[cairo] [PATCH 2/2] xcb: Don't crash when swapping a 0-sized glyph
Adam Jackson
ajax at redhat.com
Wed Oct 31 14:17:00 PDT 2012
On 10/31/12 4:46 PM, Uli Schlachter wrote:
> On 31.10.2012 21:13, Adam Jackson wrote:
>> malloc(0) needn't return NULL, and on glibc, doesn't. Then we encounter
>> a loop of the form do { ... } while (--c), which doesn't do quite what
>> you were hoping for when c is initially 0.
>>
>> Since there's nothing to swap in this case, just bomb out.
>
> could you tell us where you are seeing this? Would it be feasible to add a
> suitable test case to the test suite for this?
I personally haven't hit this, but I have a tester who's seeing it with
various gtk apps from a ppc64 X client to an x86 X server (on the xlib
path, haven't tried to provoke it over xcb). You end up with a
backtrace like this:
http://fpaste.org/u33H/raw/
The fix was derived by inspection; it's been tested and works (again
only through xlib, but the xcb path clearly has the same bug). Though...
> Also:
>
> Hey Chris, do you still remember what you did last year? If yes, could you
> explain to me why the following commit "#if 0"s away the width==0||height==0
> case which would likely catch this bug?
... older xserver would crash when fed 0x0 glyphs, which is what that
code is working around. Perhaps we no longer care about servers that
old, or at least, don't so care when using this path through cairo.
As far as a testcase, if you have one that tests non-A8 0x0 glyphs then
you should be able to hit this already, iff you have the ability to run
the tests against an opposite-endian server. Honestly I'd expect one of
the cairo perf traces of like firefox would hit this by accident.
- ajax
More information about the cairo
mailing list