oss-sec mailing list archives
Re: [Pixman] create_bits(): Cast the result of height * stride to size_t
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Wed, 24 Feb 2016 10:26:40 -0800
On 02/24/16 04:10 AM, Gustavo Grieco wrote:
Hi, There is an (old) integer overflow in create_bits in the pixman library. Patch and details are available here: https://web.archive.org/web/20141227044037/http://lists.freedesktop.org/archives/pixman/2014-April/003244.html
The quoted patch was applied to the master branch of the pixman git repo as: https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3 and to the pixman-0.32 branch as: https://cgit.freedesktop.org/pixman/commit/?id=50d7b5fa8ea2ae119f35c20ab0dd0413d5103cbb It is included in pixman 0.32.6 and later releases. -- -Alan Coopersmith- alan.coopersmith () oracle com Oracle Solaris Engineering - http://blogs.oracle.com/alanc
Current thread:
- [Pixman] create_bits(): Cast the result of height * stride to size_t Gustavo Grieco (Feb 24)
- Re: [Pixman] create_bits(): Cast the result of height * stride to size_t cve-assign (Feb 24)
- Re: [Pixman] create_bits(): Cast the result of height * stride to size_t Alan Coopersmith (Feb 25)