Commit Graph

1 Commits

Author SHA1 Message Date
José Expósito
b49f14e9cd Backport fix for CVE-2022-44638
pixman < 0.42.2 is affected by an out-of-bounds write error in the
`rasterize_edges_8()` function due to an integer overflow in the
`pixman_sample_floor_y()` function.

For more information please check the upstream bug report [1].

This patch backports commit a1f88e842e02 ("Avoid integer overflow
leading to out-of-bounds write") [2] to fix CVE-2022-44638.

In order to test and validate the fix, a reproducer can be found in the
original bug report [3] and compiled with the following command:

    $ gcc -o poc poc.c -ldl -fsanitize=address \
      $(pkg-config --cflags --libs pixman-1)

[1] https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
[2] a1f88e842e
[3] https://gitlab.freedesktop.org/pixman/pixman/uploads/a55795e36afc03445ed838b0fda786f9/poc.c
Resolves: https://issues.redhat.com/browse/RHEL-11645
2023-10-04 12:55:03 +02:00