From dca4e6c2dd6ebed73abbeb1dd87cb26a3b09685a Mon Sep 17 00:00:00 2001
From: Uli Schlachter <psychon@znc.in>
Date: Sun, 9 Oct 2011 09:37:03 +0200
Subject: [PATCH] clip: Fix clip-double-free

If the call to _cairo_clip_set_all_clipped() right after this is hit,
clip->boxes was freed twice.

Signed-off-by: Uli Schlachter <psychon@znc.in>
---
 src/cairo-clip-boxes.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/cairo-clip-boxes.c b/src/cairo-clip-boxes.c
index 16f5f7fc2..1c3f9403b 100644
--- a/src/cairo-clip-boxes.c
+++ b/src/cairo-clip-boxes.c
@@ -294,6 +294,7 @@ _cairo_clip_intersect_boxes (cairo_clip_t *clip,
 	if (clip->boxes != &clip->embedded_box)
 	    free (clip->boxes);
 
+	clip->boxes = NULL;
 	boxes = &clip_boxes;
     }