[cairo-bugs] [Bug 101547] Heap buffer overflow at cairo-truetype-subset.c:1299, CVE-2017-9814
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon May 7 23:42:01 UTC 2018
https://bugs.freedesktop.org/show_bug.cgi?id=101547
--- Comment #12 from Bryce Harrington <bryce at osg.samsung.com> ---
I've gone ahead and rebased and landed Adrian's patch.
To ssh://git.freedesktop.org/git/cairo
7554822..1998239 master -> master
qzheng's patch demonstrates there are additional malloc()'s worth reviewing as
followup work, esp. in boilerplate. However, the patch includes some
s/malloc/_cairo_malloc/ changes that don't look quite right, such as:
-#include "cairo-malloc-private.h"
+#include "cairo-_cairo_malloc-private.h"
Some of the changes to tests and docs may not strictly be needed. Also, we
have cases of malloc(unsigned + number) which won't ever trigger the malloc(0)
error; should we still change these cases for consistency, or leave them as is?
I'm going to leave this bug open until at least the mallocs in boilerplate/
have been applied.
--
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20180507/d9718824/attachment.html>
More information about the cairo-bugs
mailing list