oss-sec mailing list archives
Re: libass ass_outline.c signed integer overflow
From: "David A. Wheeler" <dwheeler () dwheeler com>
Date: Thu, 19 Nov 2020 11:54:07 -0500
On Nov 19, 2020, at 12:34 AM, Ian Zimmerman <itz () very loosely org> wrote: On 2020-09-29 08:19, Fstark wrote:In `ass_outline_construct`'s call to `outline_stroke` a signed integer overflow happens *(undefined behaviour)*. On my machine signed overflow happens to wrap around to a negative value, thus failing the assert. https://github.com/libass/libass/issues/431 https://github.com/libass/libass/pull/432I have followed the links above, and this seems to be an example of a situation where the CVE process has failed. It is still not fixed in Debian, possibly for that reason. I'll report a Debian bug today.
I read through the issue discussion. As best as I can tell, no one filed for a CVE, so there was no CVE. Did I misunderstand something? If my understanding is correct, that is *NOT* a failure of the CVE process. --- David A. Wheeler
Current thread:
- Re: libass ass_outline.c signed integer overflow Ian Zimmerman (Nov 18)
- Re: libass ass_outline.c signed integer overflow David A. Wheeler (Nov 19)
- Re: libass ass_outline.c signed integer overflow Moritz Mühlenhoff (Nov 19)
- Re: libass ass_outline.c signed integer overflow Ian Zimmerman (Nov 19)
- Re: Re: libass ass_outline.c signed integer overflow Salvatore Bonaccorso (Nov 19)
- Re: libass ass_outline.c signed integer overflow David A. Wheeler (Nov 19)