diff options
| author | Uli Schlachter <psychon@znc.in> | 2020-12-26 16:09:16 +0100 |
|---|---|---|
| committer | Uli Schlachter <psychon@znc.in> | 2021-01-07 17:27:39 +0100 |
| commit | 66c9911850257b2d42a6abf756baed16fe1ae9d5 (patch) | |
| tree | fbfe5abdf56318643f2d37ef1d27dab7f950b849 /src/cairo-recording-surface.c | |
| parent | 979382dd302bbab73d8c81740ddd72afc31a8ea8 (diff) | |
| download | cairo-66c9911850257b2d42a6abf756baed16fe1ae9d5.tar.gz | |
Slightly improve dealing with error snapshots
An error in _cairo_surface_snapshot_copy_on_write() results in a
snapshot in an error state and the snapshot's ->target could now point
to a surface from _cairo_surface_create_in_error(). These surfaces e.g.
have ->backend == NULL. Thus, anything looking at ->backend->type now
explodes. This commit deals with two places which caused segfaults in
this situation.
There is no test case for this, because
_cairo_surface_snapshot_copy_on_write() really is not supposed to fail.
Found-while-investigating: https://gitlab.freedesktop.org/cairo/cairo/-/issues/448
Signed-off-by: Uli Schlachter <psychon@znc.in>
Diffstat (limited to 'src/cairo-recording-surface.c')
| -rw-r--r-- | src/cairo-recording-surface.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/cairo-recording-surface.c b/src/cairo-recording-surface.c index 6df8b0821..3e8b8e780 100644 --- a/src/cairo-recording-surface.c +++ b/src/cairo-recording-surface.c @@ -1764,6 +1764,11 @@ _cairo_recording_surface_merge_source_attributes (cairo_recording_surface_t *su if (_cairo_surface_is_snapshot (surf)) free_me = surf = _cairo_surface_snapshot_get_target (surf); + if (unlikely (surf->status)) + // There was some kind of error and the surface could be a nil error + // surface with various "problems" (e.g. ->backend == NULL). + return; + if (surf->type == CAIRO_SURFACE_TYPE_RECORDING) { cairo_recording_surface_t *rec_surf = (cairo_recording_surface_t *) surf; |