script: Implement device finish

Before this commit, calling cairo_device_finish() on a cairo-script
context did not actually do anything in the backend. Thus, it was
possible to continue emitting output on the script context even after it
was finished, which means that API user had no way of preventing
use-after-free bugs in their write callback. Bug 277 triggers this via
detaching a snapshot, but I guess one could also simply continue drawing
to a script surface.

This commit implements the finish function by closing the underlying
stream.

However, that was not enough to fix things. This commit also turns
writing into a stream into a no-op after the stream was closed.

I checked that the new test case actually fails before this commit and
is indeed fixed by it.

Fixes: https://gitlab.freedesktop.org/cairo/cairo/-/issues/277
Signed-off-by: Uli Schlachter <psychon@znc.in>

3 files changed, 98 insertions, 2 deletions

diff --git a/test/Makefile.sources b/test/Makefile.sources
index c180289ab..a2f5bf0e2 100644
--- a/test/Makefile.sources
+++ b/test/Makefile.sources
@@ -24,8 +24,9 @@ test_sources = \
 	bug-spline.c					\
 	big-trap.c					\
 	bilevel-image.c					\
-	bug-40410.c					\
+	bug-277.c					\
 	bug-361.c					\
+	bug-40410.c					\
 	bug-431.c					\
 	bug-448.c					\
 	bug-51910.c					\
diff --git a/test/bug-277.c b/test/bug-277.c
new file mode 100644
index 000000000..f4de539a4
--- /dev/null
+++ b/test/bug-277.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright © 2022 Uli Schlachter
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ * Author: Uli Schlachter <psychon@znc.in>
+ */
+
+#include "cairo-test.h"
+#include "cairo-script.h"
+
+struct write_data {
+    cairo_bool_t finished;
+    cairo_test_status_t test_status;
+};
+
+static cairo_surface_t*
+create_recording_surface ()
+{
+    /* Create a non-empty recording surface with arbitrary content */
+    cairo_surface_t *surf = cairo_recording_surface_create (CAIRO_CONTENT_COLOR, NULL);
+    cairo_t *cr = cairo_create (surf);
+
+    cairo_move_to (cr, 0, 0);
+    cairo_line_to (cr, 10, 0);
+    cairo_stroke (cr);
+
+    cairo_destroy (cr);
+    return surf;
+}
+
+static cairo_status_t
+write_func(void *closure, const unsigned char* bytes, unsigned int length)
+{
+    struct write_data *data = closure;
+    (void) bytes; (void) length;
+
+    if (data->finished)
+	data->test_status = CAIRO_TEST_ERROR;
+
+    return CAIRO_STATUS_SUCCESS;
+}
+
+static cairo_test_status_t
+preamble (cairo_test_context_t *ctx)
+{
+    struct write_data write_data = { FALSE, CAIRO_TEST_SUCCESS };
+    cairo_device_t *script_device = cairo_script_create_for_stream (write_func, &write_data);
+    cairo_surface_t *recording = create_recording_surface ();
+    cairo_surface_t *script;
+    cairo_t *cr;
+
+    /* Draw the recording surface to a script surface */
+    script = cairo_script_surface_create (script_device, CAIRO_CONTENT_COLOR, 5, 5);
+    cr = cairo_test_create (script, ctx);
+    cairo_set_source_surface (cr, recording, 0, 0);
+    cairo_paint (cr);
+    cairo_destroy (cr);
+    cairo_surface_destroy (script);
+
+    /* Finish the script device; no further writing allowed afterwards */
+    cairo_device_finish (script_device);
+    write_data.finished = TRUE;
+    cairo_device_destroy (script_device);
+
+    cairo_surface_destroy (recording);
+
+    return write_data.test_status;
+}
+
+CAIRO_TEST (bug_277,
+	    "Regression test: Script surface emitting test after finish()",
+	    NULL, /* keywords */
+	    NULL, /* requirements */
+	    0, 0,
+	    preamble, NULL)
diff --git a/test/meson.build b/test/meson.build
index c0be0e086..d23961693 100644
--- a/test/meson.build
+++ b/test/meson.build
@@ -24,8 +24,9 @@ test_sources = [
   'bug-spline.c',
   'big-trap.c',
   'bilevel-image.c',
-  'bug-40410.c',
+  'bug-277.c',
   'bug-361.c',
+  'bug-40410.c',
   'bug-431.c',
   'bug-448.c',
   'bug-51910.c',