diff options
| author | Quentin Schulz <quentin.schulz@theobroma-systems.com> | 2022-12-13 16:53:52 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-12-17 23:49:56 +0000 |
| commit | caed08fe897dbda53151a6a7789dc6c38ccb4817 (patch) | |
| tree | 42c107da6a604f72d7510403b1ac096a1a4ae868 /meta/recipes-graphics/cairo | |
| parent | 0d49d05c08b9e527f8cb1a4373786caf31552616 (diff) | |
| download | poky-caed08fe897dbda53151a6a7789dc6c38ccb4817.tar.gz | |
cairo: update patch for CVE-2019-6461 with upstream solution
Upstream went with something slightly different so let's update the
patch so we don't have to carry a patch that isn't going to be merged.
This patch is part of snapshot 1.17.6.
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From OE-Core rev: 19eb1e388fbbe5bfb8462710c745f2bb5446b5b5)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-graphics/cairo')
| -rw-r--r-- | meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch | 35 |
1 files changed, 28 insertions, 7 deletions
diff --git a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch index 5232cf70c6..0b7d9a0c36 100644 --- a/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch +++ b/meta/recipes-graphics/cairo/cairo/CVE-2019-6461.patch | |||
| @@ -1,19 +1,40 @@ | |||
| 1 | There is a potential infinite-loop in function _arc_error_normalized(). | ||
| 2 | |||
| 3 | CVE: CVE-2019-6461 | 1 | CVE: CVE-2019-6461 |
| 4 | Upstream-Status: Pending | 2 | Upstream-Status: Backport |
| 5 | Signed-off-by: Ross Burton <ross.burton@intel.com> | 3 | Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> |
| 4 | |||
| 5 | From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001 | ||
| 6 | From: Heiko Lewin <hlewin@gmx.de> | ||
| 7 | Date: Sun, 1 Aug 2021 11:16:03 +0000 | ||
| 8 | Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop | ||
| 9 | |||
| 10 | --- | ||
| 11 | src/cairo-arc.c | 4 +++- | ||
| 12 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
| 6 | 13 | ||
| 7 | diff --git a/src/cairo-arc.c b/src/cairo-arc.c | 14 | diff --git a/src/cairo-arc.c b/src/cairo-arc.c |
| 8 | index 390397bae..f9249dbeb 100644 | 15 | index 390397bae..1c891d1a0 100644 |
| 9 | --- a/src/cairo-arc.c | 16 | --- a/src/cairo-arc.c |
| 10 | +++ b/src/cairo-arc.c | 17 | +++ b/src/cairo-arc.c |
| 11 | @@ -99,7 +99,7 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) | 18 | @@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) |
| 19 | { M_PI / 11.0, 9.81410988043554039085e-09 }, | ||
| 20 | }; | ||
| 21 | int table_size = ARRAY_LENGTH (table); | ||
| 22 | + const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */ | ||
| 23 | |||
| 24 | for (i = 0; i < table_size; i++) | ||
| 25 | if (table[i].error < tolerance) | ||
| 26 | return table[i].angle; | ||
| 27 | |||
| 28 | ++i; | ||
| 29 | + | ||
| 12 | do { | 30 | do { |
| 13 | angle = M_PI / i++; | 31 | angle = M_PI / i++; |
| 14 | error = _arc_error_normalized (angle); | 32 | error = _arc_error_normalized (angle); |
| 15 | - } while (error > tolerance); | 33 | - } while (error > tolerance); |
| 16 | + } while (error > tolerance && error > __DBL_EPSILON__); | 34 | + } while (error > tolerance && i < max_segments); |
| 17 | 35 | ||
| 18 | return angle; | 36 | return angle; |
| 19 | } | 37 | } |
| 38 | -- | ||
| 39 | 2.38.1 | ||
| 40 | |||