[Pixman] [PATCH] Fix arithmetic overflow in pointer arithmetic in ‘general_composite_rect’

Ludovic Courtès ludo at gnu.org
Mon Sep 21 08:10:36 PDT 2015


The patch below intends to fix an arithmetic overflow occurring in a
pointer arithmetic context in ‘general_composite_rect’, as explained at:


The bug can most likely lead to a crash.

In a preliminary review, Siarhei Siamashka notes that ‘width + 1’ is
insufficient to take 16-byte alignment constraints into account.
Indeed, AFAICS, it is sufficient when Bpp == 16 but probably not when
Bpp == 4.

Siarhei also suggests that more rewriting in needed in that part of the
code, but I’ll leave that to you.  ;-)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: pixman-pointer-arithmetic.patch
Type: text/x-patch
Size: 771 bytes
Desc: the patch
URL: <http://lists.freedesktop.org/archives/pixman/attachments/20150921/90113e69/attachment.bin>

More information about the Pixman mailing list