[png] Specify a no-op flush callback (NULL deref)

libpng changed behaviour in v1.2.30 to call the png_ptr->output_flush_fn in png_write_end(). If no flush function is provided with png_set_write_fn(), libpng will use its default fflush() instead - which assumes that closure passed is a FILE* and not an arbitrary user pointer. Consequently, we must actually set a dummy output_flush_fn to avoid segfaulting.
author: Alex Rostovtsev <tetromino@gmail.com> 2008-08-19 23:45:40 +0100
committer: Chris Wilson <chris@chris-wilson.co.uk> 2008-08-19 23:45:40 +0100
commit: 186e7a2602cf140ac03b730b95ed10f25f9319c6 (patch)
tree: fc70f7ddf8180c5ce3c948750643e9984ed64d8f /src/cairo-png.c
parent: 5712a2c619b265a7ede5cd32049bce456131c64b (diff)
download: cairo-186e7a2602cf140ac03b730b95ed10f25f9319c6.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/src/cairo-png.c b/src/cairo-png.c
index ae3a1f7b6..1b7df9abe 100644
--- a/src/cairo-png.c
+++ b/src/cairo-png.c
@@ -119,6 +119,13 @@ png_simple_warning_callback (png_structp png,
 }
 
 
+/* Starting with libpng-1.2.30, we must explicitly specify an output_flush_fn.
+ * Otherwise, we will segfault if we are writing to a stream. */
+static void
+png_simple_output_flush_fn (png_structp png_ptr)
+{
+}
+
 static cairo_status_t
 write_png (cairo_surface_t	*surface,
 	   png_rw_ptr		write_func,
@@ -179,7 +186,7 @@ write_png (cairo_surface_t	*surface,
 	goto BAIL3;
 #endif
 
-    png_set_write_fn (png, closure, write_func, NULL);
+    png_set_write_fn (png, closure, write_func, png_simple_output_flush_fn);
 
     switch (image->format) {
     case CAIRO_FORMAT_ARGB32:
author	Alex Rostovtsev <tetromino@gmail.com>	2008-08-19 23:45:40 +0100
committer	Chris Wilson <chris@chris-wilson.co.uk>	2008-08-19 23:45:40 +0100
commit	186e7a2602cf140ac03b730b95ed10f25f9319c6 (patch)
tree	fc70f7ddf8180c5ce3c948750643e9984ed64d8f /src/cairo-png.c
parent	5712a2c619b265a7ede5cd32049bce456131c64b (diff)
download	cairo-186e7a2602cf140ac03b730b95ed10f25f9319c6.tar.gz