Bug 690618

Summary: xps crash with null-path
Product: GhostXPS Reporter: norbert.janssen
Component: GeneralAssignee: Tor Andersson <tor.andersson>
Status: NOTIFIED FIXED    
Severity: normal    
Priority: P2    
Version: master   
Hardware: PC   
OS: Windows XP   
Customer: 661 Word Size: ---
Attachments: m6.6b.xps

Description norbert.janssen 2009-07-10 08:13:46 UTC 
When sending attached xps testfile, the xps (defining a path, but no path data:
empty path) then during the xps_update_bounds() the seg =
(segment*)ctx->pgs->path->first_subpath;  === 0

thus rc.p.x = rc.q.x = fixed2float(seg->pt.x); sigsegv!!

solution

if ((seg = (segment*)ctx->pgs->path->first_subpath)) == 0) return;
Comment 1 norbert.janssen 2009-07-10 08:14:40 UTC 
Created attachment 5206 [details]
m6.6b.xps

microsoft handcrafted testfile: m6.6b.xps (defining a null-path).
Comment 2 Tor Andersson 2009-07-28 09:19:29 UTC 
Shorting out with an early return isn't the correct thing to do, since filling or clipping with an empty 
path means nothing will be visible. I've added a test for empty paths to update the bounds to an empty 
rectangle instead. Committed in rev 9896.

--- xps/xpspath.c	(revision 9895)
+++ xps/xpspath.c	(working copy)
@@ -69,8 +69,16 @@
     /* the coordinates of the path segments are already in device space (yay!) */
 
     seg = (segment*)ctx->pgs->path->first_subpath;
-    rc.p.x = rc.q.x = fixed2float(seg->pt.x);
-    rc.p.y = rc.q.y = fixed2float(seg->pt.y);
+    if (seg)
+    {
+	rc.p.x = rc.q.x = fixed2float(seg->pt.x);
+	rc.p.y = rc.q.y = fixed2float(seg->pt.y);
+    }
+    else
+    {
+	rc.p.x = rc.q.x = 0.0;
+	rc.p.y = rc.q.y = 0.0;
+    }
Comment 3 Marcos H. Woehrmann 2011-09-18 21:47:29 UTC 
Changing customer bugs that have been resolved more than a year ago to closed.