Commit | Line | Data |
---|---|---|
56ac2bf4 MW |
1 | Fix CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 |
2 | Adapted for upstream pixman based on: | |
3 | ||
4 | https://hg.mozilla.org/releases/mozilla-esr45/rev/5e39c1c2fded | |
5 | ||
6 | --- pixman-0.34.0/pixman/pixman-edge-imp.h.orig 2015-06-30 05:48:31.000000000 -0400 | |
7 | +++ pixman-0.34.0/pixman/pixman-edge-imp.h 2016-11-16 01:09:34.046335106 -0500 | |
8 | @@ -55,8 +55,9 @@ | |
9 | * | |
10 | * (The AA case does a similar adjustment in RENDER_SAMPLES_X) | |
11 | */ | |
12 | - lx += X_FRAC_FIRST(1) - pixman_fixed_e; | |
13 | - rx += X_FRAC_FIRST(1) - pixman_fixed_e; | |
14 | + /* we cast to unsigned to get defined behaviour for overflow */ | |
15 | + lx = (unsigned)lx + X_FRAC_FIRST(1) - pixman_fixed_e; | |
16 | + rx = (unsigned)rx + X_FRAC_FIRST(1) - pixman_fixed_e; | |
17 | #endif | |
18 | /* clip X */ | |
19 | if (lx < 0) |