Fix out of bound access in struct pattern->type

The pattern structure is hardcoded to hold 7 elements, yet the pattern_names array in cairo-surface-observer.c is initialized with 8 strings. This causes a crash in print_array at line 1587 when it tries to access the 8th member. Hence changed the 'type' array from type[7] to type[8] to avoid out of bound access. Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=91266 Signed-off-by: Ashim <ashim.shah@samsung.com> Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
author: Ashim <ashim.shah@samsung.com> 2015-07-09 10:43:30 +0530
committer: Bryce Harrington <bryce@osg.samsung.com> 2015-07-09 13:50:35 -0700
commit: 498fc2fbe31682754f1aa3864b764229d0b6838c (patch)
tree: 029fcf7cbfa34aa417bc939723be10e8fe0b5862 /src/cairo-surface-observer-private.h
parent: ad45e8f99f4ab6777559480cede7d1461a9c28fc (diff)
download: cairo-498fc2fbe31682754f1aa3864b764229d0b6838c.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/cairo-surface-observer-private.h b/src/cairo-surface-observer-private.h
index 70c87db82..6ed0c18d1 100644
--- a/src/cairo-surface-observer-private.h
+++ b/src/cairo-surface-observer-private.h
@@ -62,7 +62,7 @@ struct extents {
 };
 
 struct pattern {
-    unsigned int type[7]; /* native/record/other surface/gradients */
+    unsigned int type[8]; /* native/record/other surface/gradients */
 };
 
 struct path {
author	Ashim <ashim.shah@samsung.com>	2015-07-09 10:43:30 +0530
committer	Bryce Harrington <bryce@osg.samsung.com>	2015-07-09 13:50:35 -0700
commit	498fc2fbe31682754f1aa3864b764229d0b6838c (patch)
tree	029fcf7cbfa34aa417bc939723be10e8fe0b5862 /src/cairo-surface-observer-private.h
parent	ad45e8f99f4ab6777559480cede7d1461a9c28fc (diff)
download	cairo-498fc2fbe31682754f1aa3864b764229d0b6838c.tar.gz