[cairo] Crash in cairo_surface_get_mime_data()

Chris Wilson chris at chris-wilson.co.uk
Tue Oct 4 02:56:15 PDT 2011

On Mon, 03 Oct 2011 23:09:42 +0200, Uli Schlachter <psychon at znc.in> wrote:
Non-text part: multipart/mixed
> Hi,
> attached is a test case which crashes on every cairo version since 1.10. First
> it sets some mime data, then it removes that mime data again. The next
> cairo_surface_get_mime_data() then dereferences a NULL pointer.
> Also attached is a patch which fixes the issue for me.
> I wonder if this really is a cairo bug or if I'm just using the API in a wrong
> way. Could someone enlighten me?

It's a bug. Should have realised when the docs said remove, it meant hide.

Yours is a nice simple fix, though I wonder if we should fix
_cairo_user_data_array_set_data(key, NULL) to actually remove the slot.

> Then I also wonder how this should be added to the test suite. The only thing
> that currently calls cairo_surface_get_mime_data() is api-special-cases, but
> this problem doesn't really fit into that test. Should this get its own test
> case, looking something like the code below?

Sure, start a suite of tests for mime-surface-api.c As we also want to make
sure that we do get the exact same data returned from get as for set.
(The drawing test should cover that, but doesn't actually imply no copy
was made etc.)

Chris Wilson, Intel Open Source Technology Centre

More information about the cairo mailing list