From 60be33475c84d4e594b6765663f8354c54fc5fd6 Mon Sep 17 00:00:00 2001
From: Sheila Aman <sheila@vulpine.house>
Date: Thu, 22 Jul 2021 18:05:10 +0000
Subject: user/cairo: relbump for CVEs 2019-6462 and 2020-35492

---
 user/cairo/CVE-2019-6462.patch | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 user/cairo/CVE-2019-6462.patch

(limited to 'user/cairo/CVE-2019-6462.patch')

diff --git a/user/cairo/CVE-2019-6462.patch b/user/cairo/CVE-2019-6462.patch
new file mode 100644
index 000000000..2a26876c3
--- /dev/null
+++ b/user/cairo/CVE-2019-6462.patch
@@ -0,0 +1,36 @@
+From bbeaf08190d3006a80b80a77724801cd477a37b8 Mon Sep 17 00:00:00 2001
+From: Heiko Lewin <hlewin@worldiety.de>
+Date: Sat, 17 Apr 2021 19:15:03 +0200
+Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop
+
+---
+ src/cairo-arc.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/cairo-arc.c b/src/cairo-arc.c
+index 390397bae..1c891d1a0 100644
+--- a/src/cairo-arc.c
++++ b/src/cairo-arc.c
+@@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance)
+ 	{ M_PI / 11.0,  9.81410988043554039085e-09 },
+     };
+     int table_size = ARRAY_LENGTH (table);
++    const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */
+ 
+     for (i = 0; i < table_size; i++)
+ 	if (table[i].error < tolerance)
+ 	    return table[i].angle;
+ 
+     ++i;
++
+     do {
+ 	angle = M_PI / i++;
+ 	error = _arc_error_normalized (angle);
+-    } while (error > tolerance);
++    } while (error > tolerance && i < max_segments);
+ 
+     return angle;
+ }
+-- 
+GitLab
+
-- 
cgit v1.2.3-70-g09d2