gtkprintbackendfile: Fix infinite loop in _cairo_write()

It can happen if the io channel has been closed. In that case
g_io_channel_write_chars() returns early because of a g_return macro
that checks if the io channel is writable. When returning from g_return
macros, the bytes written output parameter is not updated and the error
is not filled, so the error is not detected and the written variable is
used uninitialized. We should check the return value of
g_io_channel_write_chars() to break the loop.

https://bugzilla.gnome.org/show_bug.cgi?id=685419

diff --git a/modules/printbackends/file/gtkprintbackendfile.c b/modules/printbackends/file/gtkprintbackendfile.c
index 843ce59f493332769b374441d0352690677c0ac7..9fe2d78b30e14089928cc78b1986b5380bbbfe38 100644 (file)
--- a/modules/printbackends/file/gtkprintbackendfile.c
+++ b/modules/printbackends/file/gtkprintbackendfile.c
@@ -291,7 +291,7 @@ _cairo_write (void                *closure,
               unsigned int         length)
 {
   GIOChannel *io = (GIOChannel *)closure;
-  gsize written;
+  gsize written = 0;
   GError *error;
 
   error = NULL;
@@ -301,14 +301,20 @@ _cairo_write (void                *closure,
 
   while (length > 0) 
     {
-      g_io_channel_write_chars (io, (const gchar *) data, length, &written, &error);
+      GIOStatus status;
 
-      if (error != NULL)
-       {
-         GTK_NOTE (PRINTING,
-                     g_print ("FILE Backend: Error writting to temp file, %s\n", error->message));
+      status = g_io_channel_write_chars (io, (const gchar *) data, length, &written, &error);
+
+      if (status == G_IO_STATUS_ERROR)
+        {
+          if (error != NULL)
+            {
+              GTK_NOTE (PRINTING,
+                        g_print ("FILE Backend: Error writting to temp file, %s\n", error->message));
+
+              g_error_free (error);
+            }
 
-          g_error_free (error);
          return CAIRO_STATUS_WRITE_ERROR;
        }