Commit aa263f88 authored by Matthias Clasen's avatar Matthias Clasen Committed by Behdad Esfahbod

Fix a thinko in composite_color_glyphs

We can't just move around the contents of the
passed-in string, we need to make a copy. This
was showing up as memory corruption in pango.

See https://gitlab.gnome.org/GNOME/pango/issues/346
parent e4a79db0
Pipeline #49766 failed with stage
in 3 minutes and 44 seconds
......@@ -2820,6 +2820,7 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
const cairo_clip_t *clip)
{
cairo_int_status_t status;
char *utf8_copy = NULL;
TRACE ((stderr, "%s\n", __FUNCTION__));
if (unlikely (surface->status))
......@@ -2847,6 +2848,10 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
status = CAIRO_INT_STATUS_UNSUPPORTED;
if (_cairo_scaled_font_has_color_glyphs (scaled_font)) {
utf8_copy = malloc (sizeof (char) * utf8_len);
memcpy (utf8_copy, utf8, sizeof (char) * utf8_len);
utf8 = utf8_copy;
status = composite_color_glyphs (surface, op,
source,
(char *)utf8, &utf8_len,
......@@ -2861,6 +2866,8 @@ _cairo_surface_show_text_glyphs (cairo_surface_t *surface,
if (num_glyphs == 0)
goto DONE;
}
else
utf8_copy = NULL;
/* The logic here is duplicated in _cairo_analysis_surface show_glyphs and
* show_text_glyphs. Keep in synch. */
......@@ -2918,6 +2925,9 @@ DONE:
surface->serial++;
}
if (utf8_copy)
free (utf8_copy);
return _cairo_surface_set_error (surface, status);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment