Blame SOURCES/0001-xlib-Don-t-crash-when-swapping-a-0-sized-glyph.patch
|
|
34ad3a |
From 8dc3b629434ce256f8e6a584c5853ae9b4230c33 Mon Sep 17 00:00:00 2001
|
|
|
34ad3a |
From: Adam Jackson <ajax@redhat.com>
|
|
|
34ad3a |
Date: Wed, 31 Oct 2012 16:06:51 -0400
|
|
|
34ad3a |
Subject: [PATCH 1/2] xlib: Don't crash when swapping a 0-sized glyph
|
|
|
34ad3a |
|
|
|
34ad3a |
malloc(0) needn't return NULL, and on glibc, doesn't. Then we encounter
|
|
|
34ad3a |
a loop of the form do { ... } while (--c), which doesn't do quite what
|
|
|
34ad3a |
you were hoping for when c is initially 0.
|
|
|
34ad3a |
|
|
|
34ad3a |
Since there's nothing to swap in this case, just bomb out.
|
|
|
34ad3a |
|
|
|
34ad3a |
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
|
34ad3a |
---
|
|
|
34ad3a |
src/cairo-xlib-render-compositor.c | 6 ++++++
|
|
|
34ad3a |
1 file changed, 6 insertions(+)
|
|
|
34ad3a |
|
|
|
34ad3a |
diff --git a/src/cairo-xlib-render-compositor.c b/src/cairo-xlib-render-compositor.c
|
|
|
34ad3a |
index 74c43e9..e38a659 100644
|
|
|
34ad3a |
--- a/src/cairo-xlib-render-compositor.c
|
|
|
34ad3a |
+++ b/src/cairo-xlib-render-compositor.c
|
|
|
34ad3a |
@@ -1251,6 +1251,9 @@ _cairo_xlib_surface_add_glyph (cairo_xlib_display_t *display,
|
|
|
34ad3a |
unsigned char *d;
|
|
|
34ad3a |
unsigned char *new, *n;
|
|
|
34ad3a |
|
|
|
34ad3a |
+ if (c == 0)
|
|
|
34ad3a |
+ break;
|
|
|
34ad3a |
+
|
|
|
34ad3a |
new = malloc (c);
|
|
|
34ad3a |
if (!new) {
|
|
|
34ad3a |
status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
|
|
|
34ad3a |
@@ -1276,6 +1279,9 @@ _cairo_xlib_surface_add_glyph (cairo_xlib_display_t *display,
|
|
|
34ad3a |
const uint32_t *d;
|
|
|
34ad3a |
uint32_t *new, *n;
|
|
|
34ad3a |
|
|
|
34ad3a |
+ if (c == 0)
|
|
|
34ad3a |
+ break;
|
|
|
34ad3a |
+
|
|
|
34ad3a |
new = malloc (4 * c);
|
|
|
34ad3a |
if (unlikely (new == NULL)) {
|
|
|
34ad3a |
status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
|
|
|
34ad3a |
--
|
|
|
34ad3a |
1.7.12.1
|
|
|
34ad3a |
|