z2d Graphics Library Out-of-Bounds Access Vulnerability in Multi-Sample Anti-Aliasing

A vulnerability in the z2d graphics library version 0.7.0 allows for out-of-bounds access in the coverage buffer when using the new multi-sample anti-aliasing (MSAA) method. This issue arises under certain conditions where the drawn path partially or completely extends beyond the rendering surface, leading to incorrect bounding and potential invalid memory access or corruption, especially in non-safe optimization modes. The vulnerability affects higher-level drawing operations such as Context.fill, Context.stroke, painter.fill, and painter.stroke, when the .default or .multisample_4x anti-aliasing modes are applied. The problem has been addressed in z2d version 0.7.1, and users are advised to upgrade immediately.

Impact

The vulnerability could lead to invalid memory accesses or corruption, particularly for users compiling with ReleaseFast or ReleaseSmall optimization modes.

Reproduction

The vulnerability can be reproduced by using z2d version 0.7.0 and applying the multi-sample anti-aliasing mode to drawing operations that extend beyond the bounds of the rendering surface. This can be done by creating paths that overlap the edges or corners of the drawing area, which will result in out-of-bounds access in the coverage buffer.

Remediation

Users are recommended to upgrade to z2d version 0.7.1, which addresses this vulnerability.