[cairo] crash in _fill_xrgb32_lerp_opaque_spans
Ilya Sakhnenko
ilia.softway at gmail.com
Sat Mar 7 04:15:39 PST 2015
Hello!
I was able to narrow down the problem. Certain polygons make sub_row call
cell_list_add_subspan (cairo-tor_scan-converter.c) with x1 > x2, which in
complex multi-polygon shapes results in memory corruption. Here is the
simplest sequence which causes x1 > x2 in cell_list_add_subspan:
double b0_x = 57.991139090401816;
double b0_y = 67.724516159057615;
double b1_x = 58.011249302455383;
double b1_y = 73.545238752365108;
double e0_x = 57.991139090401816;
double e0_y = 67.724516159057615;
double e1_x = 58.011249302455383;
double e1_y = 72.089769290924067;
cairo_move_to(painter, b0_x, b0_y);
cairo_line_to(painter, e0_x, e0_y);
cairo_line_to(painter, e1_x, e1_y);
cairo_line_to(painter, b1_x, b1_y);
cairo_line_to(painter, b0_x, b0_y);
cairo_fill(painter);
With best regards,
Ilya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo/attachments/20150307/65f58b84/attachment-0001.html>
More information about the cairo
mailing list