Open Bug 550922 Opened 10 years ago Updated 2 years ago

_cairo_stroker_curve_to uses start, end uninitialized if !_compute_normalized_device_slope(...)

Categories

(Core :: Graphics, defect)

x86
Linux
defect
Not set

Tracking

()

ASSIGNED

People

(Reporter: timeless, Assigned: timeless)

References

(Blocks 1 open bug, )

Details

(Keywords: coverity)

Attachments

(1 file)

1.87 KB, patch
timeless
: review?
jrmuizel
Details | Diff | Splinter Review
970 _cairo_stroker_curve_to (void *closure,

977     cairo_stroke_face_t start, end;

1006     if (_compute_normalized_device_slope (&final_slope_dx, &final_slope_dy,

if that returns false

1013     }

then end is uninitialized here:
1023     stroker->current_face = end;

1032     extra_points[2] = end.cw;
1033     extra_points[2].x -= end.point.x;
1034     extra_points[2].y -= end.point.y;
1035     extra_points[3] = end.ccw;
1036     extra_points[3].x -= end.point.x;
1037     extra_points[3].y -= end.point.y;
997     if (_compute_normalized_device_slope (&initial_slope_dx,

if that returns false

1004     }

then start is uninitialized here:
1015     if (stroker->has_current_face) {
1019     } else if (! stroker->has_first_face) {
1020         stroker->first_face = start;
1022     }

1026     extra_points[0] = start.cw;
1027     extra_points[0].x -= start.point.x;
1028     extra_points[0].y -= start.point.y;
1029     extra_points[1] = start.ccw;
1030     extra_points[1].x -= start.point.x;
1031     extra_points[1].y -= start.point.y;
Summary: _cairo_stroker_curve_to uses end uninitialized if !_compute_normalized_device_slope(...) → _cairo_stroker_curve_to uses start, end uninitialized if !_compute_normalized_device_slope(...)
Attached patch proposalSplinter Review
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #431171 - Flags: review?(vladimir)
Attachment #431171 - Flags: review?(vladimir) → review?(jmuizelaar)
You need to log in before you can comment on or make changes to this bug.