oss-sec mailing list archives
Re: libass ass_outline.c signed integer overflow
From: Ian Zimmerman <itz () very loosely org>
Date: Wed, 18 Nov 2020 21:34:16 -0800
On 2020-09-29 08:19, Fstark wrote:
In `ass_outline_construct`'s call to `outline_stroke` a signed integer overflow happens *(undefined behaviour)*. On my machine signed overflow happens to wrap around to a negative value, thus failing the assert. https://github.com/libass/libass/issues/431 https://github.com/libass/libass/pull/432
I have followed the links above, and this seems to be an example of a situation where the CVE process has failed. It is still not fixed in Debian, possibly for that reason. I'll report a Debian bug today. -- Ian
Current thread:
- Re: libass ass_outline.c signed integer overflow Ian Zimmerman (Nov 18)
- Re: libass ass_outline.c signed integer overflow David A. Wheeler (Nov 19)
- Re: libass ass_outline.c signed integer overflow Moritz Mühlenhoff (Nov 19)
- Re: libass ass_outline.c signed integer overflow Ian Zimmerman (Nov 19)
- Re: Re: libass ass_outline.c signed integer overflow Salvatore Bonaccorso (Nov 19)
- Re: libass ass_outline.c signed integer overflow David A. Wheeler (Nov 19)