[cairo] [PATCH 2/2] xcb: Don't crash when swapping a 0-sized glyph

[Uli Schlachter]

Hi,

On 31.10.2012 21:13, Adam Jackson wrote:
> malloc(0) needn't return NULL, and on glibc, doesn't.  Then we encounter
> a loop of the form do { ... } while (--c), which doesn't do quite what
> you were hoping for when c is initially 0.
> 
> Since there's nothing to swap in this case, just bomb out.
[...]

Hi Adam,

could you tell us where you are seeing this? Would it be feasible to add a
suitable test case to the test suite for this?

Also:

Hey Chris, do you still remember what you did last year? If yes, could you
explain to me why the following commit "#if 0"s away the width==0||height==0
case which would likely catch this bug?

> commit af9fbd176b145f042408ef5391eef2a51d7531f8
> Author: Chris Wilson <chris at chris-wilson.co.uk>
> Date:   Sat Jul 30 17:28:21 2011 +0100
> 
>     Introduce a new compositor architecture
> [...]
> diff --git a/src/cairo-xcb-surface-render.c b/src/cairo-xcb-surface-render.c
> index aa9100f..f9d33c7 100644
> --- a/src/cairo-xcb-surface-render.c
> +++ b/src/cairo-xcb-surface-render.c
> [...]
>  
> -    glyphset_info = _cairo_xcb_scaled_font_get_glyphset_info_for_format (scaled_font,
> -									 glyph_surface->format);
> -
> +#if 0
>      /* If the glyph surface has zero height or width, we create
>       * a clear 1x1 surface, to avoid various X server bugs.
>       */
>      if (glyph_surface->width == 0 || glyph_surface->height == 0) {
>  	cairo_surface_t *tmp_surface;
>  
> -	tmp_surface = cairo_image_surface_create (glyphset_info->format, 1, 1);
> +	tmp_surface = cairo_image_surface_create (info->format, 1, 1);
>  	status = tmp_surface->status;
>  	if (unlikely (status))
>  	    goto BAIL;
> @@ -4340,14 +4363,15 @@ _cairo_xcb_surface_add_glyph (cairo_xcb_connection_t *connection,
>  
>  	glyph_surface = (cairo_image_surface_t *) tmp_surface;
>      }
> +#endif

Cheers,
Uli
-- 
"Every once in a while, declare peace. It confuses the hell out of your enemies"
 - 79th Rule of Acquisition