Bug 11855 - Segfault with cairo_pattern_set_user_data
Summary: Segfault with cairo_pattern_set_user_data
Status: RESOLVED FIXED
Alias: None
Product: cairo
Classification: Unclassified
Component: general (show other bugs)
Version: 1.5.1
Hardware: Other All
: medium critical
Assignee: Carl Worth
QA Contact: cairo-bugs mailing list
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-08-05 22:00 UTC by Yevgen Muntyan
Modified: 2007-08-06 11:10 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
test case (518 bytes, text/plain)
2007-08-05 22:00 UTC, Yevgen Muntyan 		Details
View All

Description Yevgen Muntyan 2007-08-05 22:00:10 UTC 
See attached program (tutorial one, modified). In short, this segfaults:

cairo_pattern_set_user_data (pattern, ...);
cairo_mask (cr, pattern);

A related question: does any cairo function ever return a pattern_t object which was passed to any other function at some point? I am using cairo_pattern_set_user_data() to make sure I don't have many wrapper objects for the same cairo object in a language binding, so this bug is kind of a show stopper for me.
Comment 1 Yevgen Muntyan 2007-08-05 22:00:48 UTC 
Created attachment 11002 [details]
test case
Comment 2 Carl Worth 2007-08-06 08:42:17 UTC 
The bug is quite obvious. We're creating a copy of the pattern without
also copying the user_data array. I wonder if there aren't similar
problems stemming from the time user_data was added to most
user-visible objects, (though many of them might not have copy
functions).

There are definitely some additions needed to the test suite here.

(More after breakfast...)

-Carl
Comment 3 Behdad Esfahbod 2007-08-06 10:58:58 UTC 
If we are copying the pattern we probably should not copy the user-data array, right?
Comment 4 Carl Worth 2007-08-06 11:10:41 UTC 
(In reply to comment #3)
> If we are copying the pattern we probably should not copy the user-data array,
> right?

Indeed not. Here's a patch (that I just pushed). And no, I will not be bothered to make any bugzilla attachments. :-)

-Carl

commit 13cae8b5e6d3fc93c4eb1853b91ba356b572b551
Author: Carl Worth <cworth@cworth.org>
Date:   Mon Aug 6 11:06:47 2007 -0700

    Ensure that a copied pattern gets its own user_data array
    
    This fixes the bug reported here:
    
        Segfault with cairo_pattern_set_user_data
        https://bugs.freedesktop.org/show_bug.cgi?id=11855

diff --git a/src/cairo-pattern.c b/src/cairo-pattern.c
index 24efa34..2fd1c87 100644
--- a/src/cairo-pattern.c
+++ b/src/cairo-pattern.c
@@ -185,7 +185,9 @@ _cairo_pattern_init_copy (cairo_pattern_t   *pattern,
     } break;
     }
 
+    /* The reference count and user_data array are unique to the copy. */
     pattern->ref_count = 1;
+    _cairo_user_data_array_init (&pattern->user_data);
 
     return CAIRO_STATUS_SUCCESS;
 }

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.