--- Waterfox-Classic-2022.11-classic/gfx/cairo/cairo/src/cairo-ft-font.c +++ Waterfox-Classic-2022.11-classic/gfx/cairo/cairo/src/cairo-ft-font.c @@ -1618,17 +1618,17 @@ width = x_max - x_min; height = y_max - y_min; transformed_to_original = original_to_transformed; status = cairo_matrix_invert (&transformed_to_original); if (unlikely (status)) return status; - if (cairo_image_surface_get_format (*surface) == CAIRO_FORMAT_ARGB32 && + if ((*surface)->format == CAIRO_FORMAT_ARGB32 && !pixman_image_get_component_alpha ((*surface)->pixman_image)) image = cairo_image_surface_create (CAIRO_FORMAT_ARGB32, width, height); else image = cairo_image_surface_create (CAIRO_FORMAT_A8, width, height); if (unlikely (image->status)) return image->status; /* Draw the original bitmap transformed into the new bitmap --- Waterfox-Classic-2022.11-classic/gfx/cairo/cairo/src/cairo-surface.c +++ Waterfox-Classic-2022.11-classic/gfx/cairo/cairo/src/cairo-surface.c @@ -1449,26 +1449,16 @@ if (surface->backend->acquire_source_image == NULL) return CAIRO_INT_STATUS_UNSUPPORTED; status = surface->backend->acquire_source_image (surface, image_out, image_extra); if (unlikely (status)) return _cairo_surface_set_error (surface, status); - if (PIXMAN_FORMAT_BPP((*image_out)->pixman_format) == 0) { - volatile char* acquire_source_image_ptr[10]; - volatile char* crasher; - int i; - for (i = 0; i < 10; i++) { - acquire_source_image_ptr[i] = (char*)surface->backend->acquire_source_image; - } - crasher = NULL; - *crasher = acquire_source_image_ptr[5]; - } _cairo_debug_check_image_surface_is_defined (&(*image_out)->base); return CAIRO_STATUS_SUCCESS; } /** * _cairo_surface_release_source_image: * @surface: a #cairo_surface_t --- Waterfox-Classic-2022.11-classic/gfx/cairo/libpixman/src/pixman-image.c +++ Waterfox-Classic-2022.11-classic/gfx/cairo/libpixman/src/pixman-image.c @@ -28,35 +28,16 @@ #include #include #include #include "pixman-private.h" static const pixman_color_t transparent_black = { 0, 0, 0, 0 }; -/** - ** bug 1293598 - clean up every pointer after free to avoid - ** "dereferencing freed memory" problem - **/ -#define PIXMAN_POSION - -static void -free_memory (void** p) -{ -#ifdef PIXMAN_POISON - if (*p) { -#endif - free (*p); -#ifdef PIXMAN_POISON - *p = NULL; - } -#endif -} - static void gradient_property_changed (pixman_image_t *image) { gradient_t *gradient = &image->gradient; int n = gradient->n_stops; pixman_gradient_stop_t *stops = gradient->stops; pixman_gradient_stop_t *begin = &(gradient->stops[-1]); pixman_gradient_stop_t *end = &(gradient->stops[n]); @@ -159,45 +140,42 @@ if (common->ref_count == 0) { if (image->common.destroy_func) image->common.destroy_func (image, image->common.destroy_data); pixman_region32_fini (&common->clip_region); - free_memory (&common->transform); - free_memory (&common->filter_params); + free (common->transform); + free (common->filter_params); if (common->alpha_map) pixman_image_unref ((pixman_image_t *)common->alpha_map); if (image->type == LINEAR || image->type == RADIAL || image->type == CONICAL) { if (image->gradient.stops) { /* See _pixman_init_gradient() for an explanation of the - 1 */ - void *addr = image->gradient.stops - 1; - free_memory (&addr); + free (image->gradient.stops - 1); } /* This will trigger if someone adds a property_changed * method to the linear/radial/conical gradient overwriting * the general one. */ assert ( image->common.property_changed == gradient_property_changed); } - if (image->type == BITS && image->bits.free_me) { - free_memory (&image->bits.free_me); - image->bits.bits = NULL; - } + if (image->type == BITS && image->bits.free_me) + free (image->bits.free_me); return TRUE; } return FALSE; } @@ -228,17 +206,17 @@ } /* returns TRUE when the image is freed */ PIXMAN_EXPORT pixman_bool_t pixman_image_unref (pixman_image_t *image) { if (_pixman_image_fini (image)) { - free_memory (&image); + free (image); return TRUE; } return FALSE; } PIXMAN_EXPORT void pixman_image_set_destroy_function (pixman_image_t * image, --- Waterfox-Classic-2022.11-classic/gfx/cairo/libpixman/src/pixman-implementation.c +++ Waterfox-Classic-2022.11-classic/gfx/cairo/libpixman/src/pixman-implementation.c @@ -207,17 +207,17 @@ f = imp->combine_32[op]; break; case 3: /* narrow, component_alpha */ f = imp->combine_32_ca[op]; break; } if (rgb16) - f = (pixman_combine_32_func_t *)imp->combine_16[op]; + f = (pixman_combine_32_func_t)imp->combine_16[op]; if (f) return f; imp = imp->fallback; } /* We should never reach this point */ --- Waterfox-Classic-2022.11-classic/gfx/cairo/libpixman/src/pixman-radial-gradient.c +++ Waterfox-Classic-2022.11-classic/gfx/cairo/libpixman/src/pixman-radial-gradient.c @@ -485,17 +485,17 @@ * A < 0 <=> one of the two circles completely contains the other one * <=> for every p, the radiuses associated with the two t solutions * have opposite sign */ pixman_image_t *image = iter->image; int x = iter->x; int y = iter->y; int width = iter->width; - uint16_t *buffer = iter->buffer; + uint16_t *buffer = (uint16_t *)iter->buffer; pixman_bool_t toggle = ((x ^ y) & 1); gradient_t *gradient = (gradient_t *)image; radial_gradient_t *radial = (radial_gradient_t *)image; uint16_t *end = buffer + width; pixman_gradient_walker_t walker; pixman_vector_t v, unit;