33318 – Crash due to missing cairo_clip_init call in cairo_gstate_show_text_glyphs

Bug 33318 - Crash due to missing cairo_clip_init call in cairo_gstate_show_text_glyphs

Summary: Crash due to missing cairo_clip_init call in cairo_gstate_show_text_glyphs

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	cairo
Classification:	Unclassified
Component:	general (show other bugs)
Version:	1.10.3
Hardware:	All All

Importance:	medium critical
Assignee:	Carl Worth
QA Contact:	cairo-bugs mailing list

URL:
Whiteboard:
Keywords:	patch, security

Depends on:
Blocks:

Reported:	2011-01-20 21:31 UTC by Mats Palmgren
Modified:	2012-02-09 14:19 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
Proposed fix (1.21 KB, patch) 2011-01-21 01:48 UTC, Andrea Canciani	Details \| Splinter Review
View All

Description Mats Palmgren 2011-01-20 21:31:42 UTC

Crash due to missing cairo_clip_init call in cairo_gstate_show_text_glyphs.

See https://bugzilla.mozilla.org/show_bug.cgi?id=624198
for a crash testcase.  Please don't make that testcase public until
Mozilla makes it public.

Fixed in mozilla-central for Firefox 4:
http://hg.mozilla.org/mozilla-central/rev/6db090a3aaa0

Comment 1 Andrea Canciani 2011-01-21 01:32:23 UTC

I don't like the fact that clip will get initialized twice in your patch.
It would easily be forgotten and break if clip init/fini were changed.

I think it would be better to only clip_init() if _cairo_scaled_font_glyph_path() fails or to just _gstate_get_clip() in all the cases.

Comment 2 Andrea Canciani 2011-01-21 01:48:41 UTC

Created attachment 42259 [details] [review]
Proposed fix

I haven't tested this patch, but I expect it to fix the problem.

Comment 3 Chris Wilson 2012-02-09 14:19:12 UTC

That code is now obsolete.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.