Update to 1.14.8

This commit is contained in:
Kalev Lember 2016-12-08 11:15:10 +01:00
parent 0f92de8235
commit 5a0dd927e6
4 changed files with 7 additions and 66 deletions

1
.gitignore vendored
View File

@ -15,3 +15,4 @@ cairo-1.9.14.tar.gz
/cairo-1.14.2.tar.xz
/cairo-1.14.4.tar.xz
/cairo-1.14.6.tar.xz
/cairo-1.14.8.tar.xz

View File

@ -1,59 +0,0 @@
From d69dd6b341594c338fa6c7b327fd7f201eb37bc1 Mon Sep 17 00:00:00 2001
From: Uli Schlachter <psychon@znc.in>
Date: Sat, 18 Jun 2016 15:08:52 +0200
Subject: [PATCH] xlib: Fix double free in _get_image_surface()
If XShmGetImage() fails, the code tries to continue with its normal,
non-shared-memory path. However, the image variable, which was previously set to
NULL, now points to an already-destroyed surface, causing a double-free when the
function cleans up after itself (actually, its an assertion failure because the
reference count of the surface is zero, but technically this is still a double
free).
Fix this by setting image=NULL after destroying the surface that this refers to,
to make sure this surface will not be destroyed again.
While we are here (multiple changes in a single commit are bad...), also fix the
cleanup done in bail. In practice, &image->base should be safe when image==NULL,
because this just adds some offset to the pointer (the offset here is actually
zero, so this doesn't do anything at all). However, the C standard does not
require this to be safe, so let's handle this case specially.
Note that anything that is fixed by this change is still buggy, because the only
reason why XShmGetImage() could fail would be BadDrawable, meaning that the
target we draw to does not exist or was already destroyed. This patch will
likely just cause X11 errors elsewhere and drawing to (possible) invalid
drawables is not supported by cairo anyway. This means that if SHM fails, the
following fallback code has a high chance of failing, too.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=91967
Signed-off-by: Uli Schlachter <psychon@znc.in>
---
src/cairo-xlib-surface.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/cairo-xlib-surface.c b/src/cairo-xlib-surface.c
index 3f407c3..555c1fe 100644
--- a/src/cairo-xlib-surface.c
+++ b/src/cairo-xlib-surface.c
@@ -807,6 +807,7 @@ _get_image_surface (cairo_xlib_surface_t *surface,
}
cairo_surface_destroy (&image->base);
+ image = NULL;
}
}
@@ -1011,7 +1012,8 @@ _get_image_surface (cairo_xlib_surface_t *surface,
cairo_device_release (&display->base);
if (unlikely (status)) {
- cairo_surface_destroy (&image->base);
+ if (image)
+ cairo_surface_destroy (&image->base);
return _cairo_surface_create_in_error (status);
}
--
2.7.4

View File

@ -3,17 +3,14 @@
%define fontconfig_version 2.2.95
Name: cairo
Version: 1.14.6
Release: 2%{?dist}
Version: 1.14.8
Release: 1%{?dist}
Summary: A 2D graphics library
License: LGPLv2 or MPLv1.1
URL: http://cairographics.org
Source0: http://cairographics.org/releases/%{name}-%{version}.tar.xz
# Backported from upstream
Patch0: 0001-xlib-Fix-double-free-in-_get_image_surface.patch
Patch3: cairo-multilib.patch
BuildRequires: pkgconfig
@ -85,7 +82,6 @@ This package contains tools for working with the cairo graphics library.
%prep
%setup -q
%patch0 -p1
%patch3 -p1 -b .multilib
%build
@ -171,6 +167,9 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la
%{_libdir}/cairo/
%changelog
* Thu Dec 08 2016 Kalev Lember <klember@redhat.com> - 1.14.8-1
- Update to 1.14.8
* Mon Jul 25 2016 Kalev Lember <klember@redhat.com> - 1.14.6-2
- xlib: Fix double free in _get_image_surface() (#1331021)
- Minor spec file cleanups

View File

@ -1 +1 @@
23a0b2f0235431d35238df1d3a517fdb cairo-1.14.6.tar.xz
4ef0db2eacb271c74f8a3fd87822aa98 cairo-1.14.8.tar.xz