Created attachment 60497 [details] Fix the issue. Originally reported as downstream bug: https://bugzilla.novell.com/show_bug.cgi?id=758422 _cairo_pdf_surface_add_source_surface allocates unique_id with size unique_id_length but then copies surface_key.unique_id_length into it. This causes e.g. evince to crash predictably while trying to print with: *** buffer overflow detected ***: evince terminat
commit f736cd144305f7c9147912f6ec081962b3191e3d Author: Jeff Mahoney <jeffm@suse.com> Date: Mon Apr 23 22:04:48 2012 +0100 pdf: Fix wrong allocation in _cairo_pdf_surface_add_source_surface _cairo_pdf_surface_add_source_surface allocates unique_id with size unique_id_length but then copies surface_key.unique_id_length into it. This causes e.g. evince to crash predictably while trying to print with: *** buffer overflow detected ***: evince terminated We should be using surface_key.unique_id_length instead. Reported-by: Dominique Leuenberger <dominique-freedesktop.org@leuenberger.ne Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=49089 Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.