gnu: pixman: Add fix for CVE-2016-5296.

* gnu/packages/patches/pixman-CVE-2016-5296.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/xdisorg.scm (pixman)[replacement]: New field. (pixman/fixed): New variable.
author: Mark H Weaver <mhw@netris.org> 2016-11-16 02:14:28 -0500
committer: Mark H Weaver <mhw@netris.org> 2016-11-16 13:03:56 -0500
commit: 56ac2bf442c0639f498cdea2db4f3e57cdb49140 (patch)
tree: 1ea1fe05b026b37623c7ac0400c2367c96184411 /gnu/packages/patches
parent: 05ceb8dcaf480a47cddf94ac979070b76df6556c (diff)
download: guix-56ac2bf442c0639f498cdea2db4f3e57cdb49140.tar.gz
1 files changed, 19 insertions, 0 deletions
diff --git a/gnu/packages/patches/pixman-CVE-2016-5296.patch b/gnu/packages/patches/pixman-CVE-2016-5296.patch
new file mode 100644
index 0000000000..21942326ae
--- /dev/null
+++ b/gnu/packages/patches/pixman-CVE-2016-5296.patch
@@ -0,0 +1,19 @@
+Fix CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
+Adapted for upstream pixman based on:
+
+  https://hg.mozilla.org/releases/mozilla-esr45/rev/5e39c1c2fded
+
+--- pixman-0.34.0/pixman/pixman-edge-imp.h.orig	2015-06-30 05:48:31.000000000 -0400
++++ pixman-0.34.0/pixman/pixman-edge-imp.h	2016-11-16 01:09:34.046335106 -0500
+@@ -55,8 +55,9 @@
+ 	 *
+ 	 * (The AA case does a similar  adjustment in RENDER_SAMPLES_X)
+ 	 */
+-	lx += X_FRAC_FIRST(1) - pixman_fixed_e;
+-	rx += X_FRAC_FIRST(1) - pixman_fixed_e;
++	/* we cast to unsigned to get defined behaviour for overflow */
++	lx = (unsigned)lx + X_FRAC_FIRST(1) - pixman_fixed_e;
++	rx = (unsigned)rx + X_FRAC_FIRST(1) - pixman_fixed_e;
+ #endif
+ 	/* clip X */
+ 	if (lx < 0)
author	Mark H Weaver <mhw@netris.org>	2016-11-16 02:14:28 -0500
committer	Mark H Weaver <mhw@netris.org>	2016-11-16 13:03:56 -0500
commit	56ac2bf442c0639f498cdea2db4f3e57cdb49140 (patch)
tree	1ea1fe05b026b37623c7ac0400c2367c96184411 /gnu/packages/patches
parent	05ceb8dcaf480a47cddf94ac979070b76df6556c (diff)
download	guix-56ac2bf442c0639f498cdea2db4f3e57cdb49140.tar.gz