[cairo] [PATCH] src/cairo-surface-observer-private.h :
Bryce Harrington
bryce at osg.samsung.com
Thu Jul 9 14:50:28 PDT 2015
On Thu, Jul 09, 2015 at 10:43:30AM +0530, Ashim wrote:
> "print_array" called with args "p->type" and "pattern_names" where patten_names has length 8.
> 'for loop' will try accessing 8th element at line 1587
> .
> But struct Pattern has member 'type' of the length 7.
> Hence changed the 'type' array from type[7] to type[8]
>
> This patch will avoid out of bound access
>
> Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=91266
>
> Signed-off-by: Ashim <ashim.shah at samsung.com>
Good find.
Reviewed-by: Bryce Harrington <bryce at osg.samsung.com>
To ssh://git.cairographics.org/git/cairo
ad45e8f..498fc2f master -> master
> ---
> src/cairo-surface-observer-private.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/cairo-surface-observer-private.h b/src/cairo-surface-observer-private.h
> index 70c87db..6ed0c18 100644
> --- a/src/cairo-surface-observer-private.h
> +++ b/src/cairo-surface-observer-private.h
> @@ -62,7 +62,7 @@ struct extents {
> };
>
> struct pattern {
> - unsigned int type[7]; /* native/record/other surface/gradients */
> + unsigned int type[8]; /* native/record/other surface/gradients */
> };
>
> struct path {
> --
> 1.7.9.5
>
> --
> cairo mailing list
> cairo at cairographics.org
> http://lists.cairographics.org/mailman/listinfo/cairo
More information about the cairo
mailing list