From 62119f2903d9a41b3807e4a419d5cab6e4091822 Mon Sep 17 00:00:00 2001 From: Alexandre Rostovtsev Date: Tue, 22 Apr 2014 02:37:54 -0400 Subject: [PATCH] xcb: fix handling of __cairo_clip_all We don't want to modify the constant all-clipped cairo_clip_t. Fixes NULL pointer dereference in _clip_and_composite_boxes(). Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=77931 --- src/cairo-xcb-surface-render.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/cairo-xcb-surface-render.c b/src/cairo-xcb-surface-render.c index 9625953..14cef2d 100644 --- a/src/cairo-xcb-surface-render.c +++ b/src/cairo-xcb-surface-render.c @@ -3123,8 +3123,10 @@ _clip_and_composite_boxes (cairo_xcb_surface_t *dst, clip = _cairo_clip_intersect_boxes (clip, boxes); status = _cairo_clip_get_polygon (clip, &polygon, &fill_rule, &antialias); - _cairo_clip_path_destroy (clip->path); - clip->path = NULL; + if (! _cairo_clip_is_all_clipped (clip)) { + _cairo_clip_path_destroy (clip->path); + clip->path = NULL; + } if (likely (status == CAIRO_INT_STATUS_SUCCESS)) { cairo_clip_t *saved_clip = extents->clip; extents->clip = clip; -- 1.9.2