8429 – [simple fix] Trying to decrease an unsigned int below 0 in _cairo_xlib_surface_add_glyph -> crash

Bug 8429 - [simple fix] Trying to decrease an unsigned int below 0 in _cairo_xlib_surface_add_glyph -> crash

Summary: [simple fix] Trying to decrease an unsigned int below 0 in _cairo_xlib_surfac...

Status:	RESOLVED DUPLICATE of bug 7953

Alias:	None

Product:	cairo
Classification:	Unclassified
Component:	xlib backend (show other bugs)
Version:	1.2.4
Hardware:	SPARC Solaris

Importance:	high major
Assignee:	Carl Worth
QA Contact:	cairo-bugs mailing list

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-09-26 15:13 UTC by Tomas Ögren
Modified:	2006-09-26 15:20 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Tomas Ögren 2006-09-26 15:13:54 UTC

In _cairo_xlib_surface_add_glyph() -> case CAIRO_FORMAT_ARGB32:
2442:            unsigned int    c = glyph_surface->stride * glyph_surface->height;
...
2453:            while ((c -= 4) >= 0)
c is very unlikely to go below 0, thus it goes to (unsigned int)-4 which is
quite a big number causing memory corruption.
Changing the unsigned int to signed int makes it work instead of crash.

Comment 1 Behdad Esfahbod 2006-09-26 15:20:58 UTC

this is fixed already.  I'll push 1.2.6 out next week.

*** This bug has been marked as a duplicate of 7953 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.