summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorUli Schlachter <psychon@znc.in>2013-08-12 14:33:19 (GMT)
committerUli Schlachter <psychon@znc.in>2013-08-13 17:25:17 (GMT)
commit54a51968e82ec4e6a8d81d5451232641275439df (patch)
treed3a9866d7a76077cc8796667509f488e064ef326
parent3c4e0f0f1a338fbbd802cdb3b65b8ea3abc758d1 (diff)
downloadcairo-54a51968e82ec4e6a8d81d5451232641275439df.tar.gz
cairo-54a51968e82ec4e6a8d81d5451232641275439df.tar.xz
surface_get_extents: Reject finished or error surface
This fixes a crash in the api-special-cases with xlib-xcb when calling cairo_clip_extents() on a context that refers to a finished surface. The crash was a simple NULL pointer dereference, because the underlying xcb surface that was used in xlib-xcb was gone and set to NULL already. Signed-off-by: Uli Schlachter <psychon@znc.in>
-rw-r--r--src/cairo-surface.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/cairo-surface.c b/src/cairo-surface.c
index 3293aa2..5e18b07 100644
--- a/src/cairo-surface.c
+++ b/src/cairo-surface.c
@@ -2368,6 +2368,13 @@ _cairo_surface_get_extents (cairo_surface_t *surface,
{
cairo_bool_t bounded;
+ if (unlikely (surface->status))
+ goto zero_extents;
+ if (unlikely (surface->finished)) {
+ _cairo_surface_set_error(surface, CAIRO_STATUS_SURFACE_FINISHED);
+ goto zero_extents;
+ }
+
bounded = FALSE;
if (surface->backend->get_extents != NULL)
bounded = surface->backend->get_extents (surface, extents);
@@ -2376,6 +2383,11 @@ _cairo_surface_get_extents (cairo_surface_t *surface,
_cairo_unbounded_rectangle_init (extents);
return bounded;
+
+zero_extents:
+ extents->x = extents->y = 0;
+ extents->width = extents->height = 0;
+ return TRUE;
}
/**