Commit Graph

5 Commits

Author SHA1 Message Date
José Expósito
b49f14e9cd Backport fix for CVE-2022-44638
pixman < 0.42.2 is affected by an out-of-bounds write error in the
`rasterize_edges_8()` function due to an integer overflow in the
`pixman_sample_floor_y()` function.

For more information please check the upstream bug report [1].

This patch backports commit a1f88e842e02 ("Avoid integer overflow
leading to out-of-bounds write") [2] to fix CVE-2022-44638.

In order to test and validate the fix, a reproducer can be found in the
original bug report [3] and compiled with the following command:

    $ gcc -o poc poc.c -ldl -fsanitize=address \
      $(pkg-config --cflags --libs pixman-1)

[1] https://gitlab.freedesktop.org/pixman/pixman/-/issues/63
[2] a1f88e842e
[3] https://gitlab.freedesktop.org/pixman/pixman/uploads/a55795e36afc03445ed838b0fda786f9/poc.c
Resolves: https://issues.redhat.com/browse/RHEL-11645
2023-10-04 12:55:03 +02:00
Mohan Boddu
950ed82d78 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 23:56:24 +00:00
Mohan Boddu
c9b90f2619 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 03:58:13 +00:00
DistroBaker
98bfd98fa3 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/pixman.git#177d77159a8e5522db1297312e9e52a91ee532e0
2021-02-04 13:50:22 +00:00
Troy Dawson
4f2d773f67 RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/pixman#5282d82f910657b46b7c49550d2cc1b72802031d
2020-10-14 16:03:25 -07:00