On Fri, Sep 23, 2016 at 12:00:54 +0200, Alessandro Vesely wrote: > Source: pixman > Version: pixman-0.32.6 > Severity: normal > Tags: upstream patch > > Dear Maintainer, > > it is wrong to compute offsets like so: > > int rowstride = something; > char *buffer = base_ptr + y*rowstride + x*4; > > That idiom fails in 64bit architecture where integers are 32 bit. Consider a > not-so-uncommon A0 poster at 600 dpi. It results in a 19860x28080 image. > While width and heights are 16 bit numbers, their product multiplied by a bpp > of 4 results in a negative integer. > > Strides should be type size_t, or, if they can be negative, long integer. > > The patch I attach just avoids crashes in various clients (inkscape, evince). > Package authors may want to carry out a clearer change. > Hi,
thanks for the report and the patch. Would you mind sending it to pix...@lists.freedesktop.org, or reporting to https://bugs.freedesktop.org/enter_bug.cgi?product=pixman ? Thanks, Julien
