rpms/cairo/devel cairo-1.0.2-chunk-glyphs-CVE-2006-0528.patch, NONE, 1.1 cairo.spec, 1.32, 1.33
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Mar 3 20:42:30 UTC 2006
- Previous message (by thread): rpms/frysk/devel frysk-Makefile-rules-noxmltest.patch, NONE, 1.1 frysk.spec, 1.34, 1.35
- Next message (by thread): rpms/kernel/FC-4/configs config-generic, 1.54, 1.54.2.1 config-ia64-generic, 1.6, 1.6.24.1 config-x86-generic, 1.20, 1.20.2.1 config-x86_64-generic, 1.18, 1.18.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: cworth
Update of /cvs/dist/rpms/cairo/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv12222
Modified Files:
cairo.spec
Added Files:
cairo-1.0.2-chunk-glyphs-CVE-2006-0528.patch
Log Message:
Add chunk-glyphs-CVE-2006-0528 patch. Bump release to 5.
cairo-1.0.2-chunk-glyphs-CVE-2006-0528.patch:
cairo-xlib-surface.c | 61 +++++++++++++++++++++++++++++++++++----------------
1 files changed, 42 insertions(+), 19 deletions(-)
--- NEW FILE cairo-1.0.2-chunk-glyphs-CVE-2006-0528.patch ---
diff-tree 7d498ca91279a4e793d704c5b878f070be4c878f (from 3aac0bf670facd6523e64b3585a93f29da7ffba2)
Author: Carl Worth <cworth at cworth.org>
Date: Fri Mar 3 11:13:36 2006 -0800
_cairo_xlib_surface_show_glyphs: Break up rendering into chunks to fit
into X max request length protocol limits.
This fixes bug #5528:
_XError from XRenderCompositeText8
https://bugs.freedesktop.org/show_bug.cgi?id=5528
diff --git a/src/cairo-xlib-surface.c b/src/cairo-xlib-surface.c
index e5ffc6e..0efabf4 100644
--- a/src/cairo-xlib-surface.c
+++ b/src/cairo-xlib-surface.c
@@ -41,6 +41,7 @@
#include "cairo-xlib-test.h"
#include "cairo-xlib-private.h"
#include <X11/extensions/Xrender.h>
+#include <X11/extensions/renderproto.h>
/* Xlib doesn't define a typedef, so define one ourselves */
typedef int (*cairo_xlib_error_func_t) (Display *display,
@@ -2710,7 +2711,9 @@ _cairo_xlib_surface_show_glyphs (cairo_s
cairo_xlib_surface_t *src;
glyphset_cache_t *cache;
cairo_glyph_cache_key_t key;
- glyphset_cache_entry_t **entries;
+ const cairo_glyph_t *glyphs_chunk;
+ glyphset_cache_entry_t **entries, **entries_chunk;
+ int glyphs_remaining, chunk_size, max_chunk_size;
glyphset_cache_entry_t *stack_entries [N_STACK_BUF];
composite_operation_t operation;
int i;
@@ -2777,26 +2780,46 @@ _cairo_xlib_surface_show_glyphs (cairo_s
/* Call the appropriate sub-function. */
_cairo_xlib_surface_ensure_dst_picture (self);
+
+ max_chunk_size = XMaxRequestSize (self->dpy);
if (elt_size == 8)
+ max_chunk_size -= sz_xRenderCompositeGlyphs8Req;
+ if (elt_size == 16)
+ max_chunk_size -= sz_xRenderCompositeGlyphs16Req;
+ if (elt_size == 32)
+ max_chunk_size -= sz_xRenderCompositeGlyphs32Req;
+ max_chunk_size /= sz_xGlyphElt;
+
+ for (glyphs_remaining = num_glyphs, glyphs_chunk = glyphs, entries_chunk = entries;
+ glyphs_remaining;
+ glyphs_remaining -= chunk_size, glyphs_chunk += chunk_size, entries_chunk += chunk_size)
{
- status = _cairo_xlib_surface_show_glyphs8 (scaled_font, operator, cache, &key, src, self,
- source_x + attributes.x_offset - dest_x,
- source_y + attributes.y_offset - dest_y,
- glyphs, entries, num_glyphs);
- }
- else if (elt_size == 16)
- {
- status = _cairo_xlib_surface_show_glyphs16 (scaled_font, operator, cache, &key, src, self,
- source_x + attributes.x_offset - dest_x,
- source_y + attributes.y_offset - dest_y,
- glyphs, entries, num_glyphs);
- }
- else
- {
- status = _cairo_xlib_surface_show_glyphs32 (scaled_font, operator, cache, &key, src, self,
- source_x + attributes.x_offset - dest_x,
- source_y + attributes.y_offset - dest_y,
- glyphs, entries, num_glyphs);
+ chunk_size = MIN (glyphs_remaining, max_chunk_size);
+
+ if (elt_size == 8)
+ {
+ status = _cairo_xlib_surface_show_glyphs8 (scaled_font, operator, cache, &key, src, self,
+ source_x + attributes.x_offset - dest_x,
+ source_y + attributes.y_offset - dest_y,
+ glyphs_chunk, entries_chunk, chunk_size);
+ }
+ else if (elt_size == 16)
+ {
+ status = _cairo_xlib_surface_show_glyphs16 (scaled_font, operator, cache, &key, src, self,
+ source_x + attributes.x_offset - dest_x,
+ source_y + attributes.y_offset - dest_y,
+ glyphs_chunk, entries_chunk, chunk_size);
+ }
+ else
+ {
+ status = _cairo_xlib_surface_show_glyphs32 (scaled_font, operator, cache, &key, src, self,
+ source_x + attributes.x_offset - dest_x,
+ source_y + attributes.y_offset - dest_y,
+ glyphs_chunk, entries_chunk, chunk_size);
+ }
+
+ if (status != CAIRO_STATUS_SUCCESS)
+ break;
}
if (status == CAIRO_STATUS_SUCCESS &&
Index: cairo.spec
===================================================================
RCS file: /cvs/dist/rpms/cairo/devel/cairo.spec,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- cairo.spec 11 Feb 2006 02:13:39 -0000 1.32
+++ cairo.spec 3 Mar 2006 20:42:28 -0000 1.33
@@ -4,7 +4,7 @@
Summary: A vector graphics library
Name: cairo
Version: 1.0.2
-Release: 4.2
+Release: 5
URL: http://cairographics.org
Source0: %{name}-%{version}.tar.gz
License: LGPL/MPL
@@ -25,6 +25,7 @@
Patch0: cairo-1.0.2-embedded-bitmaps.patch
Patch1: cairo-1.0.2-fix-build.patch
+Patch2: cairo-1.0.2-chunk-glyphs-CVE-2006-0528.patch
%description
Cairo is a vector graphics library designed to provide high-quality
@@ -53,6 +54,7 @@
%setup -q
%patch0 -p1 -b .embedded-bitmaps
%patch1 -p1 -b .fix-build
+%patch2 -p1 -b .chunk-glyphs-CVS-2006-0528
%build
%configure --enable-warnings --disable-glitz --disable-quartz \
@@ -87,6 +89,10 @@
%{_datadir}/gtk-doc/*
%changelog
+* Fri Mar 3 2006 Carl Worth <cworth at redhat.com> - 1.0.2-5
+- add patch to chunk Xlib glyph compositing (bug 182416 and
+ CVE-20060528)
+
* Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 1.0.2-4.2
- bump again for double-long bug on ppc(64)
- Previous message (by thread): rpms/frysk/devel frysk-Makefile-rules-noxmltest.patch, NONE, 1.1 frysk.spec, 1.34, 1.35
- Next message (by thread): rpms/kernel/FC-4/configs config-generic, 1.54, 1.54.2.1 config-ia64-generic, 1.6, 1.6.24.1 config-x86-generic, 1.20, 1.20.2.1 config-x86_64-generic, 1.18, 1.18.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list