This hopefully fixes the raster-source test case crashing:
cairo-svg-surface.c:2269: _cairo_svg_surface_emit_pattern: Assertion `!"reached"' failed.
I cannot / did not test this change locally and rely on CI to tell me
whether this works.
Signed-off-by: Uli Schlachter <psychon@znc.in>
This should allow to use them for allocating large amounts of memory.
Also use explicit checks for zeros to not make the compiler think that it is a boolean context.
As we do not check the status after _cairo_output_stream_printf
and _cairo_memory_stream_copy (which are more common operations)
anyway.
This simplifies the code, but keeps it correct, as the status
will be propagated anyway, just a bit later.
Now the SVG surface should work correctly work with bounded and unbounded image (-like) and recording surfaces with NONE and REPEAT extends as source for all operations.
Fill or stroke with an unbounded surface as source now means using clip or mask respectively.
Fix using unitialized memory in the SVG surface.
Also fix unintialized memory and working with offsetted images in the recording surface.
This function parses some raw font data and it trusts the font to be
well-formed. This means that a font can just say "this segment is a
gigabyte large" and the code will happily jump ahead in memory. Bad
things then happen in practice.
Fix this by adding lots of bounds check.
Also, an existing bounds check makes sure we are still before the end of
the data, but then happily reads the next six bytes. Fix this by making
sure we actually have six bytes of data.
No regression test since the last few times I tried to do this for font
issues, I ended up with a large/huge blob of font data. Too large for
the test suite.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27969
Signed-off-by: Uli Schlachter <psychon@znc.in>
