From cbc8a92011d3a439b25201039941aac803870ec2 Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Mon, 27 Aug 2018 19:48:55 +0200
Subject: [PATCH] gnu: cairo: Fix undefined behaviour.

This fixes <https://bugs.freedesktop.org/show_bug.cgi?id=104325> which showed
up in Guix as an infinite loop during cairocffi tests.

* gnu/packages/patches/cairo-setjmp-wrapper.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/gtk.scm (cairo)[source](patches): Add it.
---
 gnu/local.mk                                  |  1 +
 gnu/packages/gtk.scm                          |  3 +-
 .../patches/cairo-setjmp-wrapper.patch        | 78 +++++++++++++++++++
 3 files changed, 81 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/cairo-setjmp-wrapper.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 0c74914a16..c62e6ea50e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -595,6 +595,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/boost-fix-icu-build.patch		\
   %D%/packages/patches/byobu-writable-status.patch		\
   %D%/packages/patches/cairo-CVE-2016-9082.patch			\
+  %D%/packages/patches/cairo-setjmp-wrapper.patch		\
   %D%/packages/patches/calibre-no-updates-dialog.patch		\
   %D%/packages/patches/calibre-use-packaged-feedparser.patch	\
   %D%/packages/patches/catdoc-CVE-2017-11110.patch		\
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index 1cf99f8db1..3322860d83 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -120,7 +120,8 @@ tools have full access to view and control running applications.")
             (sha256
              (base32
               "05mzyxkvsfc1annjw2dja8vka01ampp9pp93lg09j8hba06g144c"))
-            (patches (search-patches "cairo-CVE-2016-9082.patch"))))
+            (patches (search-patches "cairo-CVE-2016-9082.patch"
+                                     "cairo-setjmp-wrapper.patch"))))
    (build-system gnu-build-system)
    (propagated-inputs
     `(("fontconfig" ,fontconfig)
diff --git a/gnu/packages/patches/cairo-setjmp-wrapper.patch b/gnu/packages/patches/cairo-setjmp-wrapper.patch
new file mode 100644
index 0000000000..bffac6e041
--- /dev/null
+++ b/gnu/packages/patches/cairo-setjmp-wrapper.patch
@@ -0,0 +1,78 @@
+Revert faulty commit to avoid undefined behaviour:
+https://bugs.freedesktop.org/show_bug.cgi?id=104325
+
+Taken from this upstream commit:
+https://cgit.freedesktop.org/cairo/commit/?h=1.14&id=2acc4382c54bd8239361ceed14423412a343d311
+
+diff --git a/src/cairo-bentley-ottmann-rectangular.c b/src/cairo-bentley-ottmann-rectangular.c
+index cb2e30c..5541bdc 100644
+--- a/src/cairo-bentley-ottmann-rectangular.c
++++ b/src/cairo-bentley-ottmann-rectangular.c
+@@ -593,12 +593,6 @@ sweep_line_insert (sweep_line_t	*sweep, rectangle_t *rectangle)
+     pqueue_push (sweep, rectangle);
+ }
+ 
+-static int
+-sweep_line_setjmp (sweep_line_t *sweep_line)
+-{
+-    return setjmp (sweep_line->unwind);
+-}
+-
+ static cairo_status_t
+ _cairo_bentley_ottmann_tessellate_rectangular (rectangle_t	**rectangles,
+ 					       int			  num_rectangles,
+@@ -615,7 +609,7 @@ _cairo_bentley_ottmann_tessellate_rectangular (rectangle_t	**rectangles,
+ 		     rectangles, num_rectangles,
+ 		     fill_rule,
+ 		     do_traps, container);
+-    if ((status = sweep_line_setjmp (&sweep_line)))
++    if ((status = setjmp (sweep_line.unwind)))
+ 	return status;
+ 
+     rectangle = rectangle_pop_start (&sweep_line);
+diff --git a/src/cairo-png.c b/src/cairo-png.c
+index e64b14a..068617d 100644
+--- a/src/cairo-png.c
++++ b/src/cairo-png.c
+@@ -158,14 +158,6 @@ png_simple_warning_callback (png_structp png,
+      */
+ }
+ 
+-static int
+-png_setjmp (png_struct *png)
+-{
+-#ifdef PNG_SETJMP_SUPPORTED
+-    return setjmp (png_jmpbuf (png));
+-#endif
+-    return 0;
+-}
+ 
+ /* Starting with libpng-1.2.30, we must explicitly specify an output_flush_fn.
+  * Otherwise, we will segfault if we are writing to a stream. */
+@@ -237,8 +229,10 @@ write_png (cairo_surface_t	*surface,
+ 	goto BAIL4;
+     }
+ 
+-    if (png_setjmp (png))
++#ifdef PNG_SETJMP_SUPPORTED
++    if (setjmp (png_jmpbuf (png)))
+ 	goto BAIL4;
++#endif
+ 
+     png_set_write_fn (png, closure, write_func, png_simple_output_flush_fn);
+ 
+@@ -577,11 +571,12 @@ read_png (struct png_read_closure_t *png_closure)
+     png_set_read_fn (png, png_closure, stream_read_func);
+ 
+     status = CAIRO_STATUS_SUCCESS;
+-
+-    if (png_setjmp (png)) {
++#ifdef PNG_SETJMP_SUPPORTED
++    if (setjmp (png_jmpbuf (png))) {
+ 	surface = _cairo_surface_create_in_error (status);
+ 	goto BAIL;
+     }
++#endif
+ 
+     png_read_info (png, info);
+