Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEFBov0z-zr4q=_srb3q7gq1-f1P6GBf78p8GYUj0DvsXVKLTw@mail.gmail.com>
Date: Tue, 29 Sep 2020 08:19:19 +0800
From: Fstark <f734222792@...il.com>
To: oss-security@...ts.openwall.com
Subject: libass ass_outline.c signed integer overflow

In `ass_outline_construct`'s call to `outline_stroke` a signed integer
overflow happens *(undefined behaviour)*. On my machine signed overflow
happens to wrap around to a negative value, thus failing the assert.
https://github.com/libass/libass/issues/431

https://github.com/libass/libass/pull/432

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.