If we cannot let the X11 server do some operation (for example: the
RENDER extension is not available), then we fall back to an image
surface and do the operation locally instead. This fallback requires the
current content of the surface to be downloaded from the X11 server.
This fallback logic had an error.
The fallback is implemented with _get_image() in the function
_cairo_xcb_surface_fallback(). _get_image() is only called if we do not
yet have a fallback available, so when we call _get_image we have
surface->fallback == NULL. Then, if _get_image() fails, it returns a
surface in an error state.
Before this patch, the code would then just ignore this error surface
and return &surface->fallback->base, a NULL pointer. This would then
quickly cause a crash when e.g. the surface's ->status member is
accessed.
Fix this by returning the error surface instead as the fallback.
The end result of this patch will be that the XCB surface that is
currently drawn to ends up in an error state which is a lot better than
a NULL pointer dereference and actually correct in this case. The error
state is reached because the current drawing operation will fail and
this error is reported up the call stack and eventually "taints" the
surface.
(However, the error code could be better: _get_image() too often fails
with a generic CAIRO_STATUS_NO_MEMORY error, but that's left as future
work)
Signed-off-by: Uli Schlachter <psychon@znc.in>
On systems using GNU's strings implementation, 'strings -' causes a scan
of the whole file, which is equivalent to 'strings -a'. However, in
POSIX passing '-' as the first argument to 'strings' is declared
unspecified, and thus may break the build on systems that use a
different POSIX strings implementation.
Patch from Jung-uk Kim
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=88639
Signed-off-by: Bryce Harrington <bryce@osg.samsung.com>
Some debugging functions wrote to stdout, which is inconsistent with
the other debugging functions of the same groups.
Instead they should write to the debugging file that they are given as
input.
Reviewed-by: Andrea Canciani <ranma42@gmail.com>
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=95227
Invoking cairo_surface_mark_dirty () on an observer surface would
cause it to print debugging output to stdout.
Reviewed-by: Andrea Canciani <ranma42@gmail.com>
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=95227
The destruction of a scaled font could indirectly trigger the destruction
of a second scaled font, causing the global cache to be locked twice in
the same thread.
This is solved by unlinking the font's glyph pages while holding the global
lock, then releasing the lock before destruction takes place.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=93891
According to the Opentype spec, num_contours in a glyf table entry can
be > 0 (single glyph) or < 0 (composite glyph). num_contours == 0 is
undefined.
The embedded font in the test case for this bug contained a space
glyph with num_contours == 0. This was failing on some printers.
According to the spec, glyphs with no outlines such as space are
required to have a 0 size entry in the loca table.
https://bugs.freedesktop.org/show_bug.cgi?id=79897
If XShmGetImage() fails, the code tries to continue with its normal,
non-shared-memory path. However, the image variable, which was previously set to
NULL, now points to an already-destroyed surface, causing a double-free when the
function cleans up after itself (actually, its an assertion failure because the
reference count of the surface is zero, but technically this is still a double
free).
Fix this by setting image=NULL after destroying the surface that this refers to,
to make sure this surface will not be destroyed again.
While we are here (multiple changes in a single commit are bad...), also fix the
cleanup done in bail. In practice, &image->base should be safe when image==NULL,
because this just adds some offset to the pointer (the offset here is actually
zero, so this doesn't do anything at all). However, the C standard does not
require this to be safe, so let's handle this case specially.
Note that anything that is fixed by this change is still buggy, because the only
reason why XShmGetImage() could fail would be BadDrawable, meaning that the
target we draw to does not exist or was already destroyed. This patch will
likely just cause X11 errors elsewhere and drawing to (possible) invalid
drawables is not supported by cairo anyway. This means that if SHM fails, the
following fallback code has a high chance of failing, too.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=91967
Signed-off-by: Uli Schlachter <psychon@znc.in>
When doing a "complicated" mask operation, we draw the clip to a surface and use
this as a mask in later operations. The code assumes that this operation draws
to the whole target surface and thus a deferred clear may be skipped.
However, this requires that the extents of the trapezoids that will be drawn and
the extents of the surface are the same. This assumption is wrong, as can be
seen e.g. by the bug report that this commit fixes.
The fix is just not to skip the deferred clear.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=84330
Signed-off-by: Uli Schlachter <psychon@znc.in>
NextRequest is a macro that doesn't mix well with xcb, since
dpy->request is not updated. Instead use XNextRequest() that was fixed
to do the right thing with xcb in libX11 commit:
http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=7f8f9a36ef901f31279c385caf960a22daeb33fe
This may solve application X errors when a shmdt() is called by cairo
before the Attach request is processed.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Uli Schlachter <psychon@znc.in>
This function tries to use _cairo_xcb_connection_put_image() to do the actual
work. However, that function can only be used for images with "native" stride.
If we only want to upload a rectangle from within an image, the function
_cairo_xcb_connection_put_subimage() has to be used. This function makes sure
that the correct information is sent to the X11 server.
No unit test for this, because we currently do not test the !SHM case
automatically. Perhaps we should?
Signed-off-by: Uli Schlachter <psychon@znc.in>
This function always returned CAIRO_INT_STATUS_SUCCESS, even if it didn't do
anything. This commit makes the function return CAIRO_INT_STATUS_UNSUPPORTED
instead.
No unit test for this, because we currently do not test the !SHM case
automatically. Perhaps we should?
Signed-off-by: Uli Schlachter <psychon@znc.in>
The memory allocated to "image" at line 298 is not freed before moving to label fail at line 305 and 314.
This patch takes care of this memory leak in above mentioned cases.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=91537
Signed-off-by: Sahil Vij <sahil.vij@samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
The attribute list is terminated by GLX_NONE (defined as 0x8000), but
the man page of 'glXChooseVisual' says it must be terminated with None
(0L).
Issue found and fix suggested by Massimo.
Signed-off-by: Bryce Harrington <bryce@osg.samsung.com>
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=91293
In read_file(), we see:
*data = malloc (*len);
...
if (fread(*data, *len, 1, fp) != 1) {
free(data);
...
The free call needs to be free(*data), to match the malloc call.
Matthias Clasen found this via Coverity and proposed the fix.
Signed-off-by: Bryce Harrington <bryce@osg.samsung.com>
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=91381
The sizeof operator now applied to the correct variable "ctx->glyph_cache",
instead of its pointer address, in function "_cairo_gl_composite_flush".
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=91321
Signed-off-by: Arpit Jain <jain.arpit@samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
The pattern structure is hardcoded to hold 7 elements, yet the
pattern_names array in cairo-surface-observer.c is initialized with 8
strings. This causes a crash in print_array at line 1587 when it tries
to access the 8th member.
Hence changed the 'type' array from type[7] to type[8] to avoid out of
bound access.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=91266
Signed-off-by: Ashim <ashim.shah@samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
The pointer 'filename' is already freed and still used as a function
argument. This patch will free the pointer 'filename' only after it is
used.
Also, the patch ensures that it frees the pointer 'filename' before any
return of this function.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=91206
Signed-off-by: Arpit Jain <jain.arpit@samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
There is an unintentional (benign) missing line continuation "\" in the
definition of MAYBE_WARN in configure. configure completes and issues a
WARNING:
configure: WARNING: cache variable cairo_cv_warn_maybe contains a
newline
Found and solved by Larry Baker.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=89750
Signed-off-by: Bryce Harrington <bryce@osg.samsung.com>
That is if the difference between the origin and the end is bigger than
.5 round up regardless of the coordinates.
Round the difference of the floats instead of rounding the floats then
diff them.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=84396
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
On AIX, the token jmpbuf is a pre-processor macro.
cairo-script-scanner.c includes a private struct with a member named
jmpbuf which gets renamed to __jmpbuf when AIX's sys/context.h has been
included.
While judicious ordering of includes might kludge around this problem
(by causing all references to .jmpbuf to become .__jmpbuf), it's better
to simply select a new name for the struct member that won't suffer the
collision.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=89339
Signed-off-by: Bryce Harrington <bryce@osg.samsung.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Use quoted includes rather than bracketed, to prefer linking to the
in-tree cairo in preference to the system cairo.
Signed-off-by: Bryce Harrington <bryce@osg.samsung.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Chris wrote all of the cairo script stuff. I'm making a guess about the
copyright date.
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Bryce Harrington <bryce@osg.samsung.com>
den_det is positive because intersect_lines is called
only after _slope_compare returned > 0 and slope_compare
is returning the sign of den_det
The quadratic-time intersection finder is #if 0-ed out
in src/cairo-bentley-ottman.c, but is unusable even there
since the second commit to that file.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=74779
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Optimizing compilers aggressively remove code that is executed only
after an undefined behaviour occurred.
Also, the difference of two (non char) pointers hides an integer
division that, because the divisor is known at compile time, is
transformed into a multiplication by a pseudo-reciprocal, and in this
case the difference is not always a multiple of the divisor, resulting
in an invalid comparison predicate.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=74779
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
In Hobby's paper it is proved that INTERSECTION events can be
processed in any order by ignoring intersections between edges
non-adjacent in the active edges list.
But with respect to START/STOP events they must be processed in
order. Because START/STOP events have always exact y, it is
sufficient to know whether an integer y intersection is a
default/excess approximation of the exact to properly sort events.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=74779
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Quells the following warning:
cairo-script-scanner.c: In function ‘_translate_string’:
cairo-script-scanner.c:1623:18: warning: comparison between signed and
unsigned integer expressions [-Wsign-compare]
if (buf_len <= 8 + 2*string->len) {
^
Even features which are disabled by default should appear in
cairo-features.h.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=83359
(Patch approved by Behdad Esfahbod in bug tracker.)
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Recent versions of GCC/clang feature a new set of compiler intrinsics
for performing atomic operations, motivated by the operations needed to
support the C++11 memory model. These intrinsics are more flexible than
the old __sync_* intrinstics and offer efficient support for atomic load
and store operations.
Having the load appear atomic to the compiler is particular important
for tools like ThreadSanitizer so they don't report false positives on
memory operations that we intend to be atomic.
Patch from Nathan Froyd <froydnj@mozilla.com>
To maintain compatibility with OpenGL ES 2.0, the matrix in
_cairo_gl_shader_bind_matrix() should be manually transposed,
and GL_FALSE passed as the transpose argument to the
glUniformMatrix3fv() call as it is the only valid value for
that parameter in OpenGL ES 2.0.
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Acked-by: "Henry (Yu) Song" <henry.song@samsung.com>
