diff options
Diffstat (limited to 'patches/source/gtk+2/gtk.CVE-2013-7447.diff')
-rw-r--r-- | patches/source/gtk+2/gtk.CVE-2013-7447.diff | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/patches/source/gtk+2/gtk.CVE-2013-7447.diff b/patches/source/gtk+2/gtk.CVE-2013-7447.diff new file mode 100644 index 000000000..5d24a98db --- /dev/null +++ b/patches/source/gtk+2/gtk.CVE-2013-7447.diff @@ -0,0 +1,29 @@ +From 894b1ae76a32720f4bb3d39cf460402e3ce331d6 Mon Sep 17 00:00:00 2001 +From: Matthias Clasen <mclasen@redhat.com> +Date: Sat, 29 Jun 2013 22:06:54 -0400 +Subject: Avoid integer overflow + +Use g_malloc_n in gdk_cairo_set_source_pixbuf when allocating +a large block of memory, to avoid integer overflow. + +Pointed out by Bert Massop in +https://bugzilla.gnome.org/show_bug.cgi?id=703220 +--- + gdk/gdkcairo.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gdk/gdkcairo.c b/gdk/gdkcairo.c +index 19bed04..2e1d8dc 100644 +--- a/gdk/gdkcairo.c ++++ b/gdk/gdkcairo.c +@@ -213,7 +213,7 @@ gdk_cairo_set_source_pixbuf (cairo_t *cr, + format = CAIRO_FORMAT_ARGB32; + + cairo_stride = cairo_format_stride_for_width (format, width); +- cairo_pixels = g_malloc (height * cairo_stride); ++ cairo_pixels = g_malloc_n (height, cairo_stride); + surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels, + format, + width, height, cairo_stride); +-- +cgit v0.12 |