Created attachment 77339 [details]
Compile and crash on the last call of "TryCircle"
Compile and run the attached. This will crash:
cairo_arc(cairo, 0.0, 1.0, 5761126469220696064.0, 0.0, 6.2831853071795862);
while this does not:
cairo_arc(cairo, 0.0, 0.0, 5761126469220696064.0, 0.0, 6.2831853071795862);
With both cairo git fdec6b37596d8b064ff082326d7189daa8208052 and cairo 1.12.2, the following happens. Since this doesn't crash on git, I don't think that there is an issue...?
Starting the test
Start centerY 0.000000, radius 14.000000
Finish centerY 0.000000 radius 14.000000
Start centerY 1.000000, radius 14.000000
Finish centerY 1.000000 radius 14.000000
Start centerY 0.000000, radius 8761126469220696064.000000
Finish centerY 0.000000 radius 8761126469220696064.000000
Start centerY 1.000000, radius 8761126469220696064.000000
Finish centerY 1.000000 radius 8761126469220696064.000000
Start centerY 0.000000, radius 5761126469220696064.000000
Finish centerY 0.000000 radius 5761126469220696064.000000
Start centerY 1.000000, radius 5761126469220696064.000000
Finish centerY 1.000000 radius 5761126469220696064.000000
Finished the test
I'm on ubuntu, with "install libcairo2", which seems to install 1.4.0. I changed the version in the bug. I will try with the latest
(In reply to comment #1)
> With both cairo git fdec6b37596d8b064ff082326d7189daa8208052 and cairo
> 1.12.2, the following happens. Since this doesn't crash on git, I don't
> think that there is an issue...?
Are you doing a 32-bit version or a 64-bit version?
Cairo 1.4.0 on Ubuntu? According to , 1.6.0 is the oldest cairo version still used by Ubuntu 8.04. Cairo 1.6.0 and Ubuntu 8.04 were released in 2008 (5 years ago!). Even the support for that Ubuntu version ended this month. That's really ancient software which means any bugs you see likely are already fixed in anything non-ancient.
I was doing my tests on a debian testing amd64 system.
Indeed. I was doing this on a fresh install, just getting cairo with apt-get install libcairo2-dev, and you are correct, that appears to be 1.10.2 (still fairly old, I guess). I tried with the latest download, still get the crash. I don't mind if this is fixed, just trying to figure out why I'm still seeing the problem.
I found this patch associated with the CVE:
However the code has changed considerably since then. The checks might still be relevant in cairo-image-compositor.c such as in fill_boxes(), possibly other places, but I'm not certain.
-- GitLab Migration Automatic Message --
This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.
You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/cairo/cairo/issues/248.