33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
|
From 407c89863d08780861d120f8ccfc8e13582a2fda Mon Sep 17 00:00:00 2001
|
||
|
|
From: Matthias Clasen <mclasen@redhat.com>
|
||
|
|
Date: Sat, 29 Jun 2013 22:06:54 -0400
|
||
|
|
Subject: Avoid integer overflow
|
||
|
|
|
||
|
|
Use g_malloc_n in gdk_cairo_set_source_pixbuf when allocating
|
||
|
|
a large block of memory, to avoid integer overflow.
|
||
|
|
|
||
|
|
Pointed out by Bert Massop in
|
||
|
|
https://bugzilla.gnome.org/show_bug.cgi?id=703220
|
||
|
|
|
||
|
|
(cherry picked from commit 894b1ae76a32720f4bb3d39cf460402e3ce331d6)
|
||
|
|
---
|
||
|
|
gdk/gdkcairo.c | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/gdk/gdkcairo.c b/gdk/gdkcairo.c
|
||
|
|
index a3baa54..3fdb570 100644
|
||
|
|
--- a/gdk/gdkcairo.c
|
||
|
|
+++ b/gdk/gdkcairo.c
|
||
|
|
@@ -211,7 +211,7 @@ gdk_cairo_set_source_pixbuf (cairo_t *cr,
|
||
|
|
format = CAIRO_FORMAT_ARGB32;
|
||
|
|
|
||
|
|
cairo_stride = cairo_format_stride_for_width (format, width);
|
||
|
|
- cairo_pixels = g_malloc (height * cairo_stride);
|
||
|
|
+ cairo_pixels = g_malloc_n (height, cairo_stride);
|
||
|
|
surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
|
||
|
|
format,
|
||
|
|
width, height, cairo_stride);
|
||
|
|
--
|
||
|
|
cgit v0.12
|
||
|
|
|