Open
Bug 550922
Opened 15 years ago
Updated 2 years ago
_cairo_stroker_curve_to uses start, end uninitialized if !_compute_normalized_device_slope(...)
Categories
(Core :: Graphics, defect)
Tracking
()
NEW
People
(Reporter: timeless, Unassigned)
References
(Blocks 1 open bug, )
Details
(Keywords: coverity)
Attachments
(1 file)
|
(deleted),
patch
|
Details | Diff | Splinter Review |
970 _cairo_stroker_curve_to (void *closure,
977 cairo_stroke_face_t start, end;
1006 if (_compute_normalized_device_slope (&final_slope_dx, &final_slope_dy,
if that returns false
1013 }
then end is uninitialized here:
1023 stroker->current_face = end;
1032 extra_points[2] = end.cw;
1033 extra_points[2].x -= end.point.x;
1034 extra_points[2].y -= end.point.y;
1035 extra_points[3] = end.ccw;
1036 extra_points[3].x -= end.point.x;
1037 extra_points[3].y -= end.point.y;
997 if (_compute_normalized_device_slope (&initial_slope_dx,
if that returns false
1004 }
then start is uninitialized here:
1015 if (stroker->has_current_face) {
1019 } else if (! stroker->has_first_face) {
1020 stroker->first_face = start;
1022 }
1026 extra_points[0] = start.cw;
1027 extra_points[0].x -= start.point.x;
1028 extra_points[0].y -= start.point.y;
1029 extra_points[1] = start.ccw;
1030 extra_points[1].x -= start.point.x;
1031 extra_points[1].y -= start.point.y;
Summary: _cairo_stroker_curve_to uses end uninitialized if !_compute_normalized_device_slope(...) → _cairo_stroker_curve_to uses start, end uninitialized if !_compute_normalized_device_slope(...)
Attachment #431171 -
Flags: review?(vladimir) → review?(jmuizelaar)
|
||
Updated•6 years ago
|
Blocks: coverity-analysis
|
||
Comment 3•2 years ago
|
||
The bug assignee is inactive on Bugzilla, so the assignee is being reset.
Assignee: timeless → nobody
Status: ASSIGNED → NEW
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•