From df1ca22ada340add2360677ff892ec043dad96f4 Mon Sep 17 00:00:00 2001
From: Chris Wilson <chris@chris-wilson.co.uk>
Date: Tue, 18 Jun 2013 15:46:28 +0100
Subject: [PATCH] recording: Prevent invalid memory access with zero length
 command array

If we try to sort a zero length array, we access invalid memory.
However, for a zero length command array, we can trivially compute the
number of visible indices, 0.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
---
 src/cairo-recording-surface.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/cairo-recording-surface.c b/src/cairo-recording-surface.c
index 28d8abd8f..55a98d023 100644
--- a/src/cairo-recording-surface.c
+++ b/src/cairo-recording-surface.c
@@ -1586,6 +1586,9 @@ _cairo_recording_surface_get_visible_commands (cairo_recording_surface_t *surfac
     unsigned int num_visible, *indices;
     cairo_box_t box;
 
+    if (surface->commands.num_elements == 0)
+	    return 0;
+
     _cairo_box_from_rectangle (&box, extents);
 
     if (surface->bbtree.chain == INVALID_CHAIN)