[cairo] Fixing NULL dereference with _cairo_nil and the getters

Behdad Esfahbod behdad at behdad.org
Thu May 10 10:54:22 PDT 2007


On Thu, 2007-05-10 at 08:00 -0400, Chris Wilson wrote:
> Currently the cairo_t getters are written under the assumption that they
> can operate safely on any cairo_t including _cairo_nil, e.g.
> 
> cairo_operator_t
> cairo_get_operator (cairo_t *cr)
> {
>     return _cairo_gstate_get_operator (cr->gstate);
> }
> 
> At the moment _cairo_nil.gstate is NULL and so this causes a NULL
> deference within _cairo_gstate_get_operator(). The minimal fix would
> appear to be fixup _cairo_nil to have a valid gstate:
> --- a/src/cairo.c
> +++ b/src/cairo.c
> @@ -48,7 +48,7 @@ static const cairo_t _cairo_nil = {
>    CAIRO_REF_COUNT_INVALID,     /* ref_count */
>    CAIRO_STATUS_NO_MEMORY,      /* status */
>    { 0, 0, 0, NULL },           /* user_data */
> -  NULL,                                /* gstate */
> +  (cairo_gstate_t *) _cairo_nil.gstate_tail,   /* gstate */
>    {{                           /* gstate_tail */
>      0
>    }},
> 
> However, AIUI, this would cause the dynamic linker to have to fixup the
> structure and thus move it from its read-only mapping.
> 
> The other option is add guards to all the getters, viz
> cairo_operator_t
> cairo_get_operator (cairo_t *cr)
> {
>     if (cr->ref_count == CAIRO_REF_COUNT_INVALID)
> 	return CAIRO_GSTATE_OPERATOR_DEFAULT;
> 
>     return _cairo_gstate_get_operator (cr->gstate);
> }
> 
> So I'm soliciting opinions on the method to use, or perhaps there is a
> third way?

In the future we want to make nil objects be a small cairo_object_t
instead of full objects, so, the emerging pattern has been to check
status on all entry points and not rely on the nil objects' contents.

But I can see benefits in going the other route.  I'm not really sure.

> --
> Chris Wilson
> _______________________________________________
> cairo mailing list
> cairo at cairographics.org
> http://cairographics.org/cgi-bin/mailman/listinfo/cairo
-- 
behdad
http://behdad.org/

"Those who would give up Essential Liberty to purchase a little
 Temporary Safety, deserve neither Liberty nor Safety."
        -- Benjamin Franklin, 1759





More information about the cairo mailing list