From c86d8a23c3464f75b976af915f0926b5dfc10241 Mon Sep 17 00:00:00 2001 From: Sebastian Keller Date: Fri, 15 Dec 2023 00:47:34 +0100 Subject: [PATCH] clutter/actor: Don't write uninitialized out values on failed transform clutter_actor_get_transformed_position() would write the uninitialized values of v2 when clutter_actor_apply_transform_to_point() fails in _clutter_actor_fully_transform_vertices() because the actor has not been added to the stage yet. When called from JS this would overwrite the zero initialized values passed in from gjs. If the uninitialized values now happen to correspond to one of the NaN float values used by mozjs to represent a pointer type, this would lead to seemingly random crashes in mozjs code later on. Avoid this by using _clutter_actor_fully_transform_vertices() directly, which allows us to check if it failed. Related: https://gitlab.gnome.org/GNOME/gnome-shell-extensions/-/issues/469 Related: https://gitlab.gnome.org/GNOME/gjs/-/issues/591 Part-of: --- clutter/clutter/clutter-actor.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/clutter/clutter/clutter-actor.c b/clutter/clutter/clutter-actor.c index 3d34b0bff..dcada9d7b 100644 --- a/clutter/clutter/clutter-actor.c +++ b/clutter/clutter/clutter-actor.c @@ -9472,7 +9472,9 @@ clutter_actor_get_transformed_position (ClutterActor *self, graphene_point3d_t v2; v1.x = v1.y = v1.z = 0; - clutter_actor_apply_transform_to_point (self, &v1, &v2); + + if (!_clutter_actor_fully_transform_vertices (self, &v1, &v2, 1)) + return; if (x) *x = v2.x;