From f723e2834fd56da156b281f8394ab0ef5949e4e6 Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Sat, 25 May 2013 23:47:46 +0200 Subject: [PATCH] Backport an upstream patch for eog get_buddy() crashes https://bugzilla.redhat.com/show_bug.cgi?id=912030 --- ...n-assert-into-an-error-return-for-ge.patch | 34 +++++++++++++++++++ cairo.spec | 7 +++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 0003-mempool-Reduce-an-assert-into-an-error-return-for-ge.patch diff --git a/0003-mempool-Reduce-an-assert-into-an-error-return-for-ge.patch b/0003-mempool-Reduce-an-assert-into-an-error-return-for-ge.patch new file mode 100644 index 0000000..9d29b2b --- /dev/null +++ b/0003-mempool-Reduce-an-assert-into-an-error-return-for-ge.patch @@ -0,0 +1,34 @@ +From 01a8bf01c6508a4fea8d40371c3049e7a2f7908a Mon Sep 17 00:00:00 2001 +From: Chris Wilson +Date: Fri, 15 Mar 2013 09:08:00 +0000 +Subject: [PATCH] mempool: Reduce an assert into an error return for + get_buddy() + +If we ask for a buddy that is outside of our allocation that is an +error that should not happen with a power-of-two allocated zone... +However, since it has been seen in the wild, we can safely return that +there is no buddy rather than die in a too-late assert. + +Reported-by: Anton Eliasson +Signed-off-by: Chris Wilson +--- + src/cairo-mempool.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/cairo-mempool.c b/src/cairo-mempool.c +index 96e4a62..751ede3 100644 +--- a/src/cairo-mempool.c ++++ b/src/cairo-mempool.c +@@ -157,7 +157,8 @@ get_buddy (cairo_mempool_t *pool, size_t offset, int bits) + { + struct _cairo_memblock *block; + +- assert (offset + (1 << bits) <= pool->num_blocks); ++ if (offset + (1 << bits) >= pool->num_blocks) ++ return NULL; /* invalid */ + + if (BITTEST (pool, offset + (1 << bits) - 1)) + return NULL; /* buddy is allocated */ +-- +1.8.1.4 + diff --git a/cairo.spec b/cairo.spec index 968f091..213d312 100644 --- a/cairo.spec +++ b/cairo.spec @@ -5,7 +5,7 @@ Summary: A 2D graphics library Name: cairo Version: 1.12.14 -Release: 1%{?dist} +Release: 2%{?dist} URL: http://cairographics.org #VCS: git:git://git.freedesktop.org/git/cairo #Source0: http://cairographics.org/snapshots/%{name}-%{version}.tar.gz @@ -15,6 +15,7 @@ Group: System Environment/Libraries Patch0: 0001-xlib-Don-t-crash-when-swapping-a-0-sized-glyph.patch Patch1: 0002-xcb-Don-t-crash-when-swapping-a-0-sized-glyph.patch +Patch2: 0003-mempool-Reduce-an-assert-into-an-error-return-for-ge.patch BuildRequires: pkgconfig BuildRequires: libXrender-devel @@ -96,6 +97,7 @@ This package contains tools for working with the cairo graphics library. %setup -q %patch0 -p1 -b .xlib-swap %patch1 -p1 -b .xcb-swap +%patch2 -p1 -b .get_buddy-assert %build %configure --disable-static \ @@ -179,6 +181,9 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la %{_libdir}/cairo/ %changelog +* Sat May 25 2013 Kalev Lember 1.12.14-2 +- Backport an upstream patch for eog get_buddy() crashes (#912030) + * Tue Feb 12 2013 Adam Jackson 1.12.14-1 - cairo 1.12.14