[Pixman] [PATCH] Workaround bug in llvm-gcc
Soeren Sandmann
sandmann at cs.au.dk
Tue Aug 16 16:03:34 PDT 2011
Andrea Canciani <ranma42 at gmail.com> writes:
> diff --git a/pixman/pixman-region.c b/pixman/pixman-region.c
> index 9ff5157..9074fe4 100644
> --- a/pixman/pixman-region.c
> +++ b/pixman/pixman-region.c
> @@ -102,7 +102,7 @@
>
> static const box_type_t PREFIX (_empty_box_) = { 0, 0, 0, 0 };
> static const region_data_type_t PREFIX (_empty_data_) = { 0, 0 };
> -static const region_data_type_t PREFIX (_broken_data_) = { 0, 0 };
> +static const region_data_type_t PREFIX (_broken_data_) = { -1, 0 };
What happens if you call pixman_region_union() on a broken destination
region with non-broken source regions? It seems to me that that will
eventually end up in pixman_op() and hit this:
if (!new_reg->data)
new_reg->data = pixman_region_empty_data;
else if (new_reg->data->size)
new_reg->data->numRects = 0;
With your patch, new_reg->data->size will be -1, so the second branch
will be taken, and an attempt to write 0 into _broken_data.numRects will
be made, which will likely segfault since _broken_data is const.
Soren
More information about the Pixman
mailing list