[cairo-bugs] [Bug 90120] Image compositor can pass invalid coordinates to pixman_fill()

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Apr 20 16:41:33 PDT 2015


https://bugs.freedesktop.org/show_bug.cgi?id=90120

--- Comment #5 from Federico Mena-Quintero <federico at gnome.org> ---
(In reply to Chris Wilson from comment #4)
> I doubt that you have a (uint32_t)-2 tall surface, so there is a much
> earlier bug where this manages to evade clipping.

I've just made the gnome.org bug visible; it was marked as a security bug, but
it's not easily exploitable.

I'd love to fix the root cause (Cairo not dealing with big coordinates
correctly), but that's a much bigger problem than putting a safety valve. 
Pixman should do it, or at least document the fact that it doesn't.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20150420/b7df9160/attachment-0001.html>


More information about the cairo-bugs mailing list