aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2015-09-21 16:01:45 +0200
committerLudovic Courtès <ludo@gnu.org>2015-09-21 16:01:45 +0200
commit1def6f6b2c1d2dca6bff27235c15317f229746a9 (patch)
treee11dd8782213953b5c60c044bbee414a659ef81f /gnu/packages/patches
parentf88ee3ade7847cee3c1ace4b516b3e95646d79c3 (diff)
downloadguix-1def6f6b2c1d2dca6bff27235c15317f229746a9.tar.gz
guix-1def6f6b2c1d2dca6bff27235c15317f229746a9.zip
gnu: pixman: Work around pointer arithmetic bug.
* gnu/packages/patches/pixman-pointer-arithmetic.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/xdisorg.scm (pixman)[source]: Use it.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/pixman-pointer-arithmetic.patch15
1 files changed, 15 insertions, 0 deletions
diff --git a/gnu/packages/patches/pixman-pointer-arithmetic.patch b/gnu/packages/patches/pixman-pointer-arithmetic.patch
new file mode 100644
index 0000000000..d34e6632a0
--- /dev/null
+++ b/gnu/packages/patches/pixman-pointer-arithmetic.patch
@@ -0,0 +1,15 @@
+Fix <https://bugs.freedesktop.org/show_bug.cgi?id=92027> whereby
+an arithemitic overflow could occur while doing pointer arithmetic,
+leading pixman to use an invalid address as the destination buffer.
+
+--- pixman-0.32.6/pixman/pixman-general.c 2015-09-21 15:14:34.695981325 +0200
++++ pixman-0.32.6/pixman/pixman-general.c 2015-09-21 15:19:48.898355548 +0200
+@@ -144,8 +144,7 @@ general_composite_rect (pixman_implemen
+ mask_buffer = ALIGN (src_buffer + width * Bpp);
+ dest_buffer = ALIGN (mask_buffer + width * Bpp);
+
+- if (ALIGN (dest_buffer + width * Bpp) >
+- scanline_buffer + sizeof (stack_scanline_buffer))
++ if ((width + 1) * Bpp * 3 > sizeof (stack_scanline_buffer))
+ {
+ scanline_buffer = pixman_malloc_ab_plus_c (width, Bpp * 3, 32 * 3);