Segmentation Fault in cairo_surface_create_similar
I found this bug from within gtk. I have a GtkTextView, that contains a lot of long lines. This GtkTextView can be rendered, when it is visible at first, but when there is other content in the window first, the programm dies with a segmentation fault. To reprodruce this bug, i wrote a minimal example only using cairo.
Digging deeper with gdb i found, that the segmentation fault triggered in a memset
in _cairo_xlib_surface_create_similar_shm
which is called indirectly from cairo_surface_create_similar
. A possible explanation is, that the memory allocated for the data is not as big as the calculated size through stride * height
here. This could be due to the fact, that stride * height > 2**32
in my case.
Investigating further, i found that the allocated size for the data at this point is only a 4 byte integer. With stride * height > 2**32
this would cause an overflow leading to a different sized allocation than is assumed later.
I would expect to see at least a meaningful error message instead of a segmentation fault, if a content can't be rendered.