[webkit-dev] Minor sdl_gfx flaw that may affect security of some WebKit distributions...

Paul Pedriana ppedriana at gmail.com
Tue Sep 30 00:58:51 PDT 2008

(Please feel free to correct me if there is a better place to report 
things like this)

I was examining code for WebKit using sdl+sdl_gfx for its graphics and 
noticed a minor flaw which has been confirmed by the sdl_gfx maintainer 
and is present in sdl_gfx through v2.0.17. It results in application 
stack data being written to transparent pixels of alpha blended images. 
In theory this can result in private stack data being present in 
graphics generated by the application and readable externally. The 
significance of this depends on what is specifically done with those 
graphics, but I'm going to guess is minor in most cases.

The specific error is that the _putPixelAlpha and _filledRectAlpha 
functions declare R, G, B variables on the stack without initializing them:

    Uint32 R, G, B, A = 0;

The fix is to simply do the following or some equivalent:

    Uint32 R = 0, G = 0, B = 0, A = 0;

This does not affect the sge package (a sibling of sdl_gfx which 
provides similar functionality).


More information about the webkit-dev mailing list