[cairo-bugs] [Bug 89521] segmentation fault during poppler_page_render (crashes inside _fill_xrgb32_lerp_opaque_spans)
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Jul 25 01:35:29 UTC 2016
https://bugs.freedesktop.org/show_bug.cgi?id=89521
--- Comment #5 from dmoppert at redhat.com ---
Any news on the reporter's further work?
While reviewing this change for a backport I noticed a couple of other obvious
cases of potentially the same flaw, where (len--) is used to bound a loop and
len is signed int which may go negative.
Attached two patches dealing with these cases.
--
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20160725/656567d6/attachment.html>
More information about the cairo-bugs
mailing list