rpms/cairo/devel cairo-1.0.2-chunk-glyphs-CVE-2006-0528.patch, NONE, 1.1 cairo.spec, 1.32, 1.33

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri Mar 3 20:42:30 UTC 2006 

Author: cworth

Update of /cvs/dist/rpms/cairo/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv12222

Modified Files:
	cairo.spec 
Added Files:
	cairo-1.0.2-chunk-glyphs-CVE-2006-0528.patch 
Log Message:
Add chunk-glyphs-CVE-2006-0528 patch. Bump release to 5.

cairo-1.0.2-chunk-glyphs-CVE-2006-0528.patch:
 cairo-xlib-surface.c |   61 +++++++++++++++++++++++++++++++++++----------------
 1 files changed, 42 insertions(+), 19 deletions(-)

--- NEW FILE cairo-1.0.2-chunk-glyphs-CVE-2006-0528.patch ---
diff-tree 7d498ca91279a4e793d704c5b878f070be4c878f (from 3aac0bf670facd6523e64b3585a93f29da7ffba2)
Author: Carl Worth <cworth at cworth.org>
Date:   Fri Mar 3 11:13:36 2006 -0800

    _cairo_xlib_surface_show_glyphs: Break up rendering into chunks to fit
    into X max request length protocol limits.
    
    This fixes bug #5528:
    
    	_XError from XRenderCompositeText8
    	https://bugs.freedesktop.org/show_bug.cgi?id=5528

diff --git a/src/cairo-xlib-surface.c b/src/cairo-xlib-surface.c
index e5ffc6e..0efabf4 100644
--- a/src/cairo-xlib-surface.c
+++ b/src/cairo-xlib-surface.c
@@ -41,6 +41,7 @@
 #include "cairo-xlib-test.h"
 #include "cairo-xlib-private.h"
 #include <X11/extensions/Xrender.h>
+#include <X11/extensions/renderproto.h>
 
 /* Xlib doesn't define a typedef, so define one ourselves */
 typedef int (*cairo_xlib_error_func_t) (Display     *display,
@@ -2710,7 +2711,9 @@ _cairo_xlib_surface_show_glyphs (cairo_s
     cairo_xlib_surface_t *src;
     glyphset_cache_t *cache;
     cairo_glyph_cache_key_t key;
-    glyphset_cache_entry_t **entries;
+    const cairo_glyph_t *glyphs_chunk;
+    glyphset_cache_entry_t **entries, **entries_chunk;
+    int glyphs_remaining, chunk_size, max_chunk_size;
     glyphset_cache_entry_t *stack_entries [N_STACK_BUF];
     composite_operation_t operation;
     int i;
@@ -2777,26 +2780,46 @@ _cairo_xlib_surface_show_glyphs (cairo_s
     /* Call the appropriate sub-function. */
 
     _cairo_xlib_surface_ensure_dst_picture (self);
+
+    max_chunk_size = XMaxRequestSize (self->dpy);
     if (elt_size == 8)
+	max_chunk_size -= sz_xRenderCompositeGlyphs8Req;
+    if (elt_size == 16)
+	max_chunk_size -= sz_xRenderCompositeGlyphs16Req;
+    if (elt_size == 32)
+	max_chunk_size -= sz_xRenderCompositeGlyphs32Req;
+    max_chunk_size /= sz_xGlyphElt;
+
+    for (glyphs_remaining = num_glyphs, glyphs_chunk = glyphs, entries_chunk = entries;
+	 glyphs_remaining;
+	 glyphs_remaining -= chunk_size, glyphs_chunk += chunk_size, entries_chunk += chunk_size)
     {
-	status = _cairo_xlib_surface_show_glyphs8 (scaled_font, operator, cache, &key, src, self,
-						   source_x + attributes.x_offset - dest_x,
-						   source_y + attributes.y_offset - dest_y, 
-						   glyphs, entries, num_glyphs);
-    }
-    else if (elt_size == 16)
-    {
-	status = _cairo_xlib_surface_show_glyphs16 (scaled_font, operator, cache, &key, src, self,
-						    source_x + attributes.x_offset - dest_x,
-						    source_y + attributes.y_offset - dest_y, 
-						    glyphs, entries, num_glyphs);
-    }
-    else 
-    {
-	status = _cairo_xlib_surface_show_glyphs32 (scaled_font, operator, cache, &key, src, self,
-						    source_x + attributes.x_offset - dest_x,
-						    source_y + attributes.y_offset - dest_y, 
-						    glyphs, entries, num_glyphs);
+	chunk_size = MIN (glyphs_remaining, max_chunk_size);
+
+	if (elt_size == 8)
+	{
+	    status = _cairo_xlib_surface_show_glyphs8 (scaled_font, operator, cache, &key, src, self,
+						       source_x + attributes.x_offset - dest_x,
+						       source_y + attributes.y_offset - dest_y, 
+						       glyphs_chunk, entries_chunk, chunk_size);
+	}
+	else if (elt_size == 16)
+	{
+	    status = _cairo_xlib_surface_show_glyphs16 (scaled_font, operator, cache, &key, src, self,
+							source_x + attributes.x_offset - dest_x,
+							source_y + attributes.y_offset - dest_y, 
+							glyphs_chunk, entries_chunk, chunk_size);
+	}
+	else 
+	{
+	    status = _cairo_xlib_surface_show_glyphs32 (scaled_font, operator, cache, &key, src, self,
+							source_x + attributes.x_offset - dest_x,
+							source_y + attributes.y_offset - dest_y, 
+							glyphs_chunk, entries_chunk, chunk_size);
+	}
+
+	if (status != CAIRO_STATUS_SUCCESS)
+	    break;
     }
 
     if (status == CAIRO_STATUS_SUCCESS &&


Index: cairo.spec
===================================================================
RCS file: /cvs/dist/rpms/cairo/devel/cairo.spec,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- cairo.spec	11 Feb 2006 02:13:39 -0000	1.32
+++ cairo.spec	3 Mar 2006 20:42:28 -0000	1.33
@@ -4,7 +4,7 @@
 Summary:   A vector graphics library
 Name:      cairo
 Version:   1.0.2
-Release:   4.2
+Release:   5
 URL:       http://cairographics.org
 Source0:   %{name}-%{version}.tar.gz
 License:   LGPL/MPL
@@ -25,6 +25,7 @@
 
 Patch0: cairo-1.0.2-embedded-bitmaps.patch
 Patch1: cairo-1.0.2-fix-build.patch
+Patch2: cairo-1.0.2-chunk-glyphs-CVE-2006-0528.patch
 
 %description 
 Cairo is a vector graphics library designed to provide high-quality
@@ -53,6 +54,7 @@
 %setup -q
 %patch0 -p1 -b .embedded-bitmaps
 %patch1 -p1 -b .fix-build
+%patch2 -p1 -b .chunk-glyphs-CVS-2006-0528
 
 %build
 %configure --enable-warnings --disable-glitz --disable-quartz \
@@ -87,6 +89,10 @@
 %{_datadir}/gtk-doc/*
 
 %changelog
+* Fri Mar  3 2006 Carl Worth <cworth at redhat.com> - 1.0.2-5
+- add patch to chunk Xlib glyph compositing (bug 182416 and
+  CVE-20060528)
+
 * Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 1.0.2-4.2
 - bump again for double-long bug on ppc(64)

More information about the fedora-cvs-commits mailing list