[Webkit-unassigned] [Bug 218490] crash in WebCore::Cairo::strokePath

Tue Nov 3 17:30:43 PST 2020

https://bugs.webkit.org/show_bug.cgi?id=218490

--- Comment #5 from Fujii Hironori <Hironori.Fujii at sony.com> ---
This crash can be reproduced in the tip of cairo main line.
https://gitlab.freedesktop.org/cairo/cairo/-/commit/c3e48e63a2d2deeae6205ee746cc00c960c8c5c5

right was null in active_edges. The following patch can work around the crash.

diff --git a/src/cairo-polygon-intersect.c b/src/cairo-polygon-intersect.c
index 001e55ee0..c716bd37c 100644
--- a/src/cairo-polygon-intersect.c
+++ b/src/cairo-polygon-intersect.c
@@ -1179,6 +1179,8 @@ active_edges (cairo_bo_edge_t             *left,
                }

                right = right->next;
+               if (! right)
+                   return;
            } while (1);

            edges_start_or_continue (left, right, top, polygon);

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201104/b6f47022/attachment.htm>
