From 1def6f6b2c1d2dca6bff27235c15317f229746a9 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 21 Sep 2015 16:01:45 +0200 Subject: gnu: pixman: Work around pointer arithmetic bug. * gnu/packages/patches/pixman-pointer-arithmetic.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/xdisorg.scm (pixman)[source]: Use it. --- gnu-system.am | 1 + gnu/packages/patches/pixman-pointer-arithmetic.patch | 15 +++++++++++++++ gnu/packages/xdisorg.scm | 3 ++- 3 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/pixman-pointer-arithmetic.patch diff --git a/gnu-system.am b/gnu-system.am index 9decf3eaf3..8e50a71bb6 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -586,6 +586,7 @@ dist_patch_DATA = \ gnu/packages/patches/perl-tk-x11-discover.patch \ gnu/packages/patches/pidgin-add-search-path.patch \ gnu/packages/patches/pingus-sdl-libs-config.patch \ + gnu/packages/patches/pixman-pointer-arithmetic.patch \ gnu/packages/patches/plotutils-libpng-jmpbuf.patch \ gnu/packages/patches/polkit-drop-test.patch \ gnu/packages/patches/portaudio-audacity-compat.patch \ diff --git a/gnu/packages/patches/pixman-pointer-arithmetic.patch b/gnu/packages/patches/pixman-pointer-arithmetic.patch new file mode 100644 index 0000000000..d34e6632a0 --- /dev/null +++ b/gnu/packages/patches/pixman-pointer-arithmetic.patch @@ -0,0 +1,15 @@ +Fix whereby +an arithemitic overflow could occur while doing pointer arithmetic, +leading pixman to use an invalid address as the destination buffer. + +--- pixman-0.32.6/pixman/pixman-general.c 2015-09-21 15:14:34.695981325 +0200 ++++ pixman-0.32.6/pixman/pixman-general.c 2015-09-21 15:19:48.898355548 +0200 +@@ -144,8 +144,7 @@ general_composite_rect (pixman_implemen + mask_buffer = ALIGN (src_buffer + width * Bpp); + dest_buffer = ALIGN (mask_buffer + width * Bpp); + +- if (ALIGN (dest_buffer + width * Bpp) > +- scanline_buffer + sizeof (stack_scanline_buffer)) ++ if ((width + 1) * Bpp * 3 > sizeof (stack_scanline_buffer)) + { + scanline_buffer = pixman_malloc_ab_plus_c (width, Bpp * 3, 32 * 3); diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm index 9fd9f4a321..7aa82fe312 100644 --- a/gnu/packages/xdisorg.scm +++ b/gnu/packages/xdisorg.scm @@ -150,7 +150,8 @@ (define-public pixman ".tar.gz")) (sha256 (base32 - "0129g4zdrw5hif5783li7rzcr4vpbc2cfia91azxmsk0h0xx3zix")))) + "0129g4zdrw5hif5783li7rzcr4vpbc2cfia91azxmsk0h0xx3zix")) + (patches (list (search-patch "pixman-pointer-arithmetic.patch"))))) (build-system gnu-build-system) (inputs `(("libpng" ,libpng) -- cgit v1.2.3