'Re: [oss-security] [Pixman] create_bits(): Cast the result of height * stride to size_t'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] [Pixman] create_bits(): Cast the result of height * stride to size_t
From:       Alan Coopersmith <alan.coopersmith () oracle ! com>
Date:       2016-02-24 18:26:40
Message-ID: 56CDF5E0.7080402 () oracle ! com
[Download RAW message or body]

On 02/24/16 04:10 AM, Gustavo Grieco wrote:
>   Hi,
>
> There is an (old) integer overflow in create_bits in the pixman library.
> Patch and details are available here:
>
> https://web.archive.org/web/20141227044037/http://lists.freedesktop.org/archives/pixman/2014-April/003244.html

The quoted patch was applied to the master branch of the pixman git repo as:

https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3

and to the pixman-0.32 branch as:

https://cgit.freedesktop.org/pixman/commit/?id=50d7b5fa8ea2ae119f35c20ab0dd0413d5103cbb

It is included in pixman 0.32.6 and later releases.

-- 
	-Alan Coopersmith-              alan.coopersmith@oracle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic