fdo-mirrors/cairo
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/cairo/cairo.git synced 2026-05-09 09:38:11 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix a thinko in composite_color_glyphs

Browse source 
We can't just move around the contents of the
passed-in string, we need to make a copy. This
was showing up as memory corruption in pango.

See https://gitlab.gnome.org/GNOME/pango/issues/346
This commit is contained in:
Matthias Clasen 2019-05-30 07:30:55 -04:00 committed by Behdad Esfahbod
parent e4a79db010
commit aa263f881f
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/cairo-surface.c
View file

@ -2820,6 +2820,7 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
const cairo_clip_t *clip)
{
cairo_int_status_t status;
char *utf8_copy = NULL;
TRACE ((stderr, "%s\n", __FUNCTION__));
if (unlikely (surface->status))
@ -2847,6 +2848,10 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
status = CAIRO_INT_STATUS_UNSUPPORTED;
if (_cairo_scaled_font_has_color_glyphs (scaled_font)) {
utf8_copy = malloc (sizeof (char) * utf8_len);
memcpy (utf8_copy, utf8, sizeof (char) * utf8_len);
utf8 = utf8_copy;
status = composite_color_glyphs (surface, op,
source,
(char *)utf8, &utf8_len,
@ -2861,6 +2866,8 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
if (num_glyphs == 0)
goto DONE;
}
else
utf8_copy = NULL;
/* The logic here is duplicated in _cairo_analysis_surface show_glyphs and
* show_text_glyphs. Keep in synch. */
@ -2918,6 +2925,9 @@ DONE:
surface->serial++;
}
if (utf8_copy)
free (utf8_copy);
return _cairo_surface_set_error (surface, status);
}