diff options
Diffstat (limited to 'x11-libs/gdk-pixbuf/files')
-rw-r--r-- | x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch | 28 | ||||
-rw-r--r-- | x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch | 85 |
2 files changed, 113 insertions, 0 deletions
diff --git a/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch new file mode 100644 index 000000000000..7881e6580aca --- /dev/null +++ b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch @@ -0,0 +1,28 @@ +From 74c418ba2e41ab9e2287420378a6192788b1fab6 Mon Sep 17 00:00:00 2001 +From: Sarita Rawat <sarita.rawat@samsung.com> +Date: Fri, 5 Jun 2015 06:56:00 +0000 +Subject: [PATCH] Avoid a possible divide-by-zero + +Pointed out in + +https://bugzilla.gnome.org/show_bug.cgi?id=750440 +--- + gdk-pixbuf/gdk-pixbuf-loader.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gdk-pixbuf/gdk-pixbuf-loader.c b/gdk-pixbuf/gdk-pixbuf-loader.c +index 65845ed..668b703 100644 +--- a/gdk-pixbuf/gdk-pixbuf-loader.c ++++ b/gdk-pixbuf/gdk-pixbuf-loader.c +@@ -330,7 +330,7 @@ gdk_pixbuf_loader_prepare (GdkPixbuf *pixbuf, + else + anim = gdk_pixbuf_non_anim_new (pixbuf); + +- if (priv->needs_scale) { ++ if (priv->needs_scale && width != 0 && height != 0) { + priv->animation = GDK_PIXBUF_ANIMATION (_gdk_pixbuf_scaled_anim_new (anim, + (double) priv->width / width, + (double) priv->height / height, +-- +2.5.0 + diff --git a/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch new file mode 100644 index 000000000000..22a3c25508ce --- /dev/null +++ b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch @@ -0,0 +1,85 @@ +From ffec86ed5010c5a2be14f47b33bcf4ed3169a199 Mon Sep 17 00:00:00 2001 +From: Matthias Clasen <mclasen@redhat.com> +Date: Mon, 13 Jul 2015 00:33:40 -0400 +Subject: [PATCH] pixops: Be more careful about integer overflow + +Our loader code is supposed to handle out-of-memory and overflow +situations gracefully, reporting errors instead of aborting. But +if you load an image at a specific size, we also execute our +scaling code, which was not careful enough about overflow in some +places. + +This commit makes the scaling code silently return if it fails to +allocate filter tables. This is the best we can do, since +gdk_pixbuf_scale() is not taking a GError. + +https://bugzilla.gnome.org/show_bug.cgi?id=752297 +--- + gdk-pixbuf/pixops/pixops.c | 22 +++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +diff --git a/gdk-pixbuf/pixops/pixops.c b/gdk-pixbuf/pixops/pixops.c +index 29a1c14..ce51745 100644 +--- a/gdk-pixbuf/pixops/pixops.c ++++ b/gdk-pixbuf/pixops/pixops.c +@@ -1272,7 +1272,16 @@ make_filter_table (PixopsFilter *filter) + int i_offset, j_offset; + int n_x = filter->x.n; + int n_y = filter->y.n; +- int *weights = g_new (int, SUBSAMPLE * SUBSAMPLE * n_x * n_y); ++ gsize n_weights; ++ int *weights; ++ ++ n_weights = SUBSAMPLE * SUBSAMPLE * n_x * n_y; ++ if (n_weights / (SUBSAMPLE * SUBSAMPLE * n_x) != n_y) ++ return NULL; /* overflow, bail */ ++ ++ weights = g_try_new (int, n_weights); ++ if (!weights) ++ return NULL; /* overflow, bail */ + + for (i_offset=0; i_offset < SUBSAMPLE; i_offset++) + for (j_offset=0; j_offset < SUBSAMPLE; j_offset++) +@@ -1347,8 +1356,11 @@ pixops_process (guchar *dest_buf, + if (x_step == 0 || y_step == 0) + return; /* overflow, bail out */ + +- line_bufs = g_new (guchar *, filter->y.n); + filter_weights = make_filter_table (filter); ++ if (!filter_weights) ++ return; /* overflow, bail out */ ++ ++ line_bufs = g_new (guchar *, filter->y.n); + + check_shift = check_size ? get_check_shift (check_size) : 0; + +@@ -1468,7 +1480,7 @@ tile_make_weights (PixopsFilterDimension *dim, + double scale) + { + int n = ceil (1 / scale + 1); +- double *pixel_weights = g_new (double, SUBSAMPLE * n); ++ double *pixel_weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n); + int offset; + int i; + +@@ -1526,7 +1538,7 @@ bilinear_magnify_make_weights (PixopsFilterDimension *dim, + } + + dim->n = n; +- dim->weights = g_new (double, SUBSAMPLE * n); ++ dim->weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n); + + pixel_weights = dim->weights; + +@@ -1617,7 +1629,7 @@ bilinear_box_make_weights (PixopsFilterDimension *dim, + double scale) + { + int n = ceil (1/scale + 3.0); +- double *pixel_weights = g_new (double, SUBSAMPLE * n); ++ double *pixel_weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n); + double w; + int offset, i; + +-- +2.5.0 + |