COLR fonts can have a layer with the same color as the current text
color. This change passes the current color (if solid) through to
the font backend where it can be used to render color fonts.
scaled_glyph_lookup checks if the foreground color has changed (for
glyph that require it) and requests a new color surface if required.
This also fixes a bug where scaled_glyph_lookup would always request a
color surface for glyphs for glyphs in color fonts that do not have
color.
With the last commit, these became pointless. Just switch the code to
call the underlying function directly.
Signed-off-by: Uli Schlachter <psychon@znc.in>
cairo-xcb kept a cache of free xid to avoid calling xcb_generate_id()
later. However, this is unsafe: When libxcb runs out of ids, it asks the
X11 server for an empty range of ids to use. The X11 server of course
does not know about cairo's cache and could hand out an id that cairo
will use again later. This would then result in BadIdChoice errors
later.
Fix this by simply removing the whole cache.
Fixes: https://gitlab.freedesktop.org/cairo/cairo/-/issues/434
Signed-off-by: Uli Schlachter <psychon@znc.in>
The code here temporary replaces extents->clip with another clip to call
a function. Afterwards, it restores the previous copy. The temporary
clip is only freed when it still is pointed to by extents->clip.
This logic is wrong. It is indeed possible that the clip is simplified
and changes. In this case, the original clip is also correctly freed.
However, this still means that we have to clean up and destroy the new
clip. The previous code just leaked it.
This was originally identified by Massimo in [1]. I am just committing
his patch.
[1]: https://bugs.freedesktop.org/show_bug.cgi?id=91267
Fixes: https://gitlab.freedesktop.org/cairo/cairo/-/issues/24
Signed-off-by: Uli Schlachter <psychon@znc.in>
_cairo_malloc(0) always returns NULL, but has not been used
consistently. This patch replaces many calls to malloc() with
_cairo_malloc().
Fixes: fdo# 101547
CVE: CVE-2017-9814 Heap buffer overflow at cairo-truetype-subset.c:1299
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
When doing a "complicated" mask operation, we draw the clip to a surface and use
this as a mask in later operations. The code assumes that this operation draws
to the whole target surface and thus a deferred clear may be skipped.
However, this requires that the extents of the trapezoids that will be drawn and
the extents of the surface are the same. This assumption is wrong, as can be
seen e.g. by the bug report that this commit fixes.
The fix is just not to skip the deferred clear.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=84330
Signed-off-by: Uli Schlachter <psychon@znc.in>
When you draw (part of) a surface to an XCB surface, the XCB backend will safe
the uploaded part as a snapshot to the input surface. This allows to re-use this
picture in case the same surface is later used again as a source.
However, other backends do not do this and this has caused and/or highlighted
numerous bugs. Just skipping the snapshot fixes or hides these bugs.
Papers-over: https://bugs.freedesktop.org/show_bug.cgi?id=67505
Signed-off-by: Uli Schlachter <psychon@znc.in>
malloc(0) needn't return NULL, and on glibc, doesn't. Then we encounter
a loop of the form do { ... } while (--c), which doesn't do quite what
you were hoping for when c is initially 0.
Since there's nothing to swap in this case, just bomb out.
Signed-off-by: Adam Jackson <ajax@redhat.com>
It will not use the fallback if the symbols in the previous patch
are turned on.
Also some code rearrangement to make this resemble the xlib version
more and to remove some suspect bugs. In particular meshes should not
work just because the translation is an integer.
Reviewed-by: Bryce Harrington <b.harrington@samsung.com>
After converting, the number of boxes should only count the number of
non-zero boxes and forget about the zero-sized boxes we skipped over.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=81699
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
The rectangular tesselation routines rely on the presuming that all the
boxes it has to handle are already filtered to remove empty boxes.
<< /width 800 /height 600 >> surface context
0.0848671 0 0 0.0848671 39.907812 5.608896 matrix transform
8 0 m 12.417969 0 16 3.582031 16 8 c 16 12.417969 12.417969 16 8 16 c
3.582031 16 0 12.417969 0 8 c 0 3.582031 3.582031 0 8 0 c h
clip
16 0 m 8 8 l 16 16 l h
clip
0 0 16 16 rectangle
fill
Triggers the error given a traps tesselator like cairo-xlib.
Reported-by: Henrique Lengler <henriqueleng@openmailbox.org>
Analyzed-by: Massimo <sixtysix@inwind.it>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=81699
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
(changed to use determinant funciton and remove debug printf)
Modifies _cairo_matrix_has_unity_scale to return true for 90 degree rotations
by allowing error caused by inaccuracy in trig functions.
This fails after 14 additions of M_PI_2 to itself as a float argument to
cairo_rotate, but the failure is in the detection of the integer translate,
not in the trig components. I believe this is due to the matrix inversion,
which may need similar rounding.
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Introduced a new inline function _cairo_surface_is_xcb() as similar to
_cairo_surface_is_image() and used the same to check for xcb surface
type
Signed-off-by: Ravi Nanjundappa <nravi.n@samsung.com>
We merge _cairo_surface_create_similar_scratch and
_cairo_surface_create_similar_solid into a single function named
_cairo_surface_create_scratch, to avoid confusion with
cairo_surface_create_similar which now will have a different
behaviour wrt the sizes and the device-scale.
_create_scratch assumes the width and height are in backend
coordinates, while create_similar does not.
This gets rid of random noise that we got from the X11 server due to
uninitialized memory.
Fixes: pdf-surface-source, ps-surface-source, svg-surface-source
Signed-off-by: Uli Schlachter <psychon@znc.in>
The documentation of cairo_surface_create_similar_image() states that the
image's contents are initially all 0. However, the implementation didn't live up
to the documentation.
This was found via the corresponding assert in
cairo_surface_create_similar_image().
There are some cairo-xcb-internal users of this function which cleared the image
right after creating it. Obviously, this isn't needed anymore.
Fixes: Nothing. The existing call in the testsuite to
cairo_surface_create_similar_image() doesn't hit this issue, since it creates a
too small image to hit the SHM-case.
Signed-off-by: Uli Schlachter <psychon@znc.in>
This code tried to optimize the clip away by intersecting the boxes with the
clip polygon. However, it also did so when the server didn't support traps.
Fixes: clip-stroke-unbounded clip-fill-nz-unbounded clip-fill-eo-unbounded
clip-fill clip-fill-rule a1-clip-fill-rule clip-group-shapes-circles
clip-intersect clip-nesting clip-operator clip-push-group clip-polygons
clip-shape clip-text clip-twice inverted-clip mask random-clip
rotate-clip-image-surface-paint trap-clip unantialiased-shapes
Signed-off-by: Uli Schlachter <psychon@znc.in>
This commit removes the hand-written code in cairo-xcb-surface.c and instead
makes use of cairo_compositor_t. Surprisingly, this doesn't break a single test
case. :-)
Signed-off-by: Uli Schlachter <psychon@znc.in>
The size of the target area doesn't really have much to do with the size of the
recording surface that we are painting from. Thus, let's use the recording
surface's size instead.
Since we apply the transformation before replaying the recording surface, we
need to transform the recording surface's size via the inverse of our pattern
matrix to get the size in the target surface. This makes this a little more
complex.
Signed-off-by: Uli Schlachter <psychon@znc.in>
Let's say we are painting recording surface 'source' to xcb surface 'target' by
replaying the source to a temporary surface 'tmp'.
Previously, the xcb backend replayed the recording surface to tmp with just a
translation and then used that as its source surface with the pattern's
transformation. That means 'tmp' used the same coordinate system as 'source'.
This patch changes this so that the transformation is applied during the replay
and painting from 'tmp' to 'target' is just a simple translation, so 'tmp' now
uses the same coordinate system as 'target'.
This should produce way less better results, because transforming a recording
surface should have less artifacts than transforming a raster surface.
Fixes: record1414x-* record2x-* record90-* ps-surface-source
Breaks (or rather, "exposes unrelated bug that I have not yet figured out in"):
record-extend-*-similar
Signed-off-by: Uli Schlachter <psychon@znc.in>
There is already a cairo-xcb section and there are no symbols that
should be documented in an extra -xrender section. It is not mentioned
in cairo-sections.txt either. So simply delete it.
Signed-off-by: Uli Schlachter <psychon@znc.in>
Documentation comments should always start with "/**" and end with
"**/". This is not required by gtk-doc, but it makes the
documentations formatting more consistent and simplifies the checking
of documentation comments.
The following Python script tries to enforce this.
from sys import argv
from sre import search
for filename in argv[1:]:
in_doc = False
lines = open(filename, "r").read().split("\n")
for i in range(len(lines)):
ls = lines[i].strip()
if ls == "/**":
in_doc = True
elif in_doc and ls == "*/":
lines[i] = " **/"
if ls.endswith("*/"):
in_doc = False
out = open(filename, "w")
out.write("\n".join(lines))
out.close()
This fixes most 'documentation comment not closed with **/' warnings
by check-doc-syntax.awk.
An unbounded recording surface will complain loudly when you call
acquire_source_image on it and thus we need a special case which draws the
recording surface to a temporary surface and then proceeds with that.
Signed-off-by: Uli Schlachter <psychon@znc.in>
This was introduced in a69335a84e when the second argument of
_cairo_xcb_surface_create_similar_image was changed from content to format.
Signed-off-by: Uli Schlachter <psychon@znc.in>
As discussed, overloading the cairo_surface_t semantics to include
sources (i.e. read-only surfaces) was duplicating the definition of
cairo_pattern_t. So rather than introduce a new surface type with
pattern semantics, start along the thorny road of extensible pattern
types.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
cairo-xcb was deciding which type to cast a surface to based on its "type"
member. This is wrong, it should use "backend->type".
This bug was hit via xlib-xcb. This was painting a subsurface of a xlib-xcb
surface to an xcb surface. Because surface->type said "xlib", the code was
trying to check if the xcb surface had a fallback. However, this was done on the
subsurface. The end result was dereferencing a pointer to 0x28.
This was noticed while looking into
https://bugs.freedesktop.org/show_bug.cgi?id=42889
No test for this bug since I didn't manage to come up with one.
Signed-off-by: Uli Schlachter <psychon@znc.in>
I lost the '&& 0' I put in to disable the glyph rendering until I had
the glyph cache integration working again.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
And only upload the parts of the image that are modified during the
fallback. I have to keep reminding myself that the goal is always to
reduce the amount of fallbacks required...
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
This doesn't just need a clip without any path, it also needs pixel aligned
boxes.
This improves the result for unaligned boxes in tighten-bounds.
Signed-off-by: Uli Schlachter <psychon@znc.in>
This function changed its behavior and no longer does what we want. Instead,
this now uses its own function which uses _cairo_clip_combine_with_surface().
This fixes crashes in the tighten-bounds and random-clip tests. These happened
because cairo-xcb was trying to be clever. ;-)
Since _cairo_clip_get_surface() did less, the resulting surface had
deferred_clear == true and picture == XCB_NONE. The code then tried using this
evil picture and either ran into an assert() or caused a BadPicture error.
Signed-off-by: Uli Schlachter <psychon@znc.in>
This makes sure that errors from _cairo_clip_get_surface() aren't lost and that
we really got an xcb surface.
Signed-off-by: Uli Schlachter <psychon@znc.in>
Having spent the last dev cycle looking at how we could specialize the
compositors for various backends, we once again look for the
commonalities in order to reduce the duplication. In part this is
motivated by the idea that spans is a good interface for both the
existent GL backend and pixman, and so they deserve a dedicated
compositor. xcb/xlib target an identical rendering system and so they
should be using the same compositor, and it should be possible to run
that same compositor locally against pixman to generate reference tests.
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
P.S. This brings massive upheaval (read breakage) I've tried delaying in
order to fix as many things as possible but now this one patch does far,
far, far too much. Apologies in advance for breaking your favourite
backend, but trust me in that the end result will be much better. :)
