summaryrefslogtreecommitdiffstats
path: root/patches/source/gtk+2/gtk.CVE-2013-7447.diff
blob: 5d24a98db68c9836168064204c3bb25e15e47f24 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
From 894b1ae76a32720f4bb3d39cf460402e3ce331d6 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Sat, 29 Jun 2013 22:06:54 -0400
Subject: Avoid integer overflow

Use g_malloc_n in gdk_cairo_set_source_pixbuf when allocating
a large block of memory, to avoid integer overflow.

Pointed out by Bert Massop in
https://bugzilla.gnome.org/show_bug.cgi?id=703220
---
 gdk/gdkcairo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gdk/gdkcairo.c b/gdk/gdkcairo.c
index 19bed04..2e1d8dc 100644
--- a/gdk/gdkcairo.c
+++ b/gdk/gdkcairo.c
@@ -213,7 +213,7 @@ gdk_cairo_set_source_pixbuf (cairo_t         *cr,
     format = CAIRO_FORMAT_ARGB32;

   cairo_stride = cairo_format_stride_for_width (format, width);
-  cairo_pixels = g_malloc (height * cairo_stride);
+  cairo_pixels = g_malloc_n (height, cairo_stride);
   surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
                                                  format,
                                                  width, height, cairo_stride);
--
cgit v0.12