blob: 5232cf70c692440bfe6e6dbf1af91db93dbf5671 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
There is a potential infinite-loop in function _arc_error_normalized().
CVE: CVE-2019-6461
Upstream-Status: Pending
Signed-off-by: Ross Burton <ross.burton@intel.com>
diff --git a/src/cairo-arc.c b/src/cairo-arc.c
index 390397bae..f9249dbeb 100644
--- a/src/cairo-arc.c
+++ b/src/cairo-arc.c
@@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
do {
angle = M_PI / i++;
error = _arc_error_normalized (angle);
- } while (error > tolerance);
+ } while (error > tolerance && error > __DBL_EPSILON__);
return angle;
}
|