mirrors/foot
1
0
Fork 0
mirror of https://codeberg.org/dnkl/foot.git synced 2026-05-30 21:38:03 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

csi: DECCRA: clamp and verify destination rectangle coordinates

Browse source 
dst_right was already being clamped, but not dst_left.

In addition to that, reject the sequence if dst_left > dst_right, or
dst_bottom > dst_top.

This is already being done for the source rectangle, in
params_to_rectangular_area().

Closes #2352
This commit is contained in:
Daniel Eklöf 2026-05-22 11:39:04 +02:00
parent 2eaa7beba1
commit b18d8aa2f1
No known key found for this signature in database
GPG key ID: 5BBD4992C116573F
2 changed files with 17 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -79,8 +79,11 @@
* Out-of-bounds read when parsing URIs with malformed %-encoded
content ([#2353][2353]).
* DECCRA not clamping or verifying the destination rectangle
([#2352][2352]).
[2353]: https://codeberg.org/dnkl/foot/issues/2353
[2352]: https://codeberg.org/dnkl/foot/issues/2352
### Security