a4f7d57219
Patch tag + rename patch file OBS-URL: https://build.opensuse.org/request/show/115302 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/cairo?expand=0&rev=58
30 lines
1.0 KiB
Diff
30 lines
1.0 KiB
Diff
From: Jeff Mahoney <jeffm@suse.com>
|
|
Subject: cairo: Fix wrong allocation in _cairo_pdf_surface_add_source_surface
|
|
References: bnc#758422
|
|
|
|
_cairo_pdf_surface_add_source_surface allocates unique_id with
|
|
size unique_id_length but then copies surface_key.unique_id_length into it.
|
|
|
|
This causes e.g. evince to crash predictably while trying to print with:
|
|
*** buffer overflow detected ***: evince terminated
|
|
|
|
We should be using surface_key.unique_id_length instead.
|
|
|
|
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
|
|
---
|
|
src/cairo-pdf-surface.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
--- a/src/cairo-pdf-surface.c
|
|
+++ b/src/cairo-pdf-surface.c
|
|
@@ -1379,7 +1379,7 @@ _cairo_pdf_surface_add_source_surface (c
|
|
goto release_source;
|
|
|
|
if (surface_key.unique_id && surface_key.unique_id_length > 0) {
|
|
- unique_id = malloc (unique_id_length);
|
|
+ unique_id = malloc (surface_key.unique_id_length);
|
|
if (unique_id == NULL) {
|
|
status = _cairo_error (CAIRO_STATUS_NO_MEMORY);
|
|
goto release_source;
|
|
|