On 04/08/2016 03:56 AM, Kim Woelders wrote: > On 04/06/2016 03:12 AM, Simon Lees wrote: >> >> On 04/05/2016 06:48 AM, Yuriy M. Kaminskiy wrote: >>> As reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639414 >>> imlib_image_draw_ellipse(4,4,2,1) triggers divide-by-zero and SIGFPE. >>> I verified that bug can be reproduced in the current imlib2. >>> Attached patch prevents sigfpe, but probably results in incorrect >>> drawing. >>> Minor security implications: DoS, if an application draws ellipse using >>> coordinates from untrusted input. >>> >> Hi >> >> Attached is a better patch, dx / dy are slowly decrementing so cutting >> them of at 1 seems reasonable. These variables combined with xx and yy >> are only used to work out if x or y has changed since the last iteration >> then increment or decrement the other variables and continue the loop. >> From looking at the first loop In the case where b == 0, dx and dy will >> always be 0 as well in which case the loop won't run due to dy < dx. As >> dy is incremented by b*b and dx is decremented by a*a to replicate this >> issue a*a*b - a*a == 0, in other words when b == 1. Presuming this is >> implementing 1 of 2 common ellipse drawing algorithms we are probably >> talking about drawing ellipses that are either 1 or 2 pixels high and >> were probably never going to draw that well anyway. >> >> Cheers >> > I like this one better too. Pushed. > > /Kim >
As it turns out this issue was found ages ago and has the following CVE: CVE-2011-5326 > > ------------------------------------------------------------------------------ > _______________________________________________ > enlightenment-devel mailing list > enlightenment-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/enlightenment-devel > -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adeliade Australia, UTC+9:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! http://pubads.g.doubleclick.net/ gampad/clk?id=1444514301&iu=/ca-pub-7940484522588532
_______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
