Update to 1.14.8
This commit is contained in:
parent
0f92de8235
commit
5a0dd927e6
1
.gitignore
vendored
1
.gitignore
vendored
@ -15,3 +15,4 @@ cairo-1.9.14.tar.gz
|
||||
/cairo-1.14.2.tar.xz
|
||||
/cairo-1.14.4.tar.xz
|
||||
/cairo-1.14.6.tar.xz
|
||||
/cairo-1.14.8.tar.xz
|
||||
|
@ -1,59 +0,0 @@
|
||||
From d69dd6b341594c338fa6c7b327fd7f201eb37bc1 Mon Sep 17 00:00:00 2001
|
||||
From: Uli Schlachter <psychon@znc.in>
|
||||
Date: Sat, 18 Jun 2016 15:08:52 +0200
|
||||
Subject: [PATCH] xlib: Fix double free in _get_image_surface()
|
||||
|
||||
If XShmGetImage() fails, the code tries to continue with its normal,
|
||||
non-shared-memory path. However, the image variable, which was previously set to
|
||||
NULL, now points to an already-destroyed surface, causing a double-free when the
|
||||
function cleans up after itself (actually, its an assertion failure because the
|
||||
reference count of the surface is zero, but technically this is still a double
|
||||
free).
|
||||
|
||||
Fix this by setting image=NULL after destroying the surface that this refers to,
|
||||
to make sure this surface will not be destroyed again.
|
||||
|
||||
While we are here (multiple changes in a single commit are bad...), also fix the
|
||||
cleanup done in bail. In practice, &image->base should be safe when image==NULL,
|
||||
because this just adds some offset to the pointer (the offset here is actually
|
||||
zero, so this doesn't do anything at all). However, the C standard does not
|
||||
require this to be safe, so let's handle this case specially.
|
||||
|
||||
Note that anything that is fixed by this change is still buggy, because the only
|
||||
reason why XShmGetImage() could fail would be BadDrawable, meaning that the
|
||||
target we draw to does not exist or was already destroyed. This patch will
|
||||
likely just cause X11 errors elsewhere and drawing to (possible) invalid
|
||||
drawables is not supported by cairo anyway. This means that if SHM fails, the
|
||||
following fallback code has a high chance of failing, too.
|
||||
|
||||
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=91967
|
||||
Signed-off-by: Uli Schlachter <psychon@znc.in>
|
||||
---
|
||||
src/cairo-xlib-surface.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/cairo-xlib-surface.c b/src/cairo-xlib-surface.c
|
||||
index 3f407c3..555c1fe 100644
|
||||
--- a/src/cairo-xlib-surface.c
|
||||
+++ b/src/cairo-xlib-surface.c
|
||||
@@ -807,6 +807,7 @@ _get_image_surface (cairo_xlib_surface_t *surface,
|
||||
}
|
||||
|
||||
cairo_surface_destroy (&image->base);
|
||||
+ image = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1011,7 +1012,8 @@ _get_image_surface (cairo_xlib_surface_t *surface,
|
||||
cairo_device_release (&display->base);
|
||||
|
||||
if (unlikely (status)) {
|
||||
- cairo_surface_destroy (&image->base);
|
||||
+ if (image)
|
||||
+ cairo_surface_destroy (&image->base);
|
||||
return _cairo_surface_create_in_error (status);
|
||||
}
|
||||
|
||||
--
|
||||
2.7.4
|
||||
|
11
cairo.spec
11
cairo.spec
@ -3,17 +3,14 @@
|
||||
%define fontconfig_version 2.2.95
|
||||
|
||||
Name: cairo
|
||||
Version: 1.14.6
|
||||
Release: 2%{?dist}
|
||||
Version: 1.14.8
|
||||
Release: 1%{?dist}
|
||||
Summary: A 2D graphics library
|
||||
|
||||
License: LGPLv2 or MPLv1.1
|
||||
URL: http://cairographics.org
|
||||
Source0: http://cairographics.org/releases/%{name}-%{version}.tar.xz
|
||||
|
||||
# Backported from upstream
|
||||
Patch0: 0001-xlib-Fix-double-free-in-_get_image_surface.patch
|
||||
|
||||
Patch3: cairo-multilib.patch
|
||||
|
||||
BuildRequires: pkgconfig
|
||||
@ -85,7 +82,6 @@ This package contains tools for working with the cairo graphics library.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch3 -p1 -b .multilib
|
||||
|
||||
%build
|
||||
@ -171,6 +167,9 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la
|
||||
%{_libdir}/cairo/
|
||||
|
||||
%changelog
|
||||
* Thu Dec 08 2016 Kalev Lember <klember@redhat.com> - 1.14.8-1
|
||||
- Update to 1.14.8
|
||||
|
||||
* Mon Jul 25 2016 Kalev Lember <klember@redhat.com> - 1.14.6-2
|
||||
- xlib: Fix double free in _get_image_surface() (#1331021)
|
||||
- Minor spec file cleanups
|
||||
|
Loading…
Reference in New Issue
Block a user