[cairo] crash copying recording surface to PDF surface with tags
Ben Pfaff
blp at cs.stanford.edu
Sat Dec 26 22:59:22 UTC 2020
On Sat, Dec 26, 2020 at 12:24 PM Jonathan Kew <jfkthame at gmail.com> wrote:
>
> On 26/12/2020 18:46, Ben Pfaff wrote:
> >
> > Indeed, when I apply the following, the warning goes away:
> >
> > diff --git a/src/cairo-recording-surface.c
> > b/src/cairo-recording-surface.c
> > index 6df8b0821..1765e7da6 100644
> > --- a/src/cairo-recording-surface.c
> > +++ b/src/cairo-recording-surface.c
> > @@ -1561,6 +1561,7 @@ _cairo_recording_surface_snapshot (void
> > *abstract_other)
> > cairo_status_t status;
> > surface = _cairo_malloc (sizeof (cairo_recording_surface_t));
> > + memset (surface, 0, sizeof (cairo_recording_surface_t));
> > if (unlikely (surface == NULL))
> > return _cairo_surface_create_in_error (_cairo_error
> > (CAIRO_STATUS_NO_MEMORY));
> >
>
> This would be better placed after the (surface == NULL) check, otherwise
> it's likely to result in an insta-crash if the allocation failed.
Yes.
To be sure, I was not proposing to apply this patch; I was presenting it as
evidence that there is some uninitialized data in it.
More information about the cairo
mailing list