fdo-mirrors/cairo
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/cairo/cairo.git synced 2026-05-07 12:08:16 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

[stroker] Fix off-by-one memory allocation in _tessellate_fan().

Browse source 
The number of points in a triangle fan was miscomputed because
it was computing the number of line segments rather than points
in the fan.  Now we include the final point of the fan correctly
in the count.

This fixes https://bugs.webkit.org/show_bug.cgi?id=33071 as
reported by Benjamin Otte.  A derived test case was not added
to the cairo test suite since the bug is difficult to trigger in
a reliable way which causes visible results (as opposed to
silent heap corruption.)

The easiest way of triggering the bug is to stroke a line
using a large line width and round caps or joins.
This commit is contained in:
M Joonas Pihlaja 2010-01-01 20:13:33 +02:00
parent a0ea0b63fd
commit 3ae9d04c6d
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/cairo-path-stroke.c
View file

@ -346,7 +346,7 @@ _tessellate_fan (cairo_stroker_t *stroker,
if (npoints < 0)
npoints += stroker->pen.num_vertices;
npoints += 2;
npoints += 3;
if (npoints <= 1)
goto BEVEL;