oss-sec mailing list archives

Re: libass ass_outline.c signed integer overflow

From: Ian Zimmerman <itz () very loosely org>
Date: Wed, 18 Nov 2020 21:34:16 -0800

On 2020-09-29 08:19, Fstark wrote:

In `ass_outline_construct`'s call to `outline_stroke` a signed integer
overflow happens *(undefined behaviour)*. On my machine signed overflow
happens to wrap around to a negative value, thus failing the assert.
https://github.com/libass/libass/issues/431

https://github.com/libass/libass/pull/432


I have followed the links above, and this seems to be an example of a
situation where the CVE process has failed. It is still not fixed in
Debian, possibly for that reason. I'll report a Debian bug today.

-- 
Ian

Current thread:

Re: libass ass_outline.c signed integer overflow Ian Zimmerman (Nov 18)
- Re: libass ass_outline.c signed integer overflow David A. Wheeler (Nov 19)
  - Re: libass ass_outline.c signed integer overflow Moritz Mühlenhoff (Nov 19)
  - Re: libass ass_outline.c signed integer overflow Ian Zimmerman (Nov 19)
    - Re: Re: libass ass_outline.c signed integer overflow Salvatore Bonaccorso (Nov 19)