Bug#699466: unblock: cairo/1.12.2-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package cairo
It fixes several important bugs which could lead to crashes (in evince)
or broken print output. We have a large number of duplicates, so it
seems worthwile getting those fixes into wheezy.
Changelog:
cairo (1.12.2-3) unstable; urgency=low
cairo (1.12.2-3) unstable; urgency=low
* Team upload.
[ intrigeri ]
* Fix several printing related problems:
- Evince crash when printing certain PDF files (Closes: #672336)
- Evince producing broken print output (Closes: #679105)
Patches cherry-picked from upstream:
- 07_cff-subsetting-Ignore-charset-for-non-cid-fonts.patch
- 08_cff_convert_._to_locale_specific_decimal_point_befor.patch
- 09_cff_use_correct_size_for_buffer.patch
- 10_cff_subsetting_widths_can_be_floating_point.patch
[ Michael Biebl ]
* Fix segmentation fault when rendering SVGs at certain sizes.
(Closes: #697482)
Patch cherry-picked from upstream:
- 11_polygon-reduce_reduce_broken_stopped-edge_continuation.patch
-- Michael Biebl <biebl@debian.org> Thu, 31 Jan 2013 16:22:34 +0100
cairo (1.12.2-2.1) unstable; urgency=low
* Non-maintainer upload.
* (Closes: #690799) evince crashes with a certain PDF file
-- Neil Williams <codehelp@debian.org> Sat, 26 Jan 2013 23:22:12 +0000
Full debdiff (including the NMU) is attached.
Cheers,
Michael
unblock cairo/1.12.2-3
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru cairo-1.12.2/debian/changelog cairo-1.12.2/debian/changelog
--- cairo-1.12.2/debian/changelog 2012-05-17 13:23:08.000000000 +0200
+++ cairo-1.12.2/debian/changelog 2013-01-31 16:22:46.000000000 +0100
@@ -1,3 +1,32 @@
+cairo (1.12.2-3) unstable; urgency=low
+
+ * Team upload.
+
+ [ intrigeri ]
+ * Fix several printing related problems:
+ - Evince crash when printing certain PDF files (Closes: #672336)
+ - Evince producing broken print output (Closes: #679105)
+ Patches cherry-picked from upstream:
+ - 07_cff-subsetting-Ignore-charset-for-non-cid-fonts.patch
+ - 08_cff_convert_._to_locale_specific_decimal_point_befor.patch
+ - 09_cff_use_correct_size_for_buffer.patch
+ - 10_cff_subsetting_widths_can_be_floating_point.patch
+
+ [ Michael Biebl ]
+ * Fix segmentation fault when rendering SVGs at certain sizes.
+ (Closes: #697482)
+ Patch cherry-picked from upstream:
+ - 11_polygon-reduce_reduce_broken_stopped-edge_continuation.patch
+
+ -- Michael Biebl <biebl@debian.org> Thu, 31 Jan 2013 16:22:34 +0100
+
+cairo (1.12.2-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * (Closes: #690799) evince crashes with a certain PDF file
+
+ -- Neil Williams <codehelp@debian.org> Sat, 26 Jan 2013 23:22:12 +0000
+
cairo (1.12.2-2) unstable; urgency=low
* debian/libcairo2-udeb.install:
diff -Nru cairo-1.12.2/debian/patches/07_cff-subsetting-Ignore-charset-for-non-cid-fonts.patch cairo-1.12.2/debian/patches/07_cff-subsetting-Ignore-charset-for-non-cid-fonts.patch
--- cairo-1.12.2/debian/patches/07_cff-subsetting-Ignore-charset-for-non-cid-fonts.patch 1970-01-01 01:00:00.000000000 +0100
+++ cairo-1.12.2/debian/patches/07_cff-subsetting-Ignore-charset-for-non-cid-fonts.patch 2013-01-31 16:22:46.000000000 +0100
@@ -0,0 +1,37 @@
+From: Adrian Johnson <ajohnson@redneon.com>
+Date: Thu, 7 Jun 2012 19:18:52 +0930
+Subject: cff-subsetting: Ignore charset for non cid fonts
+
+Fixes crash in https://bugzilla.gnome.org/show_bug.cgi?id=677422
+---
+ src/cairo-cff-subset.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c
+index db6fdf7..6f0cd66 100644
+--- a/src/cairo-cff-subset.c
++++ b/src/cairo-cff-subset.c
+@@ -1178,14 +1178,16 @@ cairo_cff_font_read_top_dict (cairo_cff_font_t *font)
+ goto fail;
+ font->num_glyphs = _cairo_array_num_elements (&font->charstrings_index);
+
+- operand = cff_dict_get_operands (font->top_dict, CHARSET_OP, &size);
+- if (font->is_cid && !operand)
+- return CAIRO_INT_STATUS_UNSUPPORTED;
++ if (font->is_cid) {
++ operand = cff_dict_get_operands (font->top_dict, CHARSET_OP, &size);
++ if (!operand)
++ return CAIRO_INT_STATUS_UNSUPPORTED;
+
+- decode_integer (operand, &offset);
+- font->charset = font->data + offset;
+- if (font->charset >= font->data_end)
+- return CAIRO_INT_STATUS_UNSUPPORTED;
++ decode_integer (operand, &offset);
++ font->charset = font->data + offset;
++ if (font->charset >= font->data_end)
++ return CAIRO_INT_STATUS_UNSUPPORTED;
++ }
+
+ if (!font->is_opentype)
+ cairo_cff_font_read_font_metrics (font, font->top_dict);
diff -Nru cairo-1.12.2/debian/patches/08_cff_convert_._to_locale_specific_decimal_point_befor.patch cairo-1.12.2/debian/patches/08_cff_convert_._to_locale_specific_decimal_point_befor.patch
--- cairo-1.12.2/debian/patches/08_cff_convert_._to_locale_specific_decimal_point_befor.patch 1970-01-01 01:00:00.000000000 +0100
+++ cairo-1.12.2/debian/patches/08_cff_convert_._to_locale_specific_decimal_point_befor.patch 2013-01-31 16:22:46.000000000 +0100
@@ -0,0 +1,68 @@
+From: Adrian Johnson <ajohnson@redneon.com>
+Date: Wed, 4 Jul 2012 19:54:18 +0930
+Subject: cff: convert '.' to locale specific decimal point before using
+ sscanf
+
+to fix bug when decoding cff real numbers.
+
+Bug 51443
+---
+ src/cairo-cff-subset.c | 26 +++++++++++++++++++++++++-
+ 1 file changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c
+index 6f0cd66..aeaf5b1 100644
+--- a/src/cairo-cff-subset.c
++++ b/src/cairo-cff-subset.c
+@@ -51,6 +51,7 @@
+ #include "cairo-scaled-font-subsets-private.h"
+ #include "cairo-truetype-subset-private.h"
+ #include <string.h>
++#include <locale.h>
+
+ /* CFF Dict Operators. If the high byte is 0 the command is encoded
+ * with a single byte. */
+@@ -293,11 +294,23 @@ decode_nibble (int n, char *buf)
+ static unsigned char *
+ decode_real (unsigned char *p, double *real)
+ {
++ struct lconv *locale_data;
++ const char *decimal_point;
++ int decimal_point_len;
+ int n;
+ char buffer[100];
++ char buffer2[200];
++ char *q;
+ char *buf = buffer;
+ char *buf_end = buffer + sizeof (buf);
+
++ locale_data = localeconv ();
++ decimal_point = locale_data->decimal_point;
++ decimal_point_len = strlen (decimal_point);
++
++ assert (decimal_point_len != 0);
++ assert (sizeof(buffer) + decimal_point_len < sizeof(buffer2));
++
+ p++;
+ while (buf + 2 < buf_end) {
+ n = *p >> 4;
+@@ -312,7 +325,18 @@ decode_real (unsigned char *p, double *real)
+ };
+ *buf = 0;
+
+- if (sscanf(buffer, "%lf", real) != 1)
++ buf = buffer;
++ if (strchr (buffer, '.')) {
++ q = strchr (buffer, '.');
++ strncpy (buffer2, buffer, q - buffer);
++ buf = buffer2 + (q - buffer);
++ strncpy (buf, decimal_point, decimal_point_len);
++ buf += decimal_point_len;
++ strcpy (buf, q + 1);
++ buf = buffer2;
++ }
++
++ if (sscanf(buf, "%lf", real) != 1)
+ *real = 0.0;
+
+ return p;
diff -Nru cairo-1.12.2/debian/patches/09_cff_use_correct_size_for_buffer.patch cairo-1.12.2/debian/patches/09_cff_use_correct_size_for_buffer.patch
--- cairo-1.12.2/debian/patches/09_cff_use_correct_size_for_buffer.patch 1970-01-01 01:00:00.000000000 +0100
+++ cairo-1.12.2/debian/patches/09_cff_use_correct_size_for_buffer.patch 2013-01-31 16:22:46.000000000 +0100
@@ -0,0 +1,22 @@
+From: Adrian Johnson <ajohnson@redneon.com>
+Date: Thu, 5 Jul 2012 21:59:33 +0930
+Subject: cff: use correct size for buffer
+
+Bug 51443
+---
+ src/cairo-cff-subset.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c
+index aeaf5b1..b3b6026 100644
+--- a/src/cairo-cff-subset.c
++++ b/src/cairo-cff-subset.c
+@@ -302,7 +302,7 @@ decode_real (unsigned char *p, double *real)
+ char buffer2[200];
+ char *q;
+ char *buf = buffer;
+- char *buf_end = buffer + sizeof (buf);
++ char *buf_end = buffer + sizeof (buffer);
+
+ locale_data = localeconv ();
+ decimal_point = locale_data->decimal_point;
diff -Nru cairo-1.12.2/debian/patches/10_cff_subsetting_widths_can_be_floating_point.patch cairo-1.12.2/debian/patches/10_cff_subsetting_widths_can_be_floating_point.patch
--- cairo-1.12.2/debian/patches/10_cff_subsetting_widths_can_be_floating_point.patch 1970-01-01 01:00:00.000000000 +0100
+++ cairo-1.12.2/debian/patches/10_cff_subsetting_widths_can_be_floating_point.patch 2013-01-31 16:22:46.000000000 +0100
@@ -0,0 +1,78 @@
+From: Adrian Johnson <ajohnson@redneon.com>
+Date: Tue, 31 Jul 2012 22:52:09 +0930
+Subject: cff subsetting: widths can be floating point
+
+Bug 52972
+---
+ src/cairo-cff-subset.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+Index: cairo-1.12.2/src/cairo-cff-subset.c
+===================================================================
+--- cairo-1.12.2.orig/src/cairo-cff-subset.c 2013-01-26 15:16:34.393671169 +0100
++++ cairo-1.12.2/src/cairo-cff-subset.c 2013-01-26 15:16:34.385671057 +0100
+@@ -1,3 +1,4 @@
++/* -*- Mode: c; tab-width: 8; c-basic-offset: 4; indent-tabs-mode: t; -*- */
+ /* cairo - a vector graphics library with display and print output
+ *
+ * Copyright © 2006 Adrian Johnson
+@@ -152,8 +153,8 @@
+ int units_per_em;
+ int global_sub_bias;
+ int local_sub_bias;
+- int default_width;
+- int nominal_width;
++ double default_width;
++ double nominal_width;
+
+ /* CID Font Data */
+ int *fdselect;
+@@ -162,8 +163,8 @@
+ cairo_hash_table_t **fd_private_dict;
+ cairo_array_t *fd_local_sub_index;
+ int *fd_local_sub_bias;
+- int *fd_default_width;
+- int *fd_nominal_width;
++ double *fd_default_width;
++ double *fd_nominal_width;
+
+ /* Subsetted Font Data */
+ char *subset_font_name;
+@@ -910,8 +911,8 @@
+ cairo_array_t *local_sub_index,
+ int *local_sub_bias,
+ cairo_bool_t **local_subs_used,
+- int *default_width,
+- int *nominal_width,
++ double *default_width,
++ double *nominal_width,
+ unsigned char *ptr,
+ int size)
+ {
+@@ -946,12 +947,12 @@
+ *default_width = 0;
+ operand = cff_dict_get_operands (private_dict, DEFAULTWIDTH_OP, &i);
+ if (operand)
+- decode_integer (operand, default_width);
++ decode_number (operand, default_width);
+
+ *nominal_width = 0;
+ operand = cff_dict_get_operands (private_dict, NOMINALWIDTH_OP, &i);
+ if (operand)
+- decode_integer (operand, nominal_width);
++ decode_number (operand, nominal_width);
+
+ num_subs = _cairo_array_num_elements (local_sub_index);
+ *local_subs_used = calloc (num_subs, sizeof (cairo_bool_t));
+@@ -1468,9 +1469,8 @@
+ *integer = -(p[0] - 251) * 256 - p[1] - 108;
+ p += 2;
+ } else { /* *p == 255 */
+- /* This actually a 16.16 fixed-point number however we are not interested in
+- * the value of fixed-point numbers. */
+- *integer = (p[1] << 24) | (p[2] << 16) | (p[3] << 8) | p[4];
++ /* 16.16 fixed-point number. The fraction is ignored. */
++ *integer = (int16_t)((p[1] << 8) | p[2]);
+ p += 5;
+ }
+ return p;
diff -Nru cairo-1.12.2/debian/patches/11_polygon-reduce_reduce_broken_stopped-edge_continuation.patch cairo-1.12.2/debian/patches/11_polygon-reduce_reduce_broken_stopped-edge_continuation.patch
--- cairo-1.12.2/debian/patches/11_polygon-reduce_reduce_broken_stopped-edge_continuation.patch 1970-01-01 01:00:00.000000000 +0100
+++ cairo-1.12.2/debian/patches/11_polygon-reduce_reduce_broken_stopped-edge_continuation.patch 2013-01-31 16:22:46.000000000 +0100
@@ -0,0 +1,275 @@
+From f228769dfe5a8b5d73c49a41e95e31ed73a77fb3 Mon Sep 17 00:00:00 2001
+From: Chris Wilson <chris@chris-wilson.co.uk>
+Date: Fri, 08 Jun 2012 16:22:41 +0000
+Subject: polygon-reduce: Reduce broken stopped-edge continuation
+
+This is hopefully a lesser used path and the attempted optimisation to
+continue a stopped edge with a colinear stopped edge highly unlikely and
+lost in the noise of the general inefficiency of the routine. As it was
+broken, rather than attempt to rectify the "optimisation" remove it.
+
+Reported-by: Evangelos Foutras <evangelos@foutrelis.com>
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=50852
+Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
+---
+diff --git a/src/cairo-polygon-reduce.c b/src/cairo-polygon-reduce.c
+index 8758070..ea457fe 100644
+--- a/src/cairo-polygon-reduce.c
++++ b/src/cairo-polygon-reduce.c
+@@ -42,6 +42,8 @@
+ #include "cairo-freelist-private.h"
+ #include "cairo-combsort-inline.h"
+
++#define DEBUG_POLYGON 0
++
+ typedef cairo_point_t cairo_bo_point32_t;
+
+ typedef struct _cairo_bo_intersect_ordinate {
+@@ -114,7 +116,6 @@ typedef struct _cairo_bo_event_queue {
+
+ typedef struct _cairo_bo_sweep_line {
+ cairo_bo_edge_t *head;
+- cairo_bo_edge_t *stopped;
+ int32_t current_y;
+ cairo_bo_edge_t *current_edge;
+ } cairo_bo_sweep_line_t;
+@@ -476,8 +477,8 @@ edges_compare_x_for_y (const cairo_bo_edge_t *a,
+ static inline int
+ _line_equal (const cairo_line_t *a, const cairo_line_t *b)
+ {
+- return a->p1.x == b->p1.x && a->p1.y == b->p1.y &&
+- a->p2.x == b->p2.x && a->p2.y == b->p2.y;
++ return (a->p1.x == b->p1.x && a->p1.y == b->p1.y &&
++ a->p2.x == b->p2.x && a->p2.y == b->p2.y);
+ }
+
+ static int
+@@ -1024,7 +1025,6 @@ static void
+ _cairo_bo_sweep_line_init (cairo_bo_sweep_line_t *sweep_line)
+ {
+ sweep_line->head = NULL;
+- sweep_line->stopped = NULL;
+ sweep_line->current_y = INT32_MIN;
+ sweep_line->current_edge = NULL;
+ }
+@@ -1139,6 +1139,8 @@ edges_colinear (const cairo_bo_edge_t *a, const cairo_bo_edge_t *b)
+ */
+ if (a->edge.line.p1.y == b->edge.line.p1.y) {
+ return a->edge.line.p1.x == b->edge.line.p1.x;
++ } else if (a->edge.line.p2.y == b->edge.line.p2.y) {
++ return a->edge.line.p2.x == b->edge.line.p2.x;
+ } else if (a->edge.line.p1.y < b->edge.line.p1.y) {
+ return edge_compare_for_y_against_x (b,
+ a->edge.line.p1.y,
+@@ -1205,82 +1207,48 @@ _active_edges_to_polygon (cairo_bo_edge_t *left,
+ cairo_polygon_t *polygon)
+ {
+ cairo_bo_edge_t *right;
++ unsigned int mask;
+
+- if (fill_rule == CAIRO_FILL_RULE_WINDING) {
+- while (left != NULL) {
+- int in_out = left->edge.dir;
+-
+- right = left->next;
+- if (left->deferred.right == NULL) {
+- while (right != NULL && right->deferred.right == NULL)
+- right = right->next;
+-
+- if (right != NULL && edges_colinear (left, right)) {
+- /* continuation on left */
+- left->deferred = right->deferred;
+- right->deferred.right = NULL;
+- }
+- }
+-
+- right = left->next;
+- while (right != NULL) {
+- if (right->deferred.right != NULL)
+- _cairo_bo_edge_end (right, top, polygon);
+-
+- in_out += right->edge.dir;
+- if (in_out == 0) {
+- cairo_bo_edge_t *next;
+- cairo_bool_t skip = FALSE;
+-
+- /* skip co-linear edges */
+- next = right->next;
+- if (next != NULL)
+- skip = edges_colinear (right, next);
++ if (fill_rule == CAIRO_FILL_RULE_WINDING)
++ mask = ~0;
++ else
++ mask = 1;
+
+- if (! skip)
+- break;
+- }
++ while (left != NULL) {
++ int in_out = left->edge.dir;
+
++ right = left->next;
++ if (left->deferred.right == NULL) {
++ while (right != NULL && right->deferred.right == NULL)
+ right = right->next;
+- }
+-
+- _cairo_bo_edge_start_or_continue (left, right, top, polygon);
+
+- left = right;
+- if (left != NULL)
+- left = left->next;
++ if (right != NULL && edges_colinear (left, right)) {
++ /* continuation on left */
++ left->deferred = right->deferred;
++ right->deferred.right = NULL;
++ }
+ }
+- } else {
+- while (left != NULL) {
+- int in_out = 0;
+
+- right = left->next;
+- while (right != NULL) {
+- if (right->deferred.right != NULL)
+- _cairo_bo_edge_end (right, top, polygon);
++ right = left->next;
++ while (right != NULL) {
++ if (right->deferred.right != NULL)
++ _cairo_bo_edge_end (right, top, polygon);
+
+- if ((in_out++ & 1) == 0) {
+- cairo_bo_edge_t *next;
+- cairo_bool_t skip = FALSE;
+-
+- /* skip co-linear edges */
+- next = right->next;
+- if (next != NULL)
+- skip = edges_colinear (right, next);
+-
+- if (! skip)
+- break;
+- }
+-
+- right = right->next;
++ in_out += right->edge.dir;
++ if ((in_out & mask) == 0) {
++ /* skip co-linear edges */
++ if (right->next == NULL || !edges_colinear (right, right->next))
++ break;
+ }
+
+- _cairo_bo_edge_start_or_continue (left, right, top, polygon);
+-
+- left = right;
+- if (left != NULL)
+- left = left->next;
++ right = right->next;
+ }
++
++ _cairo_bo_edge_start_or_continue (left, right, top, polygon);
++
++ left = right;
++ if (left != NULL)
++ left = left->next;
+ }
+ }
+
+@@ -1303,12 +1271,6 @@ _cairo_bentley_ottmann_tessellate_bo_edges (cairo_bo_event_t **start_events,
+
+ while ((event = _cairo_bo_event_dequeue (&event_queue))) {
+ if (event->point.y != sweep_line.current_y) {
+- for (e1 = sweep_line.stopped; e1; e1 = e1->next) {
+- if (e1->deferred.right != NULL)
+- _cairo_bo_edge_end (e1, e1->edge.bottom, polygon);
+- }
+- sweep_line.stopped = NULL;
+-
+ _active_edges_to_polygon (sweep_line.head,
+ sweep_line.current_y,
+ fill_rule, polygon);
+@@ -1328,23 +1290,6 @@ _cairo_bentley_ottmann_tessellate_bo_edges (cairo_bo_event_t **start_events,
+ if (unlikely (status))
+ goto unwind;
+
+- /* check to see if this is a continuation of a stopped edge */
+- /* XXX change to an infinitesimal lengthening rule */
+- for (left = sweep_line.stopped; left; left = left->next) {
+- if (e1->edge.top <= left->edge.bottom &&
+- edges_colinear (e1, left))
+- {
+- e1->deferred = left->deferred;
+- if (left->prev != NULL)
+- left->prev = left->next;
+- else
+- sweep_line.stopped = left->next;
+- if (left->next != NULL)
+- left->next->prev = left->prev;
+- break;
+- }
+- }
+-
+ left = e1->prev;
+ right = e1->next;
+
+@@ -1371,14 +1316,8 @@ _cairo_bentley_ottmann_tessellate_bo_edges (cairo_bo_event_t **start_events,
+
+ _cairo_bo_sweep_line_delete (&sweep_line, e1);
+
+- /* first, check to see if we have a continuation via a fresh edge */
+- if (e1->deferred.right != NULL) {
+- e1->next = sweep_line.stopped;
+- if (sweep_line.stopped != NULL)
+- sweep_line.stopped->prev = e1;
+- sweep_line.stopped = e1;
+- e1->prev = NULL;
+- }
++ if (e1->deferred.right != NULL)
++ _cairo_bo_edge_end (e1, e1->edge.bottom, polygon);
+
+ if (left != NULL && right != NULL) {
+ status = _cairo_bo_event_queue_insert_if_intersect_below_current_y (&event_queue, left, right);
+@@ -1420,10 +1359,6 @@ _cairo_bentley_ottmann_tessellate_bo_edges (cairo_bo_event_t **start_events,
+ }
+ }
+
+- for (e1 = sweep_line.stopped; e1; e1 = e1->next) {
+- if (e1->deferred.right != NULL)
+- _cairo_bo_edge_end (e1, e1->edge.bottom, polygon);
+- }
+ unwind:
+ _cairo_bo_event_queue_fini (&event_queue);
+
+@@ -1447,6 +1382,12 @@ _cairo_polygon_reduce (cairo_polygon_t *polygon,
+ if (unlikely (0 == num_events))
+ return CAIRO_STATUS_SUCCESS;
+
++ if (DEBUG_POLYGON) {
++ FILE *file = fopen ("reduce_in.txt", "w");
++ _cairo_debug_print_polygon (file, polygon);
++ fclose (file);
++ }
++
+ events = stack_events;
+ event_ptrs = stack_event_ptrs;
+ if (num_events > ARRAY_LENGTH (stack_events)) {
+@@ -1482,10 +1423,16 @@ _cairo_polygon_reduce (cairo_polygon_t *polygon,
+ num_events,
+ fill_rule,
+ polygon);
+- polygon->num_limits = num_limits;
++ polygon->num_limits = num_limits;
+
+ if (events != stack_events)
+ free (events);
+
++ if (DEBUG_POLYGON) {
++ FILE *file = fopen ("reduce_out.txt", "w");
++ _cairo_debug_print_polygon (file, polygon);
++ fclose (file);
++ }
++
+ return status;
+ }
+--
+cgit v0.9.0.2-2-gbebe
diff -Nru cairo-1.12.2/debian/patches/intersect-dereference.diff cairo-1.12.2/debian/patches/intersect-dereference.diff
--- cairo-1.12.2/debian/patches/intersect-dereference.diff 1970-01-01 01:00:00.000000000 +0100
+++ cairo-1.12.2/debian/patches/intersect-dereference.diff 2013-01-31 16:22:46.000000000 +0100
@@ -0,0 +1,13 @@
+Index: cairo-1.12.2/src/cairo-polygon-intersect.c
+===================================================================
+--- cairo-1.12.2.orig/src/cairo-polygon-intersect.c 2012-04-19 13:17:58.000000000 +0100
++++ cairo-1.12.2/src/cairo-polygon-intersect.c 2013-01-26 23:08:54.000000000 +0000
+@@ -1231,6 +1231,8 @@
+ } while (1);
+
+ right = left->next;
++ if (!right)
++ return;
+ do {
+ if unlikely ((right->deferred.other))
+ edges_end (right, top, polygon);
diff -Nru cairo-1.12.2/debian/patches/series cairo-1.12.2/debian/patches/series
--- cairo-1.12.2/debian/patches/series 2012-04-30 14:25:25.000000000 +0200
+++ cairo-1.12.2/debian/patches/series 2013-01-31 16:22:46.000000000 +0100
@@ -3,3 +3,9 @@
03_export-symbols.patch
05-flto.patch
06_hurd-map-noreserve.patch
+07_cff-subsetting-Ignore-charset-for-non-cid-fonts.patch
+08_cff_convert_._to_locale_specific_decimal_point_befor.patch
+09_cff_use_correct_size_for_buffer.patch
+10_cff_subsetting_widths_can_be_floating_point.patch
+11_polygon-reduce_reduce_broken_stopped-edge_continuation.patch
+intersect-dereference.diff
Reply to: