[Pixman] [PATCH] Fix arithmetic overflow in pointer arithmetic in ‘general_composite_rect’
Ludovic Courtès
ludo at gnu.org
Mon Sep 21 12:34:51 PDT 2015
Siarhei Siamashka <siarhei.siamashka at gmail.com> skribis:
> Sorry, I forgot to mention
> http://cgit.freedesktop.org/pixman/tree/README?id=pixman-0.33.2#n46
>
> We would also need a commit message for the patch. So it normally
> should be created with "git format-patch" command and sent to the
> mailing list using "git send-email".
Right, sorry. In fact I intended this message to be a RFC more than
anything else.
> Basically, I would probably do it in the following way:
Looks better to me, indeed.
> This bug is your find and you should get credit for it :-)
> Please let me know if you:
> 1. are going to send an updated patch yourself.
> 2. want me to do this on your behalf (listing you as the patch author).
> 3. want me to submit a patch myself (listing you as the bug reporter).
I’m happy with #3 or #2 (the former would probably be more fair.)
> Also this is an important bugfix for a non-obvious problem, which can
> be really a PITA to debug. I would nominate it for a pixman-0.32.8
> bugfix release.
Yes, it’s probably a good idea.
It would be interesting to see whether/how the bug could be exploited in
other ways. For instance with, say, width = -20 % 2^32, one could
arrange to overwrite the return address on the stack.
Thanks,
Ludo’.
More information about the Pixman
mailing list