Bug 3777

Summary: Uninitialized memory read in cairo_pattern_release_surface
Product: cairo Reporter: Daniel Stone <daniel>
Component: generalAssignee: Carl Worth <cworth>
Status: RESOLVED FIXED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: normal    
Priority: high    
Version: 0.9.3   
Hardware: x86 (IA32)   
OS: Windows (All)   
Whiteboard:
i915 platform: i915 features:

Description FreeDesktop Bugzilla Database Corruption Fix User 2005-07-15 03:31:17 UTC 
[W] UMR: Uninitialized memory read in cairo_pattern_release_surface {69 occurrences}
        Reading 4 bytes from 0x0013b7b4 (4 bytes at 0x0013b7b4 uninitialized)
        Address 0x0013b7b4 points into a thread's stack 
        Address 0x0013b7b4 is 68 bytes past the start of local variable
'src_attr' in cairo_image_surface_composite
        Thread ID: 0x2e0
        Error location
            cairo_pattern_release_surface
[c:\builds\mozilla\gfx\cairo\cairo\src\cairo-pattern.c:1426]
            cairo_image_surface_composite
[c:\builds\mozilla\gfx\cairo\cairo\src\cairo-image-surface.c:600]
            fallback_composite
[c:\builds\mozilla\gfx\cairo\cairo\src\cairo-surface.c:508]
            cairo_surface_composite
[c:\builds\mozilla\gfx\cairo\cairo\src\cairo-surface.c:550]
            composite_trap_region
[c:\builds\mozilla\gfx\cairo\cairo\src\cairo-gstate.c:1232]
            cairo_gstate_clip_and_composite_trapezoids
[c:\builds\mozilla\gfx\cairo\cairo\src\cairo-gstate.c:1471]
            cairo_gstate_paint
[c:\builds\mozilla\gfx\cairo\cairo\src\cairo-gstate.c:780]
            cairo_paint    [c:\builds\mozilla\gfx\cairo\cairo\src\cairo.c:1221]
            cairo_paint_with_alpha
[c:\builds\mozilla\gfx\cairo\cairo\src\cairo.c:1249]


The code is using src_attr->extras which has not been initialized to anything
and could result in some problems down the road.  I suspect it should just be
set to null in _cairo_image_surface_set_attributes().
Comment 1 Owen Taylor 2005-07-29 02:54:41 UTC 
2005-07-28  Owen Taylor  <otaylor@redhat.com>

        * src/cairo-image-surface.c (_cairo_image_surface_acquire_source,dest_image)
        src/cairo-quartz-surface.c (_cairo_quartz_surface_acquire_dest_image)
        src/cairo-xcb-surface.c (_cairo_xcb_surface_acquire_source,dest_image):
        src/cairo-xlib-surface.c (_cairo_xlib_surface_acquire_source,dest_image):
        Set image_extra to NULL to avoid purify warnings. (#3777, Stuart Parmenter)
Comment 2 Carl Worth 2005-08-22 17:15:01 UTC 
Move bugs against "cvs" version to "0.9.3" so we can remove the "cvs" version.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.