Hello community, here is the log from the commit of package cairo for openSUSE:Factory checked in at 2012-05-03 10:54:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cairo (Old) and /work/SRC/openSUSE:Factory/.cairo.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cairo", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/cairo/cairo.changes 2012-03-29 11:35:12.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.cairo.new/cairo.changes 2012-05-03 10:54:19.000000000 +0200 @@ -1,0 +2,6 @@ +Sat Apr 21 15:34:36 UTC 2012 - [email protected] + +- Add cairo-fix-wrong-allocation: fix wrong allocation in + _cairo_pdf_surface_add_source_surface (bnc#758422). + +------------------------------------------------------------------- New: ---- cairo-fix-wrong-allocation.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cairo.spec ++++++ --- /var/tmp/diff_new_pack.0BMJUE/_old 2012-05-03 10:54:21.000000000 +0200 +++ /var/tmp/diff_new_pack.0BMJUE/_new 2012-05-03 10:54:21.000000000 +0200 @@ -30,6 +30,8 @@ Source99: baselibs.conf # PATCH-FIX-UPSTREAM cairo-modules-no-version.patch [email protected] -- Build modules with -module -avoid-version. Patch0: cairo-modules-no-version.patch +# PATCH-FIX-UPSTREAM cairo-fix-wrong-allocation bnc#758422 fdo#49089 [email protected] -- Fix wrong allocation in _cairo_pdf_surface_add_source_surface +Patch1: cairo-fix-wrong-allocation.patch # These libraries are needed only for tests. # Do not enable tests in build systems, it causes build loop! #BuildRequires: librsvg-devel poppler-devel @@ -146,6 +148,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %build NOCONFIGURE=1 ./autogen.sh ++++++ cairo-fix-wrong-allocation.patch ++++++ From: Jeff Mahoney <[email protected]> Subject: cairo: Fix wrong allocation in _cairo_pdf_surface_add_source_surface References: bnc#758422 _cairo_pdf_surface_add_source_surface allocates unique_id with size unique_id_length but then copies surface_key.unique_id_length into it. This causes e.g. evince to crash predictably while trying to print with: *** buffer overflow detected ***: evince terminated We should be using surface_key.unique_id_length instead. Signed-off-by: Jeff Mahoney <[email protected]> --- src/cairo-pdf-surface.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/src/cairo-pdf-surface.c +++ b/src/cairo-pdf-surface.c @@ -1379,7 +1379,7 @@ _cairo_pdf_surface_add_source_surface (c goto release_source; if (surface_key.unique_id && surface_key.unique_id_length > 0) { - unique_id = malloc (unique_id_length); + unique_id = malloc (surface_key.unique_id_length); if (unique_id == NULL) { status = _cairo_error (CAIRO_STATUS_NO_MEMORY); goto release_source; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
