From 519dff51db30e157f52ef5244a3afeea06340ff8 Mon Sep 17 00:00:00 2001
From: Chris Wilson <chris@chris-wilson.co.uk>
Date: Tue, 18 Jun 2013 16:06:28 +0100
Subject: [PATCH] scaled-font: Prevent a recursive mutex lock for removing a
 failed glyph

If we fail to create a glyph, and it is the only one in the glyph page,
we then pluck that page out of the global glyph cache. The cache destroy
callback tries to take the scaled_font lock again, causing a lockup.
Rework the error path to avoid taking that lock in this case - still a
potential lock ordering issue remains.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
---
 src/cairo-scaled-font.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/cairo-scaled-font.c b/src/cairo-scaled-font.c
index 97460c2cb..ac80c97d1 100644
--- a/src/cairo-scaled-font.c
+++ b/src/cairo-scaled-font.c
@@ -2905,8 +2905,12 @@ _cairo_scaled_font_free_last_glyph (cairo_scaled_font_t *scaled_font,
 
     if (--page->num_glyphs == 0) {
 	CAIRO_MUTEX_LOCK (_cairo_scaled_glyph_page_cache_mutex);
+	/* Temporarily disconnect callback to avoid recursive locking */
+	cairo_scaled_glyph_page_cache.entry_destroy = NULL;
 	_cairo_cache_remove (&cairo_scaled_glyph_page_cache,
 		             &page->cache_entry);
+	_cairo_scaled_glyph_page_destroy (scaled_font, page);
+	cairo_scaled_glyph_page_cache.entry_destroy = _cairo_scaled_glyph_page_pluck;
 	CAIRO_MUTEX_UNLOCK (_cairo_scaled_glyph_page_cache_mutex);
     }
 }