From 768b1217cec40be116c90152919b53c2e685e121 Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Wed, 31 Oct 2012 16:19:33 -0400 Subject: [PATCH] *-x{c,li}b-Don-t-crash-when-swapping-a-0-sized-glyph.patch: Fix some crashes when client and server endian don't match. --- ...-crash-when-swapping-a-0-sized-glyph.patch | 43 +++++++++++++++++++ ...-crash-when-swapping-a-0-sized-glyph.patch | 43 +++++++++++++++++++ cairo.spec | 11 ++++- 3 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 0001-xlib-Don-t-crash-when-swapping-a-0-sized-glyph.patch create mode 100644 0002-xcb-Don-t-crash-when-swapping-a-0-sized-glyph.patch diff --git a/0001-xlib-Don-t-crash-when-swapping-a-0-sized-glyph.patch b/0001-xlib-Don-t-crash-when-swapping-a-0-sized-glyph.patch new file mode 100644 index 0000000..c94d7b3 --- /dev/null +++ b/0001-xlib-Don-t-crash-when-swapping-a-0-sized-glyph.patch @@ -0,0 +1,43 @@ +From 8dc3b629434ce256f8e6a584c5853ae9b4230c33 Mon Sep 17 00:00:00 2001 +From: Adam Jackson +Date: Wed, 31 Oct 2012 16:06:51 -0400 +Subject: [PATCH 1/2] xlib: Don't crash when swapping a 0-sized glyph + +malloc(0) needn't return NULL, and on glibc, doesn't. Then we encounter +a loop of the form do { ... } while (--c), which doesn't do quite what +you were hoping for when c is initially 0. + +Since there's nothing to swap in this case, just bomb out. + +Signed-off-by: Adam Jackson +--- + src/cairo-xlib-render-compositor.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/cairo-xlib-render-compositor.c b/src/cairo-xlib-render-compositor.c +index 74c43e9..e38a659 100644 +--- a/src/cairo-xlib-render-compositor.c ++++ b/src/cairo-xlib-render-compositor.c +@@ -1251,6 +1251,9 @@ _cairo_xlib_surface_add_glyph (cairo_xlib_display_t *display, + unsigned char *d; + unsigned char *new, *n; + ++ if (c == 0) ++ break; ++ + new = malloc (c); + if (!new) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); +@@ -1276,6 +1279,9 @@ _cairo_xlib_surface_add_glyph (cairo_xlib_display_t *display, + const uint32_t *d; + uint32_t *new, *n; + ++ if (c == 0) ++ break; ++ + new = malloc (4 * c); + if (unlikely (new == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); +-- +1.7.12.1 + diff --git a/0002-xcb-Don-t-crash-when-swapping-a-0-sized-glyph.patch b/0002-xcb-Don-t-crash-when-swapping-a-0-sized-glyph.patch new file mode 100644 index 0000000..7d2b405 --- /dev/null +++ b/0002-xcb-Don-t-crash-when-swapping-a-0-sized-glyph.patch @@ -0,0 +1,43 @@ +From 4cad9bf9f0744efe17f1b70548cd2059df071e81 Mon Sep 17 00:00:00 2001 +From: Adam Jackson +Date: Wed, 31 Oct 2012 16:12:58 -0400 +Subject: [PATCH 2/2] xcb: Don't crash when swapping a 0-sized glyph + +malloc(0) needn't return NULL, and on glibc, doesn't. Then we encounter +a loop of the form do { ... } while (--c), which doesn't do quite what +you were hoping for when c is initially 0. + +Since there's nothing to swap in this case, just bomb out. + +Signed-off-by: Adam Jackson +--- + src/cairo-xcb-surface-render.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/cairo-xcb-surface-render.c b/src/cairo-xcb-surface-render.c +index 27ed113..16d1ef8 100644 +--- a/src/cairo-xcb-surface-render.c ++++ b/src/cairo-xcb-surface-render.c +@@ -4461,6 +4461,9 @@ _cairo_xcb_surface_add_glyph (cairo_xcb_connection_t *connection, + const uint8_t *d; + uint8_t *new, *n; + ++ if (c == 0) ++ break; ++ + new = malloc (c); + if (unlikely (new == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); +@@ -4489,6 +4492,9 @@ _cairo_xcb_surface_add_glyph (cairo_xcb_connection_t *connection, + const uint32_t *d; + uint32_t *new, *n; + ++ if (c == 0) ++ break; ++ + new = malloc (4 * c); + if (unlikely (new == NULL)) { + status = _cairo_error (CAIRO_STATUS_NO_MEMORY); +-- +1.7.12.1 + diff --git a/cairo.spec b/cairo.spec index 76d1b06..3e11f38 100644 --- a/cairo.spec +++ b/cairo.spec @@ -5,7 +5,7 @@ Summary: A 2D graphics library Name: cairo Version: 1.12.6 -Release: 1%{?dist} +Release: 2%{?dist} URL: http://cairographics.org #VCS: git:git://git.freedesktop.org/git/cairo #Source0: http://cairographics.org/snapshots/%{name}-%{version}.tar.xz @@ -13,6 +13,9 @@ Source0: http://cairographics.org/releases/%{name}-%{version}.tar.xz License: LGPLv2 or MPLv1.1 Group: System Environment/Libraries +Patch0: 0001-xlib-Don-t-crash-when-swapping-a-0-sized-glyph.patch +Patch1: 0002-xcb-Don-t-crash-when-swapping-a-0-sized-glyph.patch + BuildRequires: pkgconfig BuildRequires: libXrender-devel BuildRequires: libX11-devel @@ -89,6 +92,8 @@ This package contains tools for working with the cairo graphics library. %prep %setup -q +%patch0 -p1 -b .xlib-swap +%patch1 -p1 -b .xcb-swap %build %configure --disable-static \ @@ -172,6 +177,10 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la %{_libdir}/cairo/ %changelog +* Wed Oct 31 2012 Adam Jackson 1.12.6-2 +- *-x{c,li}b-Don-t-crash-when-swapping-a-0-sized-glyph.patch: Fix some + crashes when client and server endian don't match. + * Thu Oct 25 2012 Kalev Lember - 1.12.6-1 - Update to 1.12.6