Date: Wed, 24 Feb 2016 10:26:40 -0800 From: Alan Coopersmith <alan.coopersmith@...cle.com> To: oss-security@...ts.openwall.com CC: "X.Org Security Team" <xorg-security@...ts.x.org> Subject: Re: [Pixman] create_bits(): Cast the result of height * stride to size_t On 02/24/16 04:10 AM, Gustavo Grieco wrote: > Hi, > > There is an (old) integer overflow in create_bits in the pixman library. > Patch and details are available here: > > https://web.archive.org/web/20141227044037/http://lists.freedesktop.org/archives/pixman/2014-April/003244.html The quoted patch was applied to the master branch of the pixman git repo as: https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3 and to the pixman-0.32 branch as: https://cgit.freedesktop.org/pixman/commit/?id=50d7b5fa8ea2ae119f35c20ab0dd0413d5103cbb It is included in pixman 0.32.6 and later releases. -- -Alan Coopersmith- alan.coopersmith@...cle.com Oracle Solaris Engineering - http://blogs.oracle.com/alanc
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ