diff options
| author | Chris Wilson <chris@chris-wilson.co.uk> | 2017-03-24 12:36:41 +0000 |
|---|---|---|
| committer | Bryce Harrington <bryce@osg.samsung.com> | 2017-05-04 17:44:48 -0700 |
| commit | 91b25005d62fe4ca178f45d349374e42c29a5e11 (patch) | |
| tree | b5214845c3b698eee955f45806016fb239baad34 /src/cairo-path-stroke-polygon.c | |
| parent | a3cc46d2ccba44a538d05f0c5870b1a82f046350 (diff) | |
| download | cairo-91b25005d62fe4ca178f45d349374e42c29a5e11.tar.gz | |
stroker: Check for scaling overflow in computing half line widths
Given a combination of a large scaling matrix and a large line, we can
easily generate a half line width that is unrepresentable in our 24.8
fixed-point. This leads to spurious errors later, such as generating
negative height boxes, and so asking pixman to fill to infinity. To
avoid this, we can check for overflow in calculating the half line with,
though we still lack adequate range checking on the final stroke path.
References: https://bugs.webkit.org/show_bug.cgi?id=16793
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: magomez@igalia.com
Tested-by: Bryce Harrington <bryce@osg.samsung.com>
Acked-by: Bryce Harrington <bryce@osg.samsung.com>
Diffstat (limited to 'src/cairo-path-stroke-polygon.c')
| -rw-r--r-- | src/cairo-path-stroke-polygon.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/cairo-path-stroke-polygon.c b/src/cairo-path-stroke-polygon.c index e5082bbec..a68feb62c 100644 --- a/src/cairo-path-stroke-polygon.c +++ b/src/cairo-path-stroke-polygon.c @@ -1276,6 +1276,7 @@ _cairo_path_fixed_stroke_to_polygon (const cairo_path_fixed_t *path, for (i = 1; i < polygon->num_limits; i++) _cairo_box_add_box (&stroker.bounds, &polygon->limits[i]); + /* XXX check overflow */ _cairo_stroke_style_max_distance_from_path (style, path, ctm, &dx, &dy); fdx = _cairo_fixed_from_double (dx); fdy = _cairo_fixed_from_double (dy); |