From f1f58f2af6aeceebf299b0d5b565a38548ab0df2 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Jan 29 2015 20:33:49 +0000
Subject: Add patch to fix crashes in dot. Fixes bug #1183242


---

diff --git a/cairo-fix_crash_in_fill_xrgb32_lerp_opaque_spans.patch b/cairo-fix_crash_in_fill_xrgb32_lerp_opaque_spans.patch
new file mode 100644
index 0000000..885571a
--- /dev/null
+++ b/cairo-fix_crash_in_fill_xrgb32_lerp_opaque_spans.patch
@@ -0,0 +1,32 @@
+From 5c82d91a5e15d29b1489dcb413b24ee7fdf59934 Mon Sep 17 00:00:00 2001
+From: Bryce Harrington <bryce@osg.samsung.com>
+Date: Wed, 3 Dec 2014 19:28:15 -0800
+Subject: image: Fix crash in _fill_xrgb32_lerp_opaque_spans
+
+If a span length is negative don't go out of bounds processing the fill
+data.
+
+Patch thanks to Ilya Sakhnenko <ilia.softway@gmail.com> on mailing list.
+
+Signed-off-by: Bryce Harrington <bryce@osg.samsung.com>
+
+diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c
+index 6ff0f09..48072f8 100644
+--- a/src/cairo-image-compositor.c
++++ b/src/cairo-image-compositor.c
+@@ -2242,10 +2242,10 @@ _fill_xrgb32_lerp_opaque_spans (void *abstract_renderer, int y, int h,
+ 				     spans[0].x, y, len, 1, r->u.fill.pixel);
+ 		    } else {
+ 			uint32_t *d = (uint32_t*)(r->u.fill.data + r->u.fill.stride*y + spans[0].x*4);
+-			while (len--)
++			while (len-- > 0)
+ 			    *d++ = r->u.fill.pixel;
+ 		    }
+-		} else while (len--) {
++		} else while (len-- > 0) {
+ 		    *d = lerp8x4 (r->u.fill.pixel, a, *d);
+ 		    d++;
+ 		}
+-- 
+cgit v0.10.2
+
diff --git a/cairo.spec b/cairo.spec
index 3724494..5b59044 100644
--- a/cairo.spec
+++ b/cairo.spec
@@ -5,7 +5,7 @@
 Summary:	A 2D graphics library
 Name:		cairo
 Version:	1.14.0
-Release:	1%{?dist}
+Release:	2%{?dist}
 URL:		http://cairographics.org
 Source0:	http://cairographics.org/releases/%{name}-%{version}.tar.xz
 License:	LGPLv2 or MPLv1.1
@@ -14,6 +14,12 @@ Group:		System Environment/Libraries
 Patch0:		0001-xlib-Don-t-crash-when-swapping-a-0-sized-glyph.patch
 Patch1:		0002-xcb-Don-t-crash-when-swapping-a-0-sized-glyph.patch
 Patch3:         cairo-multilib.patch
+#
+# Fix for dot crashes
+# https://bugzilla.redhat.com/show_bug.cgi?id=1183242
+# Already upstreamed: 
+# http://cgit.freedesktop.org/cairo/patch/src/cairo-image-compositor.c?id=5c82d91a5e15d29b1489dcb413b24ee7fdf59934
+Patch4:         cairo-fix_crash_in_fill_xrgb32_lerp_opaque_spans.patch
 
 BuildRequires: pkgconfig
 BuildRequires: libXrender-devel
@@ -91,6 +97,7 @@ This package contains tools for working with the cairo graphics library.
 %patch0 -p1 -b .xlib-swap
 %patch1 -p1 -b .xcb-swap
 %patch3 -p1 -b .multilib
+%patch4 -p1
 
 %build
 %configure --disable-static	\
@@ -174,6 +181,9 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la
 %{_libdir}/cairo/
 
 %changelog
+* Thu Jan 29 2015 Kevin Fenzi <kevin@scrye.com> 1.14.0-2
+- Add patch to fix crashes in dot. Fixes bug #1183242
+
 * Sun Nov 23 2014 Kalev Lember <kalevlember@gmail.com> - 1.14.0-1
 - Update to 1.14.0