Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/x11-libs/gdk-pixbuf/files
diff options
context:
space:
mode:
Diffstat (limited to 'x11-libs/gdk-pixbuf/files')
-rw-r--r--x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch28
-rw-r--r--x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch85
2 files changed, 113 insertions, 0 deletions
diff --git a/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch
new file mode 100644
index 000000000000..7881e6580aca
--- /dev/null
+++ b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch
@@ -0,0 +1,28 @@
+From 74c418ba2e41ab9e2287420378a6192788b1fab6 Mon Sep 17 00:00:00 2001
+From: Sarita Rawat <sarita.rawat@samsung.com>
+Date: Fri, 5 Jun 2015 06:56:00 +0000
+Subject: [PATCH] Avoid a possible divide-by-zero
+
+Pointed out in
+
+https://bugzilla.gnome.org/show_bug.cgi?id=750440
+---
+ gdk-pixbuf/gdk-pixbuf-loader.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdk-pixbuf/gdk-pixbuf-loader.c b/gdk-pixbuf/gdk-pixbuf-loader.c
+index 65845ed..668b703 100644
+--- a/gdk-pixbuf/gdk-pixbuf-loader.c
++++ b/gdk-pixbuf/gdk-pixbuf-loader.c
+@@ -330,7 +330,7 @@ gdk_pixbuf_loader_prepare (GdkPixbuf *pixbuf,
+ else
+ anim = gdk_pixbuf_non_anim_new (pixbuf);
+
+- if (priv->needs_scale) {
++ if (priv->needs_scale && width != 0 && height != 0) {
+ priv->animation = GDK_PIXBUF_ANIMATION (_gdk_pixbuf_scaled_anim_new (anim,
+ (double) priv->width / width,
+ (double) priv->height / height,
+--
+2.5.0
+
diff --git a/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch
new file mode 100644
index 000000000000..22a3c25508ce
--- /dev/null
+++ b/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch
@@ -0,0 +1,85 @@
+From ffec86ed5010c5a2be14f47b33bcf4ed3169a199 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Mon, 13 Jul 2015 00:33:40 -0400
+Subject: [PATCH] pixops: Be more careful about integer overflow
+
+Our loader code is supposed to handle out-of-memory and overflow
+situations gracefully, reporting errors instead of aborting. But
+if you load an image at a specific size, we also execute our
+scaling code, which was not careful enough about overflow in some
+places.
+
+This commit makes the scaling code silently return if it fails to
+allocate filter tables. This is the best we can do, since
+gdk_pixbuf_scale() is not taking a GError.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=752297
+---
+ gdk-pixbuf/pixops/pixops.c | 22 +++++++++++++++++-----
+ 1 file changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/gdk-pixbuf/pixops/pixops.c b/gdk-pixbuf/pixops/pixops.c
+index 29a1c14..ce51745 100644
+--- a/gdk-pixbuf/pixops/pixops.c
++++ b/gdk-pixbuf/pixops/pixops.c
+@@ -1272,7 +1272,16 @@ make_filter_table (PixopsFilter *filter)
+ int i_offset, j_offset;
+ int n_x = filter->x.n;
+ int n_y = filter->y.n;
+- int *weights = g_new (int, SUBSAMPLE * SUBSAMPLE * n_x * n_y);
++ gsize n_weights;
++ int *weights;
++
++ n_weights = SUBSAMPLE * SUBSAMPLE * n_x * n_y;
++ if (n_weights / (SUBSAMPLE * SUBSAMPLE * n_x) != n_y)
++ return NULL; /* overflow, bail */
++
++ weights = g_try_new (int, n_weights);
++ if (!weights)
++ return NULL; /* overflow, bail */
+
+ for (i_offset=0; i_offset < SUBSAMPLE; i_offset++)
+ for (j_offset=0; j_offset < SUBSAMPLE; j_offset++)
+@@ -1347,8 +1356,11 @@ pixops_process (guchar *dest_buf,
+ if (x_step == 0 || y_step == 0)
+ return; /* overflow, bail out */
+
+- line_bufs = g_new (guchar *, filter->y.n);
+ filter_weights = make_filter_table (filter);
++ if (!filter_weights)
++ return; /* overflow, bail out */
++
++ line_bufs = g_new (guchar *, filter->y.n);
+
+ check_shift = check_size ? get_check_shift (check_size) : 0;
+
+@@ -1468,7 +1480,7 @@ tile_make_weights (PixopsFilterDimension *dim,
+ double scale)
+ {
+ int n = ceil (1 / scale + 1);
+- double *pixel_weights = g_new (double, SUBSAMPLE * n);
++ double *pixel_weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n);
+ int offset;
+ int i;
+
+@@ -1526,7 +1538,7 @@ bilinear_magnify_make_weights (PixopsFilterDimension *dim,
+ }
+
+ dim->n = n;
+- dim->weights = g_new (double, SUBSAMPLE * n);
++ dim->weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n);
+
+ pixel_weights = dim->weights;
+
+@@ -1617,7 +1629,7 @@ bilinear_box_make_weights (PixopsFilterDimension *dim,
+ double scale)
+ {
+ int n = ceil (1/scale + 3.0);
+- double *pixel_weights = g_new (double, SUBSAMPLE * n);
++ double *pixel_weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n);
+ double w;
+ int offset, i;
+
+--
+2.5.0
+