mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 22:08:16 -05:00
56ac2bf442
* gnu/packages/patches/pixman-CVE-2016-5296.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/xdisorg.scm (pixman)[replacement]: New field. (pixman/fixed): New variable.
19 lines
729 B
Diff
19 lines
729 B
Diff
Fix CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
|
|
Adapted for upstream pixman based on:
|
|
|
|
https://hg.mozilla.org/releases/mozilla-esr45/rev/5e39c1c2fded
|
|
|
|
--- pixman-0.34.0/pixman/pixman-edge-imp.h.orig 2015-06-30 05:48:31.000000000 -0400
|
|
+++ pixman-0.34.0/pixman/pixman-edge-imp.h 2016-11-16 01:09:34.046335106 -0500
|
|
@@ -55,8 +55,9 @@
|
|
*
|
|
* (The AA case does a similar adjustment in RENDER_SAMPLES_X)
|
|
*/
|
|
- lx += X_FRAC_FIRST(1) - pixman_fixed_e;
|
|
- rx += X_FRAC_FIRST(1) - pixman_fixed_e;
|
|
+ /* we cast to unsigned to get defined behaviour for overflow */
|
|
+ lx = (unsigned)lx + X_FRAC_FIRST(1) - pixman_fixed_e;
|
|
+ rx = (unsigned)rx + X_FRAC_FIRST(1) - pixman_fixed_e;
|
|
#endif
|
|
/* clip X */
|
|
if (lx < 0)
|