summaryrefslogtreecommitdiffstats
path: root/gfx/cairo/14-image-surface-oob-read.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 00:47:55 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 00:47:55 +0000
commit26a029d407be480d791972afb5975cf62c9360a6 (patch)
treef435a8308119effd964b339f76abb83a57c29483 /gfx/cairo/14-image-surface-oob-read.patch
parentInitial commit. (diff)
downloadfirefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz
firefox-26a029d407be480d791972afb5975cf62c9360a6.zip
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'gfx/cairo/14-image-surface-oob-read.patch')
-rw-r--r--gfx/cairo/14-image-surface-oob-read.patch17
1 files changed, 17 insertions, 0 deletions
diff --git a/gfx/cairo/14-image-surface-oob-read.patch b/gfx/cairo/14-image-surface-oob-read.patch
new file mode 100644
index 0000000000..6aa4c1b678
--- /dev/null
+++ b/gfx/cairo/14-image-surface-oob-read.patch
@@ -0,0 +1,17 @@
+diff --git a/gfx/cairo/cairo/src/cairo-quartz-surface.c b/gfx/cairo/cairo/src/cairo-quartz-surface.c
+--- a/gfx/cairo/cairo/src/cairo-quartz-surface.c
++++ b/gfx/cairo/cairo/src/cairo-quartz-surface.c
+@@ -873,8 +873,12 @@ static cairo_status_t
+ return _cairo_error (CAIRO_STATUS_NO_MEMORY);
+ }
+
++ // The last row of data may have less than stride bytes so make sure we
++ // only copy the minimum amount required from that row.
+ memcpy (image_data, image_surface->data,
+- image_surface->height * image_surface->stride);
++ (image_surface->height - 1) * image_surface->stride +
++ cairo_format_stride_for_width (image_surface->format,
++ image_surface->width));
+ *image_out = CairoQuartzCreateCGImage (image_surface->format,
+ image_surface->width,
+ image_surface->height,