From 86ae4233bf40945b0640349ff3a9db6ffc172600 Mon Sep 17 00:00:00 2001 From: Jonathan Kew Date: Wed, 15 Apr 2026 14:24:01 +0100 Subject: [PATCH] Ensure converter's jmp_buf is set up before adding edges. It's possible for a pool allocation to fail under glitter_scan_converter_add_edge, in which case longjmp will be called to bail out, but the converter's jmp_buf hasn't been appropriately initialized to catch the error. --- src/cairo-tor-scan-converter.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/cairo-tor-scan-converter.c b/src/cairo-tor-scan-converter.c index f29359ce4..cbe88cf88 100644 --- a/src/cairo-tor-scan-converter.c +++ b/src/cairo-tor-scan-converter.c @@ -1830,6 +1830,7 @@ _cairo_tor_scan_converter_add_polygon (void *converter, const cairo_polygon_t *polygon) { cairo_tor_scan_converter_t *self = converter; + cairo_status_t status; int i; #if 0 @@ -1838,6 +1839,9 @@ _cairo_tor_scan_converter_add_polygon (void *converter, fclose (file); #endif + if ((status = setjmp (self->jmp))) + return _cairo_scan_converter_set_error (self, _cairo_error (status)); + for (i = 0; i < polygon->num_edges; i++) glitter_scan_converter_add_edge (self->converter, &polygon->edges[i]);