Bug 5026 - Stack smash in cairo_stroker_join
Summary: Stack smash in cairo_stroker_join
Alias: None
Product: cairo
Classification: Unclassified
Component: general (show other bugs)
Version: 1.0.2
Hardware: x86 (IA32) Linux (All)
: high critical
Assignee: Carl Worth
QA Contact: cairo-bugs mailing list
Depends on:
Reported: 2005-11-12 07:12 UTC by Ken
Modified: 2006-05-18 08:41 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

patch from gentoo bugreport (591 bytes, patch)
2006-03-31 02:40 UTC, foser
Details | Splinter Review

Description Ken 2005-11-12 07:12:55 UTC
"stack smashing attack in function _cairo_stroker_join()" happens with multiple
applications rendering them useless.

CFLAGS="-O3 -march=k8 -pipe -fomit-frame-pointer -fstack-protector
-fprefetch-loop-arrays -mno-tls-direct-seg-refs"

Most likely related to -fstack-protector switch.
I am in the belief that Cairo should work with this option set for additionaly
Comment 1 Ken 2005-11-19 10:52:59 UTC
I recompiled cairo without the -fstack-protector and this error does go away
during application usage.  This does not change the behavior of
_cairo_stroker_join(), it simply is not caught stack protection.

I'm not comfortable with the fact that the cairo code can exploit the stack. I
believe this to have security implications.
Comment 2 Frederik 'Freso' S. Olesen 2006-02-17 06:31:49 UTC
This is also reported and has a patch in Gentoo's Bugzilla:
Comment 3 foser 2006-03-31 02:40:08 UTC
Created attachment 5132 [details] [review]
patch from gentoo bugreport
Comment 4 Carl Worth 2006-05-19 01:41:05 UTC
If that's the fix, then this definitely isn't a cairo bug.

If you can point me to a bug that has been filed with the appropriate upstream,
(whoever it is), then I'll add this workaround to cairo. Otherwise it seems
useful to maintain this failure as a demonstration and testcase of the real bug.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.