Since the if/else was replaced by a switch() here in 2e0075e265,
the size field of pbounds is not being set in the EXTEND_NONE case,
which means we end up passing uninitialized values to CGPatternCreate.
LZW compression: If the last input byte caused the code width to
increase, the end-of-data code was still output with the old (not yet
increased) code width.
Before this commit, cairo_pdf_version_to_string() would return the
result of an out-of-bounds array access when called with a negative
value. This commit adds a check against this.
No unit test added since there are no tests for
cairo_pdf_version_to_string() that I could easily add such a test to.
Fixes: https://gitlab.freedesktop.org/cairo/cairo/-/issues/590
Signed-off-by: Uli Schlachter <psychon@znc.in>
Checking that public header files #include "cairo.h" first (or none)
Checking that private header files #include "some cairo header" first (or none)
Checking that source files #include "cairoint.h" first (or none)
./win32/cairo-dwrite-font-public.c:#include "cairo-win32-private.h"
Checking that there is no #include <cairo.*.h>
./win32/cairo-dwrite-font-public.c: * #include <cairo-win32.h>
Checking that feature conditionals are used with #if only (not #ifdef)
This adds a missing cairoint.h include and makes
check-preprocessor-syntax.sh slightly better in not warning about
includes in C comments.
Signed-off-by: Uli Schlachter <psychon@znc.in>
cairo-trutype-subset.c would blindly trust a font saying that its name
list has thousands of entries. This commit changes find_name() to also
get the size of the input memory region and to do some bounds checking
on its memory accesses.
Fixes: https://gitlab.freedesktop.org/cairo/cairo/-/issues/579
Signed-off-by: Uli Schlachter <psychon@znc.in>
A user font glyph containing a font can cause deadlock in
_cairo_scaled_glyph_fini due to the destroy recording surface while
holding _cairo_scaled_glyph_page_cache_mutex. When the font in the
recording surface is removed from the page cache it will attempt to
also acquire the _cairo_scaled_glyph_page_cache_mutex resulting in
deadlock.
Instead of destroying the recording surface in
_cairo_scaled_glyph_page_cache_mutex, move it to an array in the
scaled font and destroy it after the
_cairo_scaled_glyph_page_cache_mutex is released.
Fixes the font in user font case in #440
When cairo_scaled_glyph_page_cache needs to remove entries,
cairo-cache calls _cairo_hash_table_random_entry() with the predicate
_cairo_scaled_glyph_page_can_remove(). This function checks that the
glyph_page scaled_font is not locked by testing
scaled_font->cache_frozen. The scaled font is locked in the
cache-cache destroy entry callback: _cairo_scaled_glyph_page_pluck().
There is a race condition here between testing
scaled_font->cache_frozen and locking the font. Fix this by adding a
new CAIRO_MUTEX_TRY_LOCK mutex operation, and using it to test and
lock the scaled font in _cairo_scaled_glyph_page_can_remove().
Fixes the multithreaded case in #440
SVG fonts are returning DWRITE_GLYPH_IMAGE_FORMATS_NONE as well
as DWRITE_GLYPH_IMAGE_FORMATS_SVG in GetCurrentRun() resulting in the
outline glyph and color glyph both rendered to the same glyph image.
