fdo-mirrors/cairo
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/cairo/cairo.git synced 2026-01-06 14:20:19 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

xlib-xcb: Fix a double free in surface_unmap

Browse source 
cairo_surface_unmap_image() destroys the image that was passed to it. Since
xlib-xcb calls cairo_surface_unmap_image() again for the underlying xcb surface,
the surface was destroyed twice.

Work around this problem by incrementing the image's reference count via
cairo_surface_reference().

No idea why I didn't catch this problem when implementing these functions, I'm
sure I ran the relevant tests. :-(

lt-cairo-test-suite: cairo-surface.c:853: cairo_surface_destroy: Assertion
`((*&(&surface->ref_count)->ref_count) > 0)' failed.

Fixes: map-to-image-fill map-bit-to-image map-all-to-image

Signed-off-by: Uli Schlachter <psychon@znc.in>
This commit is contained in:
Uli Schlachter 2011-08-05 21:07:38 +02:00
parent 73e9307855
commit 03cda5c0e5
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/cairo-xlib-xcb-surface.c
View file

@ -134,6 +134,10 @@ _cairo_xlib_xcb_surface_unmap (void *abstract_surface,
{
cairo_xlib_xcb_surface_t *surface = abstract_surface;
/* cairo_surface_unmap_image destroys the surface, so get a new reference
* for it to destroy.
*/
cairo_surface_reference (&image->base);
cairo_surface_unmap_image (&surface->xcb->base, &image->base);
return cairo_surface_status (&surface->xcb->base);
}