_cairo_xlib_surface_create_solid_pattern_surface compared an array length against a max 16bit number

RESOLVED INCOMPLETE

Status

()

RESOLVED INCOMPLETE
9 years ago
5 months ago

People

(Reporter: timeless, Unassigned)

Tracking

(Blocks: 1 bug, {coverity})

Trunk
x86
Linux
coverity
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

9 years ago
595 static const int8_t dither_pattern[4][4] = {

1256 _cairo_xlib_surface_create_solid_pattern_surface (void                  *abstract_surface,

1272     int width = ARRAY_LENGTH (dither_pattern[0]);

= 4

1273     int height = ARRAY_LENGTH (dither_pattern);

= 4

1280     if (width > XLIB_COORD_MAX || height > XLIB_COORD_MAX)
1281         return NULL;

This seems incredibly suspicious
Can you explain what is suspicious about this? Width/height would both be 4.
Whiteboard: closeme
ping?

Comment 3

7 years ago
Resolved per whiteboard
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → INCOMPLETE
Whiteboard: closeme
You need to log in before you can comment on or make changes to this bug.