[webkit-dev] Minor sdl_gfx flaw that may affect security of some WebKit distributions...
ppedriana at gmail.com
Tue Sep 30 00:58:51 PDT 2008
(Please feel free to correct me if there is a better place to report
things like this)
I was examining code for WebKit using sdl+sdl_gfx for its graphics and
noticed a minor flaw which has been confirmed by the sdl_gfx maintainer
and is present in sdl_gfx through v2.0.17. It results in application
stack data being written to transparent pixels of alpha blended images.
In theory this can result in private stack data being present in
graphics generated by the application and readable externally. The
significance of this depends on what is specifically done with those
graphics, but I'm going to guess is minor in most cases.
The specific error is that the _putPixelAlpha and _filledRectAlpha
functions declare R, G, B variables on the stack without initializing them:
Uint32 R, G, B, A = 0;
The fix is to simply do the following or some equivalent:
Uint32 R = 0, G = 0, B = 0, A = 0;
This does not affect the sge package (a sibling of sdl_gfx which
provides similar functionality).
More information about the webkit-dev