Fix CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
Adapted for upstream pixman based on:

  https://hg.mozilla.org/releases/mozilla-esr45/rev/5e39c1c2fded

--- pixman-0.34.0/pixman/pixman-edge-imp.h.orig	2015-06-30 05:48:31.000000000 -0400
+++ pixman-0.34.0/pixman/pixman-edge-imp.h	2016-11-16 01:09:34.046335106 -0500
@@ -55,8 +55,9 @@
 	 *
 	 * (The AA case does a similar  adjustment in RENDER_SAMPLES_X)
 	 */
-	lx += X_FRAC_FIRST(1) - pixman_fixed_e;
-	rx += X_FRAC_FIRST(1) - pixman_fixed_e;
+	/* we cast to unsigned to get defined behaviour for overflow */
+	lx = (unsigned)lx + X_FRAC_FIRST(1) - pixman_fixed_e;
+	rx = (unsigned)rx + X_FRAC_FIRST(1) - pixman_fixed_e;
 #endif
 	/* clip X */
 	if (lx < 0)
option value='koszko' selected='selected'>koszko</option>
<option value='koszko-scripts'>koszko-scripts</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=ebfe259f6682b43d7f0d3b57b525e25f97410052'>refs</a><a href='/guix/log/'>log</a><a href='/guix/tree/?id=ebfe259f6682b43d7f0d3b57b525e25f97410052'>tree</a><a class='active' href='/guix/commit/?id=ebfe259f6682b43d7f0d3b57b525e25f97410052'>commit</a><a href='/guix/diff/?id=ebfe259f6682b43d7f0d3b57b525e25f97410052'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/'>
<input type='hidden' name='id' value='ebfe259f6682b43d7f0d3b57b525e25f97410052'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='content'><div class='cgit-panel'><b>diff options</b><form method='get'><input type='hidden' name='id' value='ebfe259f6682b43d7f0d3b57b525e25f97410052'/><table><tr><td colspan='2'/></tr><tr><td class='label'>context:</td><td class='ctrl'><select name='context' onchange='this.form.submit();'><option value='1'>1</option><option value='2'>2</option><option value='3' selected='selected'>3</option><option value='4'>4</option><option value='5'>5</option><option value='6'>6</option><option value='7'>7</option><option value='8'>8</option><option value='9'>9</option><option value='10'>10</option><option value='15'>15</option><option value='20'>20</option><option value='25'>25</option><option value='30'>30</option><option value='35'>35</option><option value='40'>40</option></select></td></tr><tr><td class='label'>space:</td><td class='ctrl'><select name='ignorews' onchange='this.form.submit();'><option value='0' selected='selected'>include</option><option value='1'>ignore</option></select></td></tr><tr><td class='label'>mode:</td><td class='ctrl'><select name='dt' onchange='this.form.submit();'><option value='0' selected='selected'>unified</option><option value='1'>ssdiff</option><option value='2'>stat only</option></select></td></tr><tr><td/><td class='ctrl'><noscript><input type='submit' value='reload'/></noscript></td></tr></table></form></div><table summary='commit info' class='commit-info'>
<tr><th>author</th><td>Marius Bakke &lt;mbakke@fastmail.com&gt;</td><td class='right'>2019-03-14 15:06:06 +0100</td></tr>
<tr><th>committer</th><td>Marius Bakke &lt;mbakke@fastmail.com&gt;</td><td class='right'>2019-03-14 15:06:06 +0100</td></tr>
<tr><th>commit</th><td colspan='2' class='oid'><a href='/guix/commit/?id=ebfe259f6682b43d7f0d3b57b525e25f97410052'>ebfe259f6682b43d7f0d3b57b525e25f97410052</a> (<a href='/guix/patch/?id=ebfe259f6682b43d7f0d3b57b525e25f97410052'>patch</a>)</td></tr>
<tr><th>tree</th><td colspan='2' class='oid'><a href='/guix/tree/?id=ebfe259f6682b43d7f0d3b57b525e25f97410052'>e3f09eb6159168e1736f8a629286eb3d148917a9</a></td></tr>
<tr><th>parent</th><td colspan='2' class='oid'><a href='/guix/commit/?id=47b3eed821cf86c350dc4b0fdbe75647cdc275b0'>47b3eed821cf86c350dc4b0fdbe75647cdc275b0</a> (<a href='/guix/diff/?id=ebfe259f6682b43d7f0d3b57b525e25f97410052&amp;id2=47b3eed821cf86c350dc4b0fdbe75647cdc275b0'>diff</a>)</td></tr><tr><th>parent</th><td colspan='2' class='oid'><a href='/guix/commit/?id=8cc3983a4d02a15ad4a863671c1a5a8b2b542625'>8cc3983a4d02a15ad4a863671c1a5a8b2b542625</a> (<a href='/guix/diff/?id=ebfe259f6682b43d7f0d3b57b525e25f97410052&amp;id2=8cc3983a4d02a15ad4a863671c1a5a8b2b542625'>diff</a>)</td></tr><tr><th>download</th><td colspan='2' class='oid'><a href='/guix/snapshot/guix-ebfe259f6682b43d7f0d3b57b525e25f97410052.tar.gz'>guix-ebfe259f6682b43d7f0d3b57b525e25f97410052.tar.gz</a><br/><a href='/guix/snapshot/guix-ebfe259f6682b43d7f0d3b57b525e25f97410052.zip'>guix-ebfe259f6682b43d7f0d3b57b525e25f97410052.zip</a><br/></td></tr></table>
<div class='commit-subject'>Merge branch 'master' into staging</div><div class='commit-msg'></div><div class='diffstat-header'><a href='/guix/diff/?id=ebfe259f6682b43d7f0d3b57b525e25f97410052'>Diffstat</a></div><table summary='diffstat' class='diffstat'>
author	Marius Bakke <mbakke@fastmail.com>	2019-03-14 15:06:06 +0100
committer	Marius Bakke <mbakke@fastmail.com>	2019-03-14 15:06:06 +0100
commit	ebfe259f6682b43d7f0d3b57b525e25f97410052 (patch)
tree	e3f09eb6159168e1736f8a629286eb3d148917a9
parent	47b3eed821cf86c350dc4b0fdbe75647cdc275b0 (diff)
parent	8cc3983a4d02a15ad4a863671c1a5a8b2b542625 (diff)
download	guix-ebfe259f6682b43d7f0d3b57b525e25f97410052.tar.gz guix-ebfe259f6682b43d7f0d3b57b525e25f97410052.zip