diff options
| author | Leo Famulari <leo@famulari.name> | 2016-11-23 22:24:52 -0500 |
|---|---|---|
| committer | Leo Famulari <leo@famulari.name> | 2016-11-23 22:24:52 -0500 |
| commit | 2ac7d54616819c65405ea27260dbff462160f290 (patch) | |
| tree | 4c82001f0855ebab05ab342e342a680c533b9bf9 /gnu/packages/patches/pixman-CVE-2016-5296.patch | |
| parent | 61320932edb42e78fb377b5d11cd6ecb32e2f9e6 (diff) | |
| parent | 1c9f78eca1f7e169562abaaa882fd94d845208af (diff) | |
| download | guix-2ac7d54616819c65405ea27260dbff462160f290.tar guix-2ac7d54616819c65405ea27260dbff462160f290.tar.gz | |
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches/pixman-CVE-2016-5296.patch')
| -rw-r--r-- | gnu/packages/patches/pixman-CVE-2016-5296.patch | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/gnu/packages/patches/pixman-CVE-2016-5296.patch b/gnu/packages/patches/pixman-CVE-2016-5296.patch new file mode 100644 index 0000000000..21942326ae --- /dev/null +++ b/gnu/packages/patches/pixman-CVE-2016-5296.patch @@ -0,0 +1,19 @@ +Fix CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 +Adapted for upstream pixman based on: + + https://hg.mozilla.org/releases/mozilla-esr45/rev/5e39c1c2fded + +--- pixman-0.34.0/pixman/pixman-edge-imp.h.orig 2015-06-30 05:48:31.000000000 -0400 ++++ pixman-0.34.0/pixman/pixman-edge-imp.h 2016-11-16 01:09:34.046335106 -0500 +@@ -55,8 +55,9 @@ + * + * (The AA case does a similar adjustment in RENDER_SAMPLES_X) + */ +- lx += X_FRAC_FIRST(1) - pixman_fixed_e; +- rx += X_FRAC_FIRST(1) - pixman_fixed_e; ++ /* we cast to unsigned to get defined behaviour for overflow */ ++ lx = (unsigned)lx + X_FRAC_FIRST(1) - pixman_fixed_e; ++ rx = (unsigned)rx + X_FRAC_FIRST(1) - pixman_fixed_e; + #endif + /* clip X */ + if (lx < 0) |