After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 719546 - cogl-framebuffer: Fix a potential NULL pointer dereference
cogl-framebuffer: Fix a potential NULL pointer dereference
Status: RESOLVED FIXED
Product: cogl
Classification: Platform
Component: general
unspecified
Other All
: Normal normal
: ---
Assigned To: Cogl maintainer(s)
Cogl maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2013-11-29 12:21 UTC by Philip Withnall
Modified: 2013-11-29 16:38 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
cogl-framebuffer: Fix a potential NULL pointer dereference (1.12 KB, patch)
2013-11-29 12:21 UTC, Philip Withnall 		none Details | Review
Remove the framebuffer's stack of clip stacks (18.42 KB, patch)
2013-11-29 14:37 UTC, Neil Roberts 		none Details | Review
Patch for cogl 1.18 (44.65 KB, patch)
2013-11-29 15:05 UTC, Neil Roberts 		none Details | Review

Description Philip Withnall 2013-11-29 12:21:03 UTC 
Found by scan-build.
Comment 1 Philip Withnall 2013-11-29 12:21:05 UTC 
Created attachment 263112 [details] [review]
cogl-framebuffer: Fix a potential NULL pointer dereference

Require that [a|b]->clip_state.stacks both be non-NULL before trying to
compare their data fields.

Found by scan-build.
Comment 2 Neil Roberts 2013-11-29 14:34:34 UTC 
Hrmm, I think it should be safe to assume that the stack of clip stacks is never empty so this should never cause a problem. At least other parts of the code make that assumption. But yes, that bit of code is very odd and would crash if both clip stacks were empty.

I think we don't actually need the stack of stacks any more so it might be less messy to just remove the whole thing. I'll attach a patch to do that.

Thanks for reporting this.
Comment 3 Neil Roberts 2013-11-29 14:37:09 UTC 
Created attachment 263123 [details] [review]
Remove the framebuffer's stack of clip stacks

There used to be a function called cogl_clip_stack_save in the public
API which was used when temporarily switching to an offscreen buffer
to save the clip state. This is no longer necessary because each
framebuffer has its own clip stack anyway so the function was removed
in master. However the code to maintain the stack of stacks was
retained. This patch removes it in an effort to simplify the code.

On the 1.18 branch this function is deprecated and the documentation
says that it does nothing. However that is incorrect because it does
actually the push clip stack. I think it would be safe to backport
this patch to the 1.18 branch and actually make it do nothing like it
is documented to do.
Comment 4 Neil Roberts 2013-11-29 15:05:25 UTC 
Created attachment 263130 [details] [review]
Patch for cogl 1.18

Here is the same patch ported to the cogl-1.18 branch. It has the following additional comment:

“This patch has some extra changes while backporting to the 1.18
 branch. Here the cogl-clip-state file still contained some deprecated
 functions. Instead of deleting the file completely it has been moved
 to the deprecated folder. The declarations for these functions have
 been moved from cogl1-context.h to a new deprecated/cogl-clip-state.h
 header.”
Comment 5 Robert Bragg 2013-11-29 15:49:56 UTC 
Cool, it's always nice to delete redundant code.

Both of these patches look good to land to me:

Reviewed-by: Robert Bragg <robert@linux.intel.com>
Comment 6 Neil Roberts 2013-11-29 16:38:30 UTC 
Ok, thanks. I've pushed them both to their respective branches.