Bug 33318

Summary: Crash due to missing cairo_clip_init call in cairo_gstate_show_text_glyphs
Product: cairo Reporter: Mats Palmgren <matspal>
Component: generalAssignee: Carl Worth <cworth>
Status: RESOLVED WORKSFORME QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: critical    
Priority: medium CC: matspal
Version: 1.10.3Keywords: patch, security
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: Proposed fix

Description Mats Palmgren 2011-01-20 21:31:42 UTC 
Crash due to missing cairo_clip_init call in cairo_gstate_show_text_glyphs.

See https://bugzilla.mozilla.org/show_bug.cgi?id=624198
for a crash testcase.  Please don't make that testcase public until
Mozilla makes it public.

Fixed in mozilla-central for Firefox 4:
http://hg.mozilla.org/mozilla-central/rev/6db090a3aaa0
Comment 1 Andrea Canciani 2011-01-21 01:32:23 UTC 
I don't like the fact that clip will get initialized twice in your patch.
It would easily be forgotten and break if clip init/fini were changed.

I think it would be better to only clip_init() if _cairo_scaled_font_glyph_path() fails or to just _gstate_get_clip() in all the cases.
Comment 2 Andrea Canciani 2011-01-21 01:48:41 UTC 
Created attachment 42259 [details] [review]
Proposed fix

I haven't tested this patch, but I expect it to fix the problem.
Comment 3 Chris Wilson 2012-02-09 14:19:12 UTC 
That code is now obsolete.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.