[cairo-bugs] [Bug 89521] segmentation fault during poppler_page_render (crashes inside _fill_xrgb32_lerp_opaque_spans)

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Jul 25 01:35:29 UTC 2016


--- Comment #5 from dmoppert at redhat.com ---
Any news on the reporter's further work?

While reviewing this change for a backport I noticed a couple of other obvious
cases of potentially the same flaw, where (len--) is used to bound a loop and
len is signed int which may go negative.

Attached two patches dealing with these cases.

You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20160725/656567d6/attachment.html>

More information about the cairo-bugs mailing list