[cairo] Crash in cairo_surface_get_mime_data()

Uli Schlachter psychon at znc.in
Mon Oct 3 14:09:42 PDT 2011 

Hi,

attached is a test case which crashes on every cairo version since 1.10. First
it sets some mime data, then it removes that mime data again. The next
cairo_surface_get_mime_data() then dereferences a NULL pointer.

Also attached is a patch which fixes the issue for me.

I wonder if this really is a cairo bug or if I'm just using the API in a wrong
way. Could someone enlighten me?

Then I also wonder how this should be added to the test suite. The only thing
that currently calls cairo_surface_get_mime_data() is api-special-cases, but
this problem doesn't really fit into that test. Should this get its own test
case, looking something like the code below?

Cheers,
Uli

    const char *mimetype = "text/x-uri";
    const char *data = "http://www.cairographics.org";
    const unsigned char *data_ret;
    unsigned long length;
    cairo_status_t status;

    status = cairo_surface_set_mime_data (surface,
                                          mimetype,
                                          (const unsigned char *) data,
					  strlen (data),
                                          NULL, NULL);
    if (status)
	return CAIRO_TEST_ERROR;

    cairo_surface_get_mime_data (surface, mimetype, &data_ret, &length);
    if ((char *) data_ret != data || length != strlen (data))
	return CAIRO_TEST_ERROR;

    // Now check if unsetting mime data works
    status = cairo_surface_set_mime_data (surface,
                                          mimetype,
					  NULL, 0,
                                          NULL, NULL);
    if (status)
	return CAIRO_TEST_ERROR;

    cairo_surface_get_mime_data (surface, mimetype, &data_ret, &length);
    if (data_ret != NULL || length != 0)
	return CAIRO_TEST_ERROR;

    return CAIRO_TEST_SUCCESS;

-- 
- He made himself, me nothing, you nothing out of the dust
- Er machte sich mir nichts, dir nichts aus dem Staub
-------------- next part --------------
A non-text attachment was scrubbed...
Name: t.c
Type: text/x-csrc
Size: 482 bytes
Desc: not available
URL: <http://lists.cairographics.org/archives/cairo/attachments/20111003/201f8513/attachment.c>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch
URL: <http://lists.cairographics.org/archives/cairo/attachments/20111003/201f8513/attachment.txt>

More information about the cairo mailing list