From 8e9c4ea5890a4df3f463e592dc3aa429bb423608 Mon Sep 17 00:00:00 2001 From: Chris Wilson Date: Wed, 11 Aug 2010 12:18:53 +0100 Subject: [PATCH] Mark the context as invalid on the final cairo_destroy() We initialise the context to a non-error state upon creation, but after destroy there is a window of opportunity where the object is kept alive inside the context pool and the user could mistakenly keep on passing the zombie context into cairo functions. As all entry points need to check error status, flagging the context as an error object upon the final unreference prevents such misuse (until such as time as the context is reallocated). --- src/cairo.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/cairo.c b/src/cairo.c index 7c1c76aad..dd0bdfa70 100644 --- a/src/cairo.c +++ b/src/cairo.c @@ -454,6 +454,9 @@ cairo_destroy (cairo_t *cr) _cairo_user_data_array_fini (&cr->user_data); + /* mark the context as invalid to protect against misuse */ + cr->status = CAIRO_STATUS_NULL_POINTER; + _context_put (cr); } slim_hidden_def (cairo_destroy);