From 36d22d82aa202bb199967e9512281e9a53db42c9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 21:33:14 +0200 Subject: Adding upstream version 115.7.0esr. Signed-off-by: Daniel Baumann --- gfx/cairo/14-image-surface-oob-read.patch | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 gfx/cairo/14-image-surface-oob-read.patch (limited to 'gfx/cairo/14-image-surface-oob-read.patch') diff --git a/gfx/cairo/14-image-surface-oob-read.patch b/gfx/cairo/14-image-surface-oob-read.patch new file mode 100644 index 0000000000..6aa4c1b678 --- /dev/null +++ b/gfx/cairo/14-image-surface-oob-read.patch @@ -0,0 +1,17 @@ +diff --git a/gfx/cairo/cairo/src/cairo-quartz-surface.c b/gfx/cairo/cairo/src/cairo-quartz-surface.c +--- a/gfx/cairo/cairo/src/cairo-quartz-surface.c ++++ b/gfx/cairo/cairo/src/cairo-quartz-surface.c +@@ -873,8 +873,12 @@ static cairo_status_t + return _cairo_error (CAIRO_STATUS_NO_MEMORY); + } + ++ // The last row of data may have less than stride bytes so make sure we ++ // only copy the minimum amount required from that row. + memcpy (image_data, image_surface->data, +- image_surface->height * image_surface->stride); ++ (image_surface->height - 1) * image_surface->stride + ++ cairo_format_stride_for_width (image_surface->format, ++ image_surface->width)); + *image_out = CairoQuartzCreateCGImage (image_surface->format, + image_surface->width, + image_surface->height, -- cgit v1.2.3