"stack smashing attack in function _cairo_stroker_join()" happens with multiple applications rendering them useless. Using: CFLAGS="-O3 -march=k8 -pipe -fomit-frame-pointer -fstack-protector -fprefetch-loop-arrays -mno-tls-direct-seg-refs" CHOST="x86_64-pc-linux-gnu" Most likely related to -fstack-protector switch. I am in the belief that Cairo should work with this option set for additionaly security.
I recompiled cairo without the -fstack-protector and this error does go away during application usage. This does not change the behavior of _cairo_stroker_join(), it simply is not caught stack protection. I'm not comfortable with the fact that the cairo code can exploit the stack. I believe this to have security implications.
This is also reported and has a patch in Gentoo's Bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=109480
Created attachment 5132 [details] [review] patch from gentoo bugreport
If that's the fix, then this definitely isn't a cairo bug. If you can point me to a bug that has been filed with the appropriate upstream, (whoever it is), then I'll add this workaround to cairo. Otherwise it seems useful to maintain this failure as a demonstration and testcase of the real bug. -Carl
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.