[cairo] [PATCH] image: prevent invalid ptr access for > 4GB images

Adrian Johnson ajohnson at redneon.com
Thu Jun 15 12:05:33 UTC 2017


As the maximum image width is 32767 I don't see how this could overflow.

On 10/03/17 02:53, Petr Kobalíček wrote:
> Since `cairo_format_stride_for_width()` has no knowledge about the width
> it cannot return -1 in case that stride * height would overflow. I think
> this must be checked.
> 
> On Thu, Mar 9, 2017 at 12:01 PM, Adrian Johnson <ajohnson at redneon.com
> <mailto:ajohnson at redneon.com>> wrote:
> 
>     I wrote this patch [1] for bug 98165 last year. I found it is also
>     needed to fix a poppler bug [2]. Any objections to pushing it?
> 
>     [1] https://bugs.freedesktop.org/show_bug.cgi?id=98165#c6
>     <https://bugs.freedesktop.org/show_bug.cgi?id=98165#c6>
>     [2] https://bugs.freedesktop.org/show_bug.cgi?id=100056
>     <https://bugs.freedesktop.org/show_bug.cgi?id=100056>
> 
> 
>     --
>     cairo mailing list
>     cairo at cairographics.org <mailto:cairo at cairographics.org>
>     https://lists.cairographics.org/mailman/listinfo/cairo
>     <https://lists.cairographics.org/mailman/listinfo/cairo>
> 
> 
> 
> 



More information about the cairo mailing list