Bug 33318 - Crash due to missing cairo_clip_init call in cairo_gstate_show_text_glyphs
Summary: Crash due to missing cairo_clip_init call in cairo_gstate_show_text_glyphs
Alias: None
Product: cairo
Classification: Unclassified
Component: general (show other bugs)
Version: 1.10.3
Hardware: All All
: medium critical
Assignee: Carl Worth
QA Contact: cairo-bugs mailing list
Keywords: patch, security
Depends on:
Reported: 2011-01-20 21:31 UTC by Mats Palmgren
Modified: 2012-02-09 14:19 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Proposed fix (1.21 KB, patch)
2011-01-21 01:48 UTC, Andrea Canciani
Details | Splinter Review

Description Mats Palmgren 2011-01-20 21:31:42 UTC
Crash due to missing cairo_clip_init call in cairo_gstate_show_text_glyphs.

See https://bugzilla.mozilla.org/show_bug.cgi?id=624198
for a crash testcase.  Please don't make that testcase public until
Mozilla makes it public.

Fixed in mozilla-central for Firefox 4:
Comment 1 Andrea Canciani 2011-01-21 01:32:23 UTC
I don't like the fact that clip will get initialized twice in your patch.
It would easily be forgotten and break if clip init/fini were changed.

I think it would be better to only clip_init() if _cairo_scaled_font_glyph_path() fails or to just _gstate_get_clip() in all the cases.
Comment 2 Andrea Canciani 2011-01-21 01:48:41 UTC
Created attachment 42259 [details] [review]
Proposed fix

I haven't tested this patch, but I expect it to fix the problem.
Comment 3 Chris Wilson 2012-02-09 14:19:12 UTC
That code is now obsolete.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.