We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reported in version: HG 2.1 Reported for operating system, platform: Linux, x86_64
On 2017-10-16 19:32:58 +0000, Felix Geyer wrote:
http://hg.libsdl.org/SDL/rev/7e0f1498ddb5 tries to fix CVE-2017-2888. Unfortunately compilers may optimize the second condition "(size / surface->pitch) != surface->h" away. See https://bugzilla.redhat.com/show_bug.cgi?id=1500623#c2 I've verified that this is also the case on Debian unstable (gcc 7.2).
On 2017-10-16 20:42:47 +0000, Ozkan Sezer wrote:
Naive question: does making size volatile help with it?
On 2017-10-16 21:16:14 +0000, Felix Geyer wrote:
(In reply to Ozkan Sezer from comment # 1) Naive question: does making size volatile help with it? Yes. It's quite a big hammer, but will avoid the unwanted optimization.
(In reply to Ozkan Sezer from comment # 1)
Yes. It's quite a big hammer, but will avoid the unwanted optimization.
On 2017-10-16 21:58:39 +0000, Sam Lantinga wrote:
Fixed, thanks! https://hg.libsdl.org/SDL/rev/81a4950907a0
On 2017-10-16 21:58:58 +0000, Sam Lantinga wrote:
This will be in for 2.0.7 release.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
This bug report was migrated from our old Bugzilla tracker.
Reported in version: HG 2.1
Reported for operating system, platform: Linux, x86_64
Comments on the original bug report:
On 2017-10-16 19:32:58 +0000, Felix Geyer wrote:
On 2017-10-16 20:42:47 +0000, Ozkan Sezer wrote:
On 2017-10-16 21:16:14 +0000, Felix Geyer wrote:
On 2017-10-16 21:58:39 +0000, Sam Lantinga wrote:
On 2017-10-16 21:58:58 +0000, Sam Lantinga wrote:
The text was updated successfully, but these errors were encountered: