyph_fini (scaled_font, scaled_glyph);
 
     if (--page->num_glyphs == 0) {
+	_cairo_scaled_font_thaw_cache (scaled_font);
+	CAIRO_MUTEX_LOCK (scaled_font->mutex);
+
 	CAIRO_MUTEX_LOCK (_cairo_scaled_glyph_page_cache_mutex);
 	/* Temporarily disconnect callback to avoid recursive locking */
 	cairo_scaled_glyph_page_cache.entry_destroy = NULL;
@@ -2924,6 +2928,9 @@ _cairo_scaled_font_free_last_glyph (cairo_scaled_font_t *scaled_font,
 	_cairo_scaled_glyph_page_destroy (scaled_font, page);
 	cairo_scaled_glyph_page_cache.entry_destroy = _cairo_scaled_glyph_page_pluck;
 	CAIRO_MUTEX_UNLOCK (_cairo_scaled_glyph_page_cache_mutex);
+
+	CAIRO_MUTEX_UNLOCK (scaled_font->mutex);
+	_cairo_scaled_font_freeze_cache (scaled_font);
     }
 }
 


More information about the cairo-commit mailing list