On 04/06/2016 03:12 AM, Simon Lees wrote: > > On 04/05/2016 06:48 AM, Yuriy M. Kaminskiy wrote: >> As reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639414 >> imlib_image_draw_ellipse(4,4,2,1) triggers divide-by-zero and SIGFPE. >> I verified that bug can be reproduced in the current imlib2. >> Attached patch prevents sigfpe, but probably results in incorrect >> drawing. >> Minor security implications: DoS, if an application draws ellipse using >> coordinates from untrusted input. >> > Hi > > Attached is a better patch, dx / dy are slowly decrementing so cutting > them of at 1 seems reasonable. These variables combined with xx and yy > are only used to work out if x or y has changed since the last iteration > then increment or decrement the other variables and continue the loop. > From looking at the first loop In the case where b == 0, dx and dy will > always be 0 as well in which case the loop won't run due to dy < dx. As > dy is incremented by b*b and dx is decremented by a*a to replicate this > issue a*a*b - a*a == 0, in other words when b == 1. Presuming this is > implementing 1 of 2 common ellipse drawing algorithms we are probably > talking about drawing ellipses that are either 1 or 2 pixels high and > were probably never going to draw that well anyway. > > Cheers > I like this one better too. Pushed.
/Kim ------------------------------------------------------------------------------ _______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
