summaryrefslogtreecommitdiffstats
path: root/patches/source/gtk+2/gtk.CVE-2013-7447.diff
diff options
context:
space:
mode:
Diffstat (limited to 'patches/source/gtk+2/gtk.CVE-2013-7447.diff')
-rw-r--r--patches/source/gtk+2/gtk.CVE-2013-7447.diff29
1 files changed, 29 insertions, 0 deletions
diff --git a/patches/source/gtk+2/gtk.CVE-2013-7447.diff b/patches/source/gtk+2/gtk.CVE-2013-7447.diff
new file mode 100644
index 00000000..5d24a98d
--- /dev/null
+++ b/patches/source/gtk+2/gtk.CVE-2013-7447.diff
@@ -0,0 +1,29 @@
+From 894b1ae76a32720f4bb3d39cf460402e3ce331d6 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Sat, 29 Jun 2013 22:06:54 -0400
+Subject: Avoid integer overflow
+
+Use g_malloc_n in gdk_cairo_set_source_pixbuf when allocating
+a large block of memory, to avoid integer overflow.
+
+Pointed out by Bert Massop in
+https://bugzilla.gnome.org/show_bug.cgi?id=703220
+---
+ gdk/gdkcairo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdk/gdkcairo.c b/gdk/gdkcairo.c
+index 19bed04..2e1d8dc 100644
+--- a/gdk/gdkcairo.c
++++ b/gdk/gdkcairo.c
+@@ -213,7 +213,7 @@ gdk_cairo_set_source_pixbuf (cairo_t *cr,
+ format = CAIRO_FORMAT_ARGB32;
+
+ cairo_stride = cairo_format_stride_for_width (format, width);
+- cairo_pixels = g_malloc (height * cairo_stride);
++ cairo_pixels = g_malloc_n (height, cairo_stride);
+ surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
+ format,
+ width, height, cairo_stride);
+--
+cgit v0.12