| CVE: CVE-2019-6462 |
| Upstream-Status: Backport |
| Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com> |
| |
| From ab2c5ee21e5f3d3ee4b3f67cfcd5811a4f99c3a0 Mon Sep 17 00:00:00 2001 |
| From: Heiko Lewin <hlewin@gmx.de> |
| Date: Sun, 1 Aug 2021 11:16:03 +0000 |
| Subject: [PATCH] _arc_max_angle_for_tolerance_normalized: fix infinite loop |
| |
| --- |
| src/cairo-arc.c | 4 +++- |
| 1 file changed, 3 insertions(+), 1 deletion(-) |
| |
| diff --git a/src/cairo-arc.c b/src/cairo-arc.c |
| index 390397bae..1c891d1a0 100644 |
| --- a/src/cairo-arc.c |
| +++ b/src/cairo-arc.c |
| @@ -90,16 +90,18 @@ _arc_max_angle_for_tolerance_normalized (double tolerance) |
| { M_PI / 11.0, 9.81410988043554039085e-09 }, |
| }; |
| int table_size = ARRAY_LENGTH (table); |
| + const int max_segments = 1000; /* this value is chosen arbitrarily. this gives an error of about 1.74909e-20 */ |
| |
| for (i = 0; i < table_size; i++) |
| if (table[i].error < tolerance) |
| return table[i].angle; |
| |
| ++i; |
| + |
| do { |
| angle = M_PI / i++; |
| error = _arc_error_normalized (angle); |
| - } while (error > tolerance); |
| + } while (error > tolerance && i < max_segments); |
| |
| return angle; |
| } |
| -- |
| 2.38.1 |
| |