[cairo] *-x{c, li}b-Don-t-crash-when-swapping-a-0-sized-glyph.patch: Fix some
Adam Jackson
ajax at fedoraproject.org
Wed Oct 31 20:19:37 UTC 2012
commit 768b1217cec40be116c90152919b53c2e685e121
Author: Adam Jackson <ajax at redhat.com>
Date: Wed Oct 31 16:19:33 2012 -0400
*-x{c,li}b-Don-t-crash-when-swapping-a-0-sized-glyph.patch: Fix some
crashes when client and server endian don't match.
...Don-t-crash-when-swapping-a-0-sized-glyph.patch | 43 ++++++++++++++++++++
...Don-t-crash-when-swapping-a-0-sized-glyph.patch | 43 ++++++++++++++++++++
cairo.spec | 11 +++++-
3 files changed, 96 insertions(+), 1 deletions(-)
---
diff --git a/0001-xlib-Don-t-crash-when-swapping-a-0-sized-glyph.patch b/0001-xlib-Don-t-crash-when-swapping-a-0-sized-glyph.patch
new file mode 100644
index 0000000..c94d7b3
--- /dev/null
+++ b/0001-xlib-Don-t-crash-when-swapping-a-0-sized-glyph.patch
@@ -0,0 +1,43 @@
+From 8dc3b629434ce256f8e6a584c5853ae9b4230c33 Mon Sep 17 00:00:00 2001
+From: Adam Jackson <ajax at redhat.com>
+Date: Wed, 31 Oct 2012 16:06:51 -0400
+Subject: [PATCH 1/2] xlib: Don't crash when swapping a 0-sized glyph
+
+malloc(0) needn't return NULL, and on glibc, doesn't. Then we encounter
+a loop of the form do { ... } while (--c), which doesn't do quite what
+you were hoping for when c is initially 0.
+
+Since there's nothing to swap in this case, just bomb out.
+
+Signed-off-by: Adam Jackson <ajax at redhat.com>
+---
+ src/cairo-xlib-render-compositor.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/cairo-xlib-render-compositor.c b/src/cairo-xlib-render-compositor.c
+index 74c43e9..e38a659 100644
+--- a/src/cairo-xlib-render-compositor.c
++++ b/src/cairo-xlib-render-compositor.c
+@@ -1251,6 +1251,9 @@ _cairo_xlib_surface_add_glyph (cairo_xlib_display_t *display,
+ unsigned char *d;
+ unsigned char *new, *n;
+
++ if (c == 0)
++ break;
++
+ new = malloc (c);
+ if (!new) {
+ status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
+@@ -1276,6 +1279,9 @@ _cairo_xlib_surface_add_glyph (cairo_xlib_display_t *display,
+ const uint32_t *d;
+ uint32_t *new, *n;
+
++ if (c == 0)
++ break;
++
+ new = malloc (4 * c);
+ if (unlikely (new == NULL)) {
+ status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
+--
+1.7.12.1
+
diff --git a/0002-xcb-Don-t-crash-when-swapping-a-0-sized-glyph.patch b/0002-xcb-Don-t-crash-when-swapping-a-0-sized-glyph.patch
new file mode 100644
index 0000000..7d2b405
--- /dev/null
+++ b/0002-xcb-Don-t-crash-when-swapping-a-0-sized-glyph.patch
@@ -0,0 +1,43 @@
+From 4cad9bf9f0744efe17f1b70548cd2059df071e81 Mon Sep 17 00:00:00 2001
+From: Adam Jackson <ajax at redhat.com>
+Date: Wed, 31 Oct 2012 16:12:58 -0400
+Subject: [PATCH 2/2] xcb: Don't crash when swapping a 0-sized glyph
+
+malloc(0) needn't return NULL, and on glibc, doesn't. Then we encounter
+a loop of the form do { ... } while (--c), which doesn't do quite what
+you were hoping for when c is initially 0.
+
+Since there's nothing to swap in this case, just bomb out.
+
+Signed-off-by: Adam Jackson <ajax at redhat.com>
+---
+ src/cairo-xcb-surface-render.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/cairo-xcb-surface-render.c b/src/cairo-xcb-surface-render.c
+index 27ed113..16d1ef8 100644
+--- a/src/cairo-xcb-surface-render.c
++++ b/src/cairo-xcb-surface-render.c
+@@ -4461,6 +4461,9 @@ _cairo_xcb_surface_add_glyph (cairo_xcb_connection_t *connection,
+ const uint8_t *d;
+ uint8_t *new, *n;
+
++ if (c == 0)
++ break;
++
+ new = malloc (c);
+ if (unlikely (new == NULL)) {
+ status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
+@@ -4489,6 +4492,9 @@ _cairo_xcb_surface_add_glyph (cairo_xcb_connection_t *connection,
+ const uint32_t *d;
+ uint32_t *new, *n;
+
++ if (c == 0)
++ break;
++
+ new = malloc (4 * c);
+ if (unlikely (new == NULL)) {
+ status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
+--
+1.7.12.1
+
diff --git a/cairo.spec b/cairo.spec
index 76d1b06..3e11f38 100644
--- a/cairo.spec
+++ b/cairo.spec
@@ -5,7 +5,7 @@
Summary: A 2D graphics library
Name: cairo
Version: 1.12.6
-Release: 1%{?dist}
+Release: 2%{?dist}
URL: http://cairographics.org
#VCS: git:git://git.freedesktop.org/git/cairo
#Source0: http://cairographics.org/snapshots/%{name}-%{version}.tar.xz
@@ -13,6 +13,9 @@ Source0: http://cairographics.org/releases/%{name}-%{version}.tar.xz
License: LGPLv2 or MPLv1.1
Group: System Environment/Libraries
+Patch0: 0001-xlib-Don-t-crash-when-swapping-a-0-sized-glyph.patch
+Patch1: 0002-xcb-Don-t-crash-when-swapping-a-0-sized-glyph.patch
+
BuildRequires: pkgconfig
BuildRequires: libXrender-devel
BuildRequires: libX11-devel
@@ -89,6 +92,8 @@ This package contains tools for working with the cairo graphics library.
%prep
%setup -q
+%patch0 -p1 -b .xlib-swap
+%patch1 -p1 -b .xcb-swap
%build
%configure --disable-static \
@@ -172,6 +177,10 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la
%{_libdir}/cairo/
%changelog
+* Wed Oct 31 2012 Adam Jackson <ajax at redhat.com> 1.12.6-2
+- *-x{c,li}b-Don-t-crash-when-swapping-a-0-sized-glyph.patch: Fix some
+ crashes when client and server endian don't match.
+
* Thu Oct 25 2012 Kalev Lember <kalevlember at gmail.com> - 1.12.6-1
- Update to 1.12.6
More information about the scm-commits
mailing list