diff options
author | Ross Burton <ross@burtonini.com> | 2021-05-10 11:48:38 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-05-11 11:53:23 +0100 |
commit | 0c4e6f99332ae253855708845a41fdfeb72d4c30 (patch) | |
tree | 279b3c896073f30ff05c35be471767d7b9560a45 /meta/recipes-graphics | |
parent | b238db678083cc15313b98d2e33f83cccab03fc6 (diff) | |
download | openembedded-core-contrib-0c4e6f99332ae253855708845a41fdfeb72d4c30.tar.gz |
cairo: backport patch for CVE-2020-35492
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-graphics')
-rw-r--r-- | meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch | 60 | ||||
-rw-r--r-- | meta/recipes-graphics/cairo/cairo_1.16.0.bb | 1 |
2 files changed, 61 insertions, 0 deletions
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch b/meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch new file mode 100644 index 0000000000..fb6ce5cfdf --- /dev/null +++ b/meta/recipes-graphics/cairo/cairo/CVE-2020-35492.patch @@ -0,0 +1,60 @@ +Fix stack buffer overflow. + +CVE: CVE-2020-35492 +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> + +From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001 +From: Heiko Lewin <heiko.lewin@worldiety.de> +Date: Tue, 15 Dec 2020 16:48:19 +0100 +Subject: [PATCH] Fix mask usage in image-compositor + +--- + src/cairo-image-compositor.c | 8 ++-- + test/Makefile.sources | 1 + + test/bug-image-compositor.c | 39 ++++++++++++++++++++ + test/reference/bug-image-compositor.ref.png | Bin 0 -> 185 bytes + 4 files changed, 44 insertions(+), 4 deletions(-) + create mode 100644 test/bug-image-compositor.c + create mode 100644 test/reference/bug-image-compositor.ref.png + +diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c +index 79ad69f68..4f8aaed99 100644 +--- a/src/cairo-image-compositor.c ++++ b/src/cairo-image-compositor.c +@@ -2601,14 +2601,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + unsigned num_spans) + { + cairo_image_span_renderer_t *r = abstract_renderer; +- uint8_t *m; ++ uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask); + int x0; + + if (num_spans == 0) + return CAIRO_STATUS_SUCCESS; + + x0 = spans[0].x; +- m = r->_buf; ++ m = base; + do { + int len = spans[1].x - spans[0].x; + if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) { +@@ -2655,7 +2655,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + spans[0].x, y, + spans[1].x - spans[0].x, h); + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else if (spans[0].coverage == 0x0) { + if (spans[0].x != x0) { +@@ -2684,7 +2684,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h, + #endif + } + +- m = r->_buf; ++ m = base; + x0 = spans[1].x; + } else { + *m++ = spans[0].coverage; +-- diff --git a/meta/recipes-graphics/cairo/cairo_1.16.0.bb b/meta/recipes-graphics/cairo/cairo_1.16.0.bb index 68f993d7ca..9d9fbfbe0d 100644 --- a/meta/recipes-graphics/cairo/cairo_1.16.0.bb +++ b/meta/recipes-graphics/cairo/cairo_1.16.0.bb @@ -27,6 +27,7 @@ SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \ file://CVE-2018-19876.patch \ file://CVE-2019-6461.patch \ file://CVE-2019-6462.patch \ + file://CVE-2020-35492.patch \ " SRC_URI[md5sum] = "f19e0353828269c22bd72e271243a552" |