[cairo] [PATCH] stroker: Check for scaling overflow in computing half line widths
Miguel Gomez
magomez at igalia.com
Mon Apr 3 13:01:24 UTC 2017
Hi!
> Given a combination of a large scaling matrix and a large line, we
> can
> easily generate a half line width that is unrepresentable in our 24.8
> fixed-point. This leads to spurious errors later, such as generating
> negative height boxes, and so asking pixman to fill to infinity. To
> avoid this, we can check for overflow in calculating the half line
> with,
> though we still lack adequate range checking on the final stroke
> path.
Any news about this? Is there anything we can do to help? This is
causing a pretty serious security bug in Webkit that we would like to
fix.
Thanks for your help!! :)
--
Miguel Gomez
Igalia - www.igalia.com
More information about the cairo
mailing list