oss-security - Re: [Pixman] create_bits(): Cast the result of height * stride to size

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <56CDF5E0.7080402@oracle.com>
Date: Wed, 24 Feb 2016 10:26:40 -0800
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
CC: "X.Org Security Team" <xorg-security@...ts.x.org>
Subject: Re: [Pixman] create_bits(): Cast the result of height
 * stride to size_t

On 02/24/16 04:10 AM, Gustavo Grieco wrote:
>   Hi,
>
> There is an (old) integer overflow in create_bits in the pixman library.
> Patch and details are available here:
>
> https://web.archive.org/web/20141227044037/http://lists.freedesktop.org/archives/pixman/2014-April/003244.html

The quoted patch was applied to the master branch of the pixman git repo as:

https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3

and to the pixman-0.32 branch as:

https://cgit.freedesktop.org/pixman/commit/?id=50d7b5fa8ea2ae119f35c20ab0dd0413d5103cbb

It is included in pixman 0.32.6 and later releases.

-- 
	-Alan Coopersmith-              alan.coopersmith@...cle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.