Bug 8429

Summary: [simple fix] Trying to decrease an unsigned int below 0 in _cairo_xlib_surface_add_glyph -> crash
Product: cairo Reporter: Tomas Ögren <stric>
Component: xlib backendAssignee: Carl Worth <cworth>
Status: RESOLVED DUPLICATE QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: major    
Priority: high    
Version: 1.2.4   
Hardware: SPARC   
OS: Solaris   
Whiteboard:
i915 platform: i915 features:

Description Tomas Ögren 2006-09-26 15:13:54 UTC 
In _cairo_xlib_surface_add_glyph() -> case CAIRO_FORMAT_ARGB32:
2442:            unsigned int    c = glyph_surface->stride * glyph_surface->height;
...
2453:            while ((c -= 4) >= 0)
c is very unlikely to go below 0, thus it goes to (unsigned int)-4 which is
quite a big number causing memory corruption.
Changing the unsigned int to signed int makes it work instead of crash.
Comment 1 Behdad Esfahbod 2006-09-26 15:20:58 UTC 
this is fixed already.  I'll push 1.2.6 out next week.

*** This bug has been marked as a duplicate of 7953 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.