clutter/actor: Don't write uninitialized out values on failed transform (!3453) · Merge requests · GNOME / mutter

Sebastian Keller requested to merge skeller/mutter:actor-transformed-position-uninitialized-write into main Dec 15, 2023

clutter_actor_get_transformed_position() would write the uninitialized values of v2 when clutter_actor_apply_transform_to_point() fails in _clutter_actor_fully_transform_vertices() because the actor has not been added to the stage yet.

When called from JS this would overwrite the zero initialized values passed in from gjs. If the uninitialized values now happen to correspond to one of the NaN float values used by mozjs to represent a pointer type, this would lead to seemingly random crashes in mozjs code later on.

Avoid this by using _clutter_actor_fully_transform_vertices() directly, which allows us to check if it failed.

clutter/actor: Don't write uninitialized out values on failed transform

Merge request reports