Closed naveen521kk closed 2 years ago
Due to an upstream bug, passing negative values to cairo_pdf_version_to_string can cause out-of-bound memory address access, in some specific cases. Avoid that by checking for negative values, before calling that function.
cairo_pdf_version_to_string
See https://gitlab.freedesktop.org/cairo/cairo/-/issues/590 and https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/358 Fixes the error seen in https://github.com/pygobject/pycairo/pull/243#issuecomment-1153079380
cc @lazka
Due to an upstream bug, passing negative values to
cairo_pdf_version_to_stringcan cause out-of-bound memory address access, in some specific cases. Avoid that by checking for negative values, before calling that function.See https://gitlab.freedesktop.org/cairo/cairo/-/issues/590 and https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/358 Fixes the error seen in https://github.com/pygobject/pycairo/pull/243#issuecomment-1153079380
cc @lazka