[cairo] [PATCH] src/cairo-surface-observer-private.h :
Ashim
ashim.shah at samsung.com
Wed Jul 8 22:13:30 PDT 2015
"print_array" called with args "p->type" and "pattern_names" where patten_names has length 8.
'for loop' will try accessing 8th element at line 1587
.
But struct Pattern has member 'type' of the length 7.
Hence changed the 'type' array from type[7] to type[8]
This patch will avoid out of bound access
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=91266
Signed-off-by: Ashim <ashim.shah at samsung.com>
---
src/cairo-surface-observer-private.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/cairo-surface-observer-private.h b/src/cairo-surface-observer-private.h
index 70c87db..6ed0c18 100644
--- a/src/cairo-surface-observer-private.h
+++ b/src/cairo-surface-observer-private.h
@@ -62,7 +62,7 @@ struct extents {
};
struct pattern {
- unsigned int type[7]; /* native/record/other surface/gradients */
+ unsigned int type[8]; /* native/record/other surface/gradients */
};
struct path {
--
1.7.9.5
More information about the cairo
mailing list