On 2026/03/11 6:26, Marc-André Lureau wrote:
The calc_image_hostmem() comment says pixman_image_create_bits() checks for
overflow. However, this relied on the facts that "bits" was NULL and it
performed it when it was introduced. Since commit 9462ff4695aa, the "bits"
argument can be provided and the check is no longer applied. This can lead to
OOB access.
Thanks Trend Micro's Zero Day Initiative for identifying the vulnerability.
Signed-off-by: Marc-André Lureau <[email protected]>
For the whole series,
Reviewed-by: Akihiko Odaki <[email protected]>
