user/cairo: relbump for CVEs 2019-6462 and 2020-35492

author: Sheila Aman <sheila@vulpine.house> 2021-07-22 18:05:10 +0000
committer: Sheila Aman <sheila@vulpine.house> 2021-07-22 18:14:25 +0000
commit: 60be33475c84d4e594b6765663f8354c54fc5fd6 (patch)
tree: 985357ce85be3f1277178c1ce4e8e4ad2eb5c3ea /user/cairo/CVE-2020-35492.patch
parent: 1e3d2f602c8d5a3b9a5c1b450876bba622f88f2a (diff)
download: packages-60be33475c84d4e594b6765663f8354c54fc5fd6.tar.gz
packages-60be33475c84d4e594b6765663f8354c54fc5fd6.tar.bz2
packages-60be33475c84d4e594b6765663f8354c54fc5fd6.tar.xz
packages-60be33475c84d4e594b6765663f8354c54fc5fd6.zip
1 files changed, 54 insertions, 0 deletions
diff --git a/user/cairo/CVE-2020-35492.patch b/user/cairo/CVE-2020-35492.patch
new file mode 100644
index 000000000..d7369b3d6
--- /dev/null
+++ b/user/cairo/CVE-2020-35492.patch
@@ -0,0 +1,54 @@
+From 03a820b173ed1fdef6ff14b4468f5dbc02ff59be Mon Sep 17 00:00:00 2001
+From: Heiko Lewin <heiko.lewin@worldiety.de>
+Date: Tue, 15 Dec 2020 16:48:19 +0100
+Subject: [PATCH] Fix mask usage in image-compositor
+
+---
+ src/cairo-image-compositor.c                |   8 ++--
+ test/Makefile.sources                       |   1 +
+ test/bug-image-compositor.c                 |  39 ++++++++++++++++++++
+ test/reference/bug-image-compositor.ref.png | Bin 0 -> 185 bytes
+ 4 files changed, 44 insertions(+), 4 deletions(-)
+ create mode 100644 test/bug-image-compositor.c
+ create mode 100644 test/reference/bug-image-compositor.ref.png
+
+diff --git a/src/cairo-image-compositor.c b/src/cairo-image-compositor.c
+index 79ad69f68..4f8aaed99 100644
+--- a/src/cairo-image-compositor.c
++++ b/src/cairo-image-compositor.c
+@@ -2610,14 +2610,14 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ 		    unsigned num_spans)
+ {
+     cairo_image_span_renderer_t *r = abstract_renderer;
+-    uint8_t *m;
++    uint8_t *m, *base = (uint8_t*)pixman_image_get_data(r->mask);
+     int x0;
+ 
+     if (num_spans == 0)
+ 	return CAIRO_STATUS_SUCCESS;
+ 
+     x0 = spans[0].x;
+-    m = r->_buf;
++    m = base;
+     do {
+ 	int len = spans[1].x - spans[0].x;
+ 	if (len >= r->u.composite.run_length && spans[0].coverage == 0xff) {
+@@ -2655,7 +2655,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ 				      spans[0].x, y,
+ 				      spans[1].x - spans[0].x, h);
+ 
+-	    m = r->_buf;
++	    m = base;
+ 	    x0 = spans[1].x;
+ 	} else if (spans[0].coverage == 0x0) {
+ 	    if (spans[0].x != x0) {
+@@ -2684,7 +2684,7 @@ _inplace_src_spans (void *abstract_renderer, int y, int h,
+ #endif
+ 	    }
+ 
+-	    m = r->_buf;
++	    m = base;
+ 	    x0 = spans[1].x;
+ 	} else {
+ 	    *m++ = spans[0].coverage;
+
author	Sheila Aman <sheila@vulpine.house>	2021-07-22 18:05:10 +0000
committer	Sheila Aman <sheila@vulpine.house>	2021-07-22 18:14:25 +0000
commit	60be33475c84d4e594b6765663f8354c54fc5fd6 (patch)
tree	985357ce85be3f1277178c1ce4e8e4ad2eb5c3ea /user/cairo/CVE-2020-35492.patch
parent	1e3d2f602c8d5a3b9a5c1b450876bba622f88f2a (diff)
download	packages-60be33475c84d4e594b6765663f8354c54fc5fd6.tar.gz packages-60be33475c84d4e594b6765663f8354c54fc5fd6.tar.bz2 packages-60be33475c84d4e594b6765663f8354c54fc5fd6.tar.xz packages-60be33475c84d4e594b6765663f8354c54fc5fd6.zip