Prevent potentially infinite wandering through memeory in _cairo_hull_prev_valid

It is possible for _cairo_hull_prev_valid to be called just once right before the calling loop is going to terminate. In this case we really don't want to walk off the beginning of the array and start wandering. Thanks to Jonathan Watt for noticing this problem: https://bugzilla.mozilla.org/show_bug.cgi?id=306649#c21
author: Carl Worth <cworth@cworth.org> 2008-04-08 01:54:27 -0700
committer: Carl Worth <cworth@cworth.org> 2008-04-08 01:54:27 -0700
commit: c26a7de9707e26d0552b0fedcd4bf2e0ba6542b2 (patch)
tree: 6dc1f532dc729fd49b5bcce93fb6137e83728c0a
parent: c19133eb9ab31bbdc7e82573033e513e9eb867f2 (diff)
download: cairo-c26a7de9707e26d0552b0fedcd4bf2e0ba6542b2.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/src/cairo-hull.c b/src/cairo-hull.c
index 73d95c554..ccdb34d45 100644
--- a/src/cairo-hull.c
+++ b/src/cairo-hull.c
@@ -125,8 +125,13 @@ _cairo_hull_vertex_compare (const void *av, const void *bv)
 static int
 _cairo_hull_prev_valid (cairo_hull_t *hull, int num_hull, int index)
 {
+    /* hull[0] is always valid, and we never need to wraparound, (if
+     * we are passed an index of 0 here, then the calling loop is just
+     * about to terminate). */
+    if (index == 0)
+	return 0;
+
     do {
-	/* hull[0] is always valid, so don't test and wraparound */
 	index--;
     } while (hull[index].discard);
author	Carl Worth <cworth@cworth.org>	2008-04-08 01:54:27 -0700
committer	Carl Worth <cworth@cworth.org>	2008-04-08 01:54:27 -0700
commit	c26a7de9707e26d0552b0fedcd4bf2e0ba6542b2 (patch)
tree	6dc1f532dc729fd49b5bcce93fb6137e83728c0a
parent	c19133eb9ab31bbdc7e82573033e513e9eb867f2 (diff)
download	cairo-c26a7de9707e26d0552b0fedcd4bf2e0ba6542b2.tar.gz