From 01a8bf01c6508a4fea8d40371c3049e7a2f7908a Mon Sep 17 00:00:00 2001
From: Chris Wilson <chris@chris-wilson.co.uk>
Date: Fri, 15 Mar 2013 09:08:00 +0000
Subject: mempool: Reduce an assert into an error return for get_buddy()

If we ask for a buddy that is outside of our allocation that is an
error that should not happen with a power-of-two allocated zone...
However, since it has been seen in the wild, we can safely return that
there is no buddy rather than die in a too-late assert.

Reported-by: Anton Eliasson <devel@antoneliasson.se>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
---
 src/cairo-mempool.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/cairo-mempool.c b/src/cairo-mempool.c
index 96e4a62b..751ede32 100644
--- a/src/cairo-mempool.c
+++ b/src/cairo-mempool.c
@@ -157,7 +157,8 @@ get_buddy (cairo_mempool_t *pool, size_t offset, int bits)
 {
     struct _cairo_memblock *block;
 
-    assert (offset + (1 << bits) <= pool->num_blocks);
+    if (offset + (1 << bits) >= pool->num_blocks)
+	return NULL; /* invalid */
 
     if (BITTEST (pool, offset + (1 << bits) - 1))
 	return NULL; /* buddy is allocated */
-- 
cgit v1.2.3