Closed Bug 550914 Opened 10 years ago Closed 8 years ago

_cairo_xlib_surface_create_solid_pattern_surface compared an array length against a max 16bit number

Categories

(Core :: Graphics, defect)

x86
Linux
defect
Not set

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: timeless, Unassigned)

References

(Blocks 1 open bug, )

Details

(Keywords: coverity)

595 static const int8_t dither_pattern[4][4] = {

1256 _cairo_xlib_surface_create_solid_pattern_surface (void                  *abstract_surface,

1272     int width = ARRAY_LENGTH (dither_pattern[0]);

= 4

1273     int height = ARRAY_LENGTH (dither_pattern);

= 4

1280     if (width > XLIB_COORD_MAX || height > XLIB_COORD_MAX)
1281         return NULL;

This seems incredibly suspicious
Can you explain what is suspicious about this? Width/height would both be 4.
Whiteboard: closeme
ping?
Resolved per whiteboard
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
Whiteboard: closeme
You need to log in before you can comment on or make changes to this bug.