[cairo] protecting against too-big dimensions in XCreatePixture
Chris Wilson
chris at chris-wilson.co.uk
Tue Apr 8 00:18:38 PDT 2008
On Mon, 2008-04-07 at 22:11 -0700, Vladimir Vukicevic wrote:
> Howdy,
>
> This is a variant of the cairo parts in Mats' patch in https://bugzilla.mozilla.org/show_bug.cgi?id=424333
> -- essentially, we know that creating a pixmap bigger than SHRT_MAX
> in either dimension will cause a BadAlloc error, so we can just avoid
> that situation entirely and return an error. The patch just creates a
> simple wrapper for XCreatePixmap and moves the <= 0 checking code in
> here as well for clarity. How's this look?
It looks like we've opened a can of worms.
Returning INT_STATUS_UNSUPPORTED unsupported from clone_similar() for an
unsupported image source triggers an infinite recursion in
_cairo_surface_fallback_clone_similar().
Besides the other bugs within cairo, there only a couple of entry points
that need to check that the size is within bounds - once an xlib surface
has been constructed we know it cannot have exceeded SHRT_MAX or else it
would have triggered the BadAlloc error. My other concern is what is the
source of the maximum window size, i.e. is it likely to vary between
xservers and can we query it?
Here's my patch series that allows the xlib backend to support >32k
images.
(Also available in the large-source branch from
people.freedesktop.org:~ickle/cairo)
--
Chris Wilson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-cairo-xlib-Prevent-creation-of-very-large-Pixmaps.patch
Type: application/mbox
Size: 0 bytes
Desc: not available
Url : http://lists.cairographics.org/archives/cairo/attachments/20080408/36da1d9e/attachment.bin
More information about the cairo
mailing list