_cairo_atsui_font_text_to_glyphs segfaults when called with a string of length 0 (i.e. cairo_text_extents (cr, "", &extents);). The segfault is reproducable on Mac OS X 10.4 with gtk_slide as well as with the following program that basically does the same thing cairo does. /* build with: gcc -framework Carbon crash.c */ #include <Carbon/Carbon.h> int main() { short utf16 = 0; ItemCount glyphCount; ATSLayoutRecord *layoutRecords; ATSUTextLayout textLayout; ATSUCreateTextLayout(&textLayout); ATSUSetTextPointerLocation(textLayout, &utf16, kATSUFromTextBeginning, kATSUToTextEnd, 0); ATSUDirectGetLayoutDataArrayPtrFromTextLayout(textLayout, 0, kATSUDirectDataLayoutRecordATSLayoutRecordCurrent, (void *)&layoutRecords, &glyphCount); }
Created attachment 8195 [details] [review] Prevents the segfault by checking if the supplied string is empty. The callers always check if num_glyphs is 0 before dereferencing glyphs.
Again, no need to handle it in the backend. Just made higher levels (surface and scaled_font) not call into the backends for zero num_glyphs. 8fd7328ebb77b0a641cf30bded85e482ea63ad97
Behdad, I retested this and it still fails. The problem is that the segfault happens before the number of glyphs is calculated (in the last line of Jeff's code above), so its unrelated to the fixes you made. It is an atsui-specific problem. My patch above is still needed, I think.
What about this: diff --git a/src/cairo-scaled-font.c b/src/cairo-scaled-font.c index 73afb5f..c63f774 100755 --- a/src/cairo-scaled-font.c +++ b/src/cairo-scaled-font.c @@ -790,6 +790,12 @@ _cairo_scaled_font_text_to_glyphs (cairo_scaled_font_t *scaled_font, cairo_status_t status = CAIRO_STATUS_SUCCESS; cairo_scaled_glyph_t *scaled_glyph; + if (utf8[0] == '\0') { + *num_glyphs = 0; + *glyphs = NULL; + return CAIRO_STATUS_SUCCESS; + } + if (scaled_font->backend->text_to_glyphs) { status = scaled_font->backend->text_to_glyphs (scaled_font, x, y, utf8,
I pushed a test case, and another fix in cairo-scaled-font.c. Can you check that 1) the test fails before the patch, and 2) the patch fixes your problem. commit eafd6e454a85c807f2addf7768046fea58aea3f9 Author: Behdad Esfahbod <behdad@behdad.org> Date: Thu Dec 28 20:01:18 2006 -0500 In _cairo_scaled_font_text_to_glyphs, bail if text is zero-length (#5177) commit ab29396ef9f68f5534f927b2b5bb0a7ffac86509 Author: Behdad Esfahbod <behdad@behdad.org> Date: Thu Dec 28 19:51:20 2006 -0500 [test] Add new test text-zero-len (#5177) The test passes an empty string to cairo_show_text, cairo_text_path, and cairo_text_extents, and NULL and an invalid pointer, with zero num_glyphs to cairo_show_glyphs, cairo_glyph_path, and cairo_glyph_extents. Thanks
Thanks Behdad, yes the test triggers the crash and the patch fixed it.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.