diff options
author | Ross Burton <ross.burton@intel.com> | 2019-03-05 23:38:15 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-03-06 10:39:25 +0000 |
commit | 0e3a1b57fc4a1eba48f52064b4230075e711ec13 (patch) | |
tree | db456ad638e6ebad0ce706cd2d8e5d59ad8e7260 /meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch | |
parent | 7f77f9292930c6b3cc5ae2a67bdb48e53827f2fe (diff) | |
download | poky-0e3a1b57fc4a1eba48f52064b4230075e711ec13.tar.gz |
cairo: fix CVE-2018-19876 CVE-2019-6461 CVE-2019-6462
CVE-2018-19876 is a backport from upstream.
CVE-2019-6461 and CVE-2019-6462 are patches taken from Clear Linux.
(From OE-Core rev: 078e4d5c2114d942806cd0d5ad501805a011e841)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch')
-rw-r--r-- | meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch new file mode 100644 index 0000000000..5232cf70c6 --- /dev/null +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch | |||
@@ -0,0 +1,19 @@ | |||
1 | There is a potential infinite-loop in function _arc_error_normalized(). | ||
2 | |||
3 | CVE: CVE-2019-6461 | ||
4 | Upstream-Status: Pending | ||
5 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
6 | |||
7 | diff --git a/src/cairo-arc.c b/src/cairo-arc.c | ||
8 | index 390397bae..f9249dbeb 100644 | ||
9 | --- a/src/cairo-arc.c | ||
10 | +++ b/src/cairo-arc.c | ||
11 | @@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) | ||
12 | do { | ||
13 | angle = M_PI / i++; | ||
14 | error = _arc_error_normalized (angle); | ||
15 | - } while (error > tolerance); | ||
16 | + } while (error > tolerance && error > __DBL_EPSILON__); | ||
17 | |||
18 | return angle; | ||
19 | } | ||