[gtk-osx] Fix cairo crash on macOS 11.

From: John Ralls <jralls src gnome org>
To: commits-list gnome org
Cc:
Subject: [gtk-osx] Fix cairo crash on macOS 11.
Date: Thu, 13 Aug 2020 18:16:07 +0000 (UTC)
commit cea9f2e9e2b65f012ec299f591996507da17533f
Author: John Ralls <jralls ceridwen us>
Date:   Thu Aug 13 10:45:53 2020 -0700

    Fix cairo crash on macOS 11.
    
    MacOS 11 revealed a use-after-free crash in cairo caused by failing to
    reference the cairo_image_surface_t passed to CoreGraphics for drawing.
    
    For modulesets-stable, apply the patch to the tarball. Form
    modulesets-unstable temporarily use gitlab.freedesktop.org/jralls/cairo
    which has the change for the merge request.
    
    Also updates the git URL for freedesktop to gitlab.freedesktop.org.

 modulesets-stable/gtk-osx.modules   |  1 +
 modulesets-unstable/gtk-osx.modules |  6 ++++--
 modulesets/gtk-osx.modules          |  2 +-
 patches/cairo-image-refcount.patch  | 36 ++++++++++++++++++++++++++++++++++++
 4 files changed, 42 insertions(+), 3 deletions(-)
---
diff --git a/modulesets-stable/gtk-osx.modules b/modulesets-stable/gtk-osx.modules
index 8a7ca17..e69a11a 100644
--- a/modulesets-stable/gtk-osx.modules
+++ b/modulesets-stable/gtk-osx.modules
@@ -270,6 +270,7 @@
             repo="cairographics"
             hash="sha1:00e81842ae5e81bb0343108884eb5205be0eac14">
       <patch 
file="https://gitlab.gnome.org/GNOME/gtk-osx/raw/master/patches/cairo-freetype-font-variations.patch"; 
strip="1"/>
+      <patch file="https://gitlab.gnome.org/GNOME/gtk-osx/raw/master/patches/cairo-image-refcount.patch"; 
strip="1"/>
     </branch>
     <dependencies>
       <dep package="pixman"/>
diff --git a/modulesets-unstable/gtk-osx.modules b/modulesets-unstable/gtk-osx.modules
index 9510c62..c6ca594 100644
--- a/modulesets-unstable/gtk-osx.modules
+++ b/modulesets-unstable/gtk-osx.modules
@@ -6,7 +6,9 @@
               href="https://gitlab.gnome.org/GNOME"/>
   <repository type="git" name="github" href="git://github.com/"/>
   <repository type="git" name="freedesktop"
-              href="git://anongit.freedesktop.org/git/"/>
+              href="git://gitlab.freedesktop.org/"/>
+  <repository type="git" name="freedesktop-jralls"
+              href="git://gitlab.freedesktop.org/jralls/"/>
   <repository type="system" name="system"/>
 
   <!-- This module set works a bit differently than for example the
@@ -219,7 +221,7 @@
        dependency. -->
   <autotools id="cairo"
              autogenargs="--enable-pdf --enable-quartz --disable-xlib --without-x">
-    <branch repo="freedesktop" module="cairo" />
+    <branch repo="freedesktop-jralls" module="cairo" />
     <dependencies>
       <dep package="pixman"/>
     </dependencies>
diff --git a/modulesets/gtk-osx.modules b/modulesets/gtk-osx.modules
index 18f9d92..5ba4f65 100644
--- a/modulesets/gtk-osx.modules
+++ b/modulesets/gtk-osx.modules
@@ -6,7 +6,7 @@
               href="https://gitlab.gnome.org/GNOME"/>
   <repository type="git" name="github" href="git://github.com/"/>
   <repository type="git" name="freedesktop"
-              href="git://anongit.freedesktop.org/git/"/>
+              href="git://gitlab.freedesktop.org/"/>
   <repository type="system" name="system"/>
 
   <!-- This module set works a bit differently than for example the
diff --git a/patches/cairo-image-refcount.patch b/patches/cairo-image-refcount.patch
new file mode 100644
index 0000000..619cfc2
--- /dev/null
+++ b/patches/cairo-image-refcount.patch
@@ -0,0 +1,36 @@
+From 59bf3ca963a3e256bc6806497f529eaccb8471a6 Mon Sep 17 00:00:00 2001
+From: John Ralls <jralls ceridwen us>
+Date: Tue, 11 Aug 2020 15:26:16 -0700
+Subject: [PATCH] Ref and destroy the cairo surface handed off to CoreGraphics.
+
+Fixes https://gitlab.freedesktop.org/cairo/cairo/-/issues/420.
+---
+ src/cairo-quartz-surface.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/cairo-quartz-surface.c b/src/cairo-quartz-surface.c
+index 65d03080a..5e4bf6a32 100644
+--- a/src/cairo-quartz-surface.c
++++ b/src/cairo-quartz-surface.c
+@@ -790,7 +790,8 @@ static void
+ DataProviderReleaseCallback (void *info, const void *data, size_t size)
+ {
+     quartz_source_image_t *source_img = info;
+-    _cairo_surface_release_source_image (source_img->surface, source_img->image_out, 
source_img->image_extra);
++    cairo_surface_destroy(source_img->surface);
++
+     free (source_img);
+ }
+ 
+@@ -830,7 +831,7 @@ _cairo_surface_to_cgimage (cairo_surface_t       *source,
+     if (unlikely (source_img == NULL))
+       return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+ 
+-    source_img->surface = source;
++    source_img->surface = cairo_surface_reference(source);
+ 
+     if (source->type == CAIRO_SURFACE_TYPE_RECORDING) {
+       image_surface = (cairo_image_surface_t *)
+-- 
+2.24.3 (Apple Git-128)
+
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]