Closed
Bug 1347261
Opened 7 years ago
Closed 7 years ago
Potential Skia overflow due to round_asymmetric_to_int bug
Categories
(Core :: Graphics, defect, P1)
Tracking
()
RESOLVED
DUPLICATE
of bug 1347262
| Tracking | Status | |
|---|---|---|
| firefox-esr45 | --- | unaffected |
| firefox52 | --- | wontfix |
| firefox-esr52 | --- | fixed |
| firefox53 | --- | fixed |
| firefox54 | --- | fixed |
People
(Reporter: lsalzman, Assigned: lsalzman)
References
Details
(Keywords: crash, csectype-bounds, sec-moderate, Whiteboard: [gfx-noted])
Attachments
(1 file)
|
7 years ago
5.17 KB,
patch
|
Details | Diff | Splinter Review |
Upstream Skia security bug (https://bugs.chromium.org/p/skia/issues/detail?id=6294) details a variant of bug 1330166 that was not handled by that fix. All relevant security details of this bug should basically be the same as in bug 133016, just that this is a new way to trigger it. I've fixed up that case now with this patch that ensures the rounding is properly biased for all sides of the bounds rect. This patch was submitted upstream here: https://skia-review.googlesource.com/c/9700/
|
Assignee | |
Updated•7 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
|
||
Updated•5 years ago
|
|
||
Updated•4 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•