[packages/cairo.git] / cairo-composite_color_glyphs.patch

From 79ad01724161502e8d9d2bd384ff1f0174e5df6e Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Thu, 30 May 2019 07:30:55 -0400
Subject: [PATCH] Fix a thinko in composite_color_glyphs

We can't just move around the contents of the
passed-in string, we need to make a copy. This
was showing up as memory corruption in pango.

See https://gitlab.gnome.org/GNOME/pango/issues/346
---
 src/cairo-surface.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/cairo-surface.c b/src/cairo-surface.c
index c30f84087..e112b660a 100644
--- a/src/cairo-surface.c
+++ b/src/cairo-surface.c
@@ -2820,6 +2820,7 @@ _cairo_surface_show_text_glyphs (cairo_surface_t	    *surface,
 				 const cairo_clip_t		*clip)
 {
     cairo_int_status_t status;
+    char *utf8_copy = NULL;
 
     TRACE ((stderr, "%s\n", __FUNCTION__));
     if (unlikely (surface->status))
@@ -2847,6 +2848,10 @@ _cairo_surface_show_text_glyphs (cairo_surface_t	    *surface,
     status = CAIRO_INT_STATUS_UNSUPPORTED;
 
     if (_cairo_scaled_font_has_color_glyphs (scaled_font)) {
+        utf8_copy = malloc (sizeof (char) * utf8_len);
+        memcpy (utf8_copy, utf8, sizeof (char) * utf8_len);
+        utf8 = utf8_copy;
+
         status = composite_color_glyphs (surface, op,
                                          source,
                                          (char *)utf8, &utf8_len,
@@ -2861,6 +2866,8 @@ _cairo_surface_show_text_glyphs (cairo_surface_t	    *surface,
         if (num_glyphs == 0)
             goto DONE;
     }
+    else
+      utf8_copy = NULL;
 
     /* The logic here is duplicated in _cairo_analysis_surface show_glyphs and
      * show_text_glyphs.  Keep in synch. */
@@ -2918,6 +2925,9 @@ _cairo_surface_show_text_glyphs (cairo_surface_t	    *surface,
 	surface->serial++;
     }
 
+    if (utf8_copy)
+        free (utf8_copy);
+
     return _cairo_surface_set_error (surface, status);
 }
Commit	Line	Data
23143567 JB	1	From 79ad01724161502e8d9d2bd384ff1f0174e5df6e Mon Sep 17 00:00:00 2001
	2	From: Matthias Clasen <mclasen@redhat.com>
	3	Date: Thu, 30 May 2019 07:30:55 -0400
	4	Subject: [PATCH] Fix a thinko in composite_color_glyphs
	5
	6	We can't just move around the contents of the
	7	passed-in string, we need to make a copy. This
	8	was showing up as memory corruption in pango.
	9
	10	See https://gitlab.gnome.org/GNOME/pango/issues/346
	11	---
	12	src/cairo-surface.c \| 10 ++++++++++
	13	1 file changed, 10 insertions(+)
	14
	15	diff --git a/src/cairo-surface.c b/src/cairo-surface.c
	16	index c30f84087..e112b660a 100644
	17	--- a/src/cairo-surface.c
	18	+++ b/src/cairo-surface.c
	19	@@ -2820,6 +2820,7 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
	20	const cairo_clip_t *clip)
	21	{
	22	cairo_int_status_t status;
	23	+ char *utf8_copy = NULL;
	24
	25	TRACE ((stderr, "%s\n", __FUNCTION__));
	26	if (unlikely (surface->status))
	27	@@ -2847,6 +2848,10 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
	28	status = CAIRO_INT_STATUS_UNSUPPORTED;
	29
	30	if (_cairo_scaled_font_has_color_glyphs (scaled_font)) {
	31	+ utf8_copy = malloc (sizeof (char) * utf8_len);
	32	+ memcpy (utf8_copy, utf8, sizeof (char) * utf8_len);
	33	+ utf8 = utf8_copy;
	34	+
	35	status = composite_color_glyphs (surface, op,
	36	source,
	37	(char *)utf8, &utf8_len,
	38	@@ -2861,6 +2866,8 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
	39	if (num_glyphs == 0)
	40	goto DONE;
	41	}
	42	+ else
	43	+ utf8_copy = NULL;
	44
	45	/* The logic here is duplicated in _cairo_analysis_surface show_glyphs and
	46	* show_text_glyphs. Keep in synch. */
	47	@@ -2918,6 +2925,9 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
	48	surface->serial++;
	49	}
	50
	51	+ if (utf8_copy)
	52	+ free (utf8_copy);
	53	+
	54	return _cairo_surface_set_error (surface, status);
	55	}
	56