mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-01-20 08:02:26 +01:00
36 lines
1.4 KiB
Diff
36 lines
1.4 KiB
Diff
Patch-Source: https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2856
|
|
fixes crashes under some conditions, but they didn't put it in 44.0
|
|
--
|
|
From 1c5ebdf9a113da1a0552996a9dd6a34487f363b5 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Jonas=20Dre=C3=9Fler?= <verdre@v0yd.nl>
|
|
Date: Sun, 19 Feb 2023 12:19:43 +0100
|
|
Subject: [PATCH] window-actor-x11: Check array bounds before accessing array
|
|
|
|
scan_visible_region() scans through each value of a uint8_t array and checks
|
|
whether that value is 255. Right now it always checks one value too much
|
|
though, resulting in a buffer overflow. Fix that by checking the array
|
|
bounds before actually accessing the array.
|
|
|
|
Found by running gnome-shell with address sanitizer and starting
|
|
GIMP.
|
|
---
|
|
src/compositor/meta-window-actor-x11.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/compositor/meta-window-actor-x11.c b/src/compositor/meta-window-actor-x11.c
|
|
index 919984054b..3568d1dba2 100644
|
|
--- a/src/compositor/meta-window-actor-x11.c
|
|
+++ b/src/compositor/meta-window-actor-x11.c
|
|
@@ -723,7 +723,7 @@ scan_visible_region (guchar *mask_data,
|
|
for (x = rect.x; x < (rect.x + rect.width); x++)
|
|
{
|
|
int x2 = x;
|
|
- while (mask_data[y * stride + x2] == 255 && x2 < (rect.x + rect.width))
|
|
+ while (x2 < (rect.x + rect.width) && mask_data[y * stride + x2] == 255)
|
|
x2++;
|
|
|
|
if (x2 > x)
|
|
--
|
|
GitLab
|
|
|