Fix crash due to scaled_glyph->dev_private reuse (#2189228)

cairo-1.17.8-fix-crash-scaled-glyph.patch

@@ -0,0 +1,70 @@
+From 10cc34f521cf272f881bbad9a6fc4e794cca8687 Mon Sep 17 00:00:00 2001
+From: Adrian Johnson <ajohnson@redneon.com>
+Date: Sat, 13 May 2023 18:51:40 +0930
+Subject: [PATCH] ft: don't use scaled_glyph->dev_private to store data
+
+It is also used by the xlib surface.
+
+Fixes #778
+---
+ src/cairo-ft-font.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/src/cairo-ft-font.c b/src/cairo-ft-font.c
+index 834e4ba31..76c9e008f 100644
+--- a/src/cairo-ft-font.c
++++ b/src/cairo-ft-font.c
+@@ -2600,6 +2600,7 @@ _cairo_ft_scaled_glyph_set_foreground_color (cairo_ft_scaled_font_t *scaled_font
+ static cairo_int_status_t
+ _cairo_ft_scaled_glyph_init_surface (cairo_ft_scaled_font_t     *scaled_font,
+ 				     cairo_scaled_glyph_t	*scaled_glyph,
++				     cairo_ft_glyph_private_t   *glyph_priv,
+ 				     cairo_scaled_glyph_info_t	 info,
+ 				     FT_Face face,
+ 				     const cairo_color_t        *foreground_color,
+@@ -2611,7 +2612,6 @@ _cairo_ft_scaled_glyph_init_surface (cairo_ft_scaled_font_t     *scaled_font,
+     cairo_status_t status;
+     cairo_image_surface_t	*surface;
+     cairo_bool_t uses_foreground_color = FALSE;
+-    cairo_ft_glyph_private_t *glyph_priv = scaled_glyph->dev_private;
+ 
+     /* Only one info type at a time handled in this function */
+     assert (info == CAIRO_SCALED_GLYPH_INFO_COLOR_SURFACE || info == CAIRO_SCALED_GLYPH_INFO_SURFACE);
+@@ -3302,7 +3302,6 @@ _cairo_ft_scaled_glyph_init_metrics (cairo_ft_scaled_font_t  *scaled_font,
+     _cairo_scaled_glyph_attach_private (scaled_glyph, &glyph_priv->base,
+ 					&ft_glyph_private_key,
+ 					_cairo_ft_glyph_fini);
+-    scaled_glyph->dev_private = glyph_priv;
+ 
+     /* We need to load color to determine if this is a color format. */
+     int color_flag = 0;
+@@ -3461,8 +3460,8 @@ _cairo_ft_scaled_glyph_init (void			*abstract_font,
+ 	    goto FAIL;
+     }
+ 
+-    /* scaled_glyph->dev_private is intialized by _cairo_ft_scaled_glyph_init_metrics() */
+-    glyph_priv = scaled_glyph->dev_private;
++    glyph_priv = (cairo_ft_glyph_private_t *) _cairo_scaled_glyph_find_private (scaled_glyph,
++										&ft_glyph_private_key);
+     assert (glyph_priv != NULL);
+ 
+     if (info & CAIRO_SCALED_GLYPH_INFO_RECORDING_SURFACE) {
+@@ -3514,6 +3513,7 @@ _cairo_ft_scaled_glyph_init (void			*abstract_font,
+ 	} else {
+ 	    status = _cairo_ft_scaled_glyph_init_surface (scaled_font,
+ 							  scaled_glyph,
++							  glyph_priv,
+ 							  CAIRO_SCALED_GLYPH_INFO_COLOR_SURFACE,
+ 							  face,
+ 							  foreground_color,
+@@ -3527,6 +3527,7 @@ _cairo_ft_scaled_glyph_init (void			*abstract_font,
+     if (info & CAIRO_SCALED_GLYPH_INFO_SURFACE) {
+ 	status = _cairo_ft_scaled_glyph_init_surface (scaled_font,
+ 						      scaled_glyph,
++						      glyph_priv,
+ 						      CAIRO_SCALED_GLYPH_INFO_SURFACE,
+ 						      face,
+ 						      NULL, /* foreground color */
+-- 
+GitLab
+

cairo.spec

@@ -4,7 +4,7 @@
 
 Name:    cairo
 Version: 1.17.8
-Release: 3%{?dist}
+Release: 4%{?dist}
 Summary: A 2D graphics library
 
 License: LGPL-2.1-only OR MPL-1.1
@@ -16,6 +16,8 @@ Patch0: cairo-multilib.patch
 Patch1: cairo-1.17.8-fix-tee-compilation.patch
 # https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/467
 Patch2: cairo-1.17.8-ft-font-missing-glyph.patch
+# https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/476
+Patch3: cairo-1.17.8-fix-crash-scaled-glyph.patch
 
 BuildRequires: gcc
 BuildRequires: gcc-c++
@@ -160,6 +162,9 @@ This package contains tools for working with the cairo graphics library.
 %{_libdir}/cairo/
 
 %changelog
+* Mon May 15 2023 Scott Talbert <swt@techie.net> - 1.17.8-4
+- Fix crash due to scaled_glyph->dev_private reuse (#2189228)
+
 * Wed Mar 15 2023 David King <amigadave@amigadave.com> - 1.17.8-3
 - Fix missing glyphs in ft-font