isa/mutter
1
0
Fork 0
mirror of https://github.com/brl/mutter.git synced 2024-11-22 16:10:41 -05:00
Code Issues Packages Projects Releases Wiki Activity

window-actor-x11: Check array bounds before accessing array

Browse Source 
scan_visible_region() scans through each value of a uint8_t array and checks
whether that value is 255. Right now it always checks one value too much
though, resulting in a buffer overflow. Fix that by checking the array
bounds before actually accessing the array.

Found by running gnome-shell with address sanitizer and starting
GIMP.

Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2856>
This commit is contained in:
Jonas Dreßler 2023-02-19 12:19:43 +01:00 committed by Marge Bot
parent 679d2fb4e0
commit 7455c293c6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/compositor/meta-window-actor-x11.c
View File

@ -723,7 +723,7 @@ scan_visible_region (guchar *mask_data,
for (x = rect.x; x < (rect.x + rect.width); x++)
{
int x2 = x;
while (mask_data[y * stride + x2] == 255 && x2 < (rect.x + rect.width))
while (x2 < (rect.x + rect.width) && mask_data[y * stride + x2] == 255)
x2++;
if (x2 > x)