Bug#886721: [SECURITY] [DLA 1234-1] gdk-pixbuf security update
On Tue, 09 Jan 2018 at 11:07:49 +, Chris Lamb wrote: > Hi Emilio, > > > If you don't have the time now I can take a look at this later today. > > Please, although it's more that my IEEE 754 is pretty rusty… :) It looks like GNOME cgit's line-number marking and browser scrolling behaviour interacts poorly with the fixed top navigation bar. Please scoll up to line 434, which is just above the IEEE 754 stuff. Knowing the finer details of IEEE 754 floating point isn't going to help you to avoid integer multiplication overflows, but the code in GLib just above it can :-) smcv
Bug#886721: [SECURITY] [DLA 1234-1] gdk-pixbuf security update
Hi Emilio, > If you don't have the time now I can take a look at this later today. Please, although it's more that my IEEE 754 is pretty rusty… :) Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-
Bug#886721: [SECURITY] [DLA 1234-1] gdk-pixbuf security update
On 09/01/18 11:50, Chris Lamb wrote: > [adding 886721 to CC] > > Hi Emilio, > >> g_uint64_checked_mul was introduced in glib 2.48, but wheezy has 2.32 > > JFTR that is here: > > > https://developer.gnome.org/glib/stable/glib-Bounds-checked-integer-arithmetic.html#g-uint64-checked-mul > >> The patch should be updated to do a manual overflow check. > > Indeed. Does anyone have one handy? You can do what glib does: https://git.gnome.org/browse/glib/tree/glib/gtypes.h#n434 If you don't have the time now I can take a look at this later today. Cheers, Emilio