1 |
tetromino 15/08/01 00:52:50 |
2 |
|
3 |
Added: gdk-pixbuf-2.30.8-pixops-overflow.patch |
4 |
gdk-pixbuf-2.30.8-divide-by-zero.patch |
5 |
Log: |
6 |
Fix integer overflow in pixops (bug #556314, thanks to Agostino Sarubbo). Fix gtk-doc installation (bug #549166, thanks to Rafał Mużyło). |
7 |
|
8 |
(Portage version: 2.2.20/cvs/Linux x86_64, signed Manifest commit with key 0x18E5B6F2D8D5EC8D) |
9 |
|
10 |
Revision Changes Path |
11 |
1.1 x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch?rev=1.1&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch?rev=1.1&content-type=text/plain |
15 |
|
16 |
Index: gdk-pixbuf-2.30.8-pixops-overflow.patch |
17 |
=================================================================== |
18 |
From ffec86ed5010c5a2be14f47b33bcf4ed3169a199 Mon Sep 17 00:00:00 2001 |
19 |
From: Matthias Clasen <mclasen@××××××.com> |
20 |
Date: Mon, 13 Jul 2015 00:33:40 -0400 |
21 |
Subject: [PATCH] pixops: Be more careful about integer overflow |
22 |
|
23 |
Our loader code is supposed to handle out-of-memory and overflow |
24 |
situations gracefully, reporting errors instead of aborting. But |
25 |
if you load an image at a specific size, we also execute our |
26 |
scaling code, which was not careful enough about overflow in some |
27 |
places. |
28 |
|
29 |
This commit makes the scaling code silently return if it fails to |
30 |
allocate filter tables. This is the best we can do, since |
31 |
gdk_pixbuf_scale() is not taking a GError. |
32 |
|
33 |
https://bugzilla.gnome.org/show_bug.cgi?id=752297 |
34 |
--- |
35 |
gdk-pixbuf/pixops/pixops.c | 22 +++++++++++++++++----- |
36 |
1 file changed, 17 insertions(+), 5 deletions(-) |
37 |
|
38 |
diff --git a/gdk-pixbuf/pixops/pixops.c b/gdk-pixbuf/pixops/pixops.c |
39 |
index 29a1c14..ce51745 100644 |
40 |
--- a/gdk-pixbuf/pixops/pixops.c |
41 |
+++ b/gdk-pixbuf/pixops/pixops.c |
42 |
@@ -1272,7 +1272,16 @@ make_filter_table (PixopsFilter *filter) |
43 |
int i_offset, j_offset; |
44 |
int n_x = filter->x.n; |
45 |
int n_y = filter->y.n; |
46 |
- int *weights = g_new (int, SUBSAMPLE * SUBSAMPLE * n_x * n_y); |
47 |
+ gsize n_weights; |
48 |
+ int *weights; |
49 |
+ |
50 |
+ n_weights = SUBSAMPLE * SUBSAMPLE * n_x * n_y; |
51 |
+ if (n_weights / (SUBSAMPLE * SUBSAMPLE * n_x) != n_y) |
52 |
+ return NULL; /* overflow, bail */ |
53 |
+ |
54 |
+ weights = g_try_new (int, n_weights); |
55 |
+ if (!weights) |
56 |
+ return NULL; /* overflow, bail */ |
57 |
|
58 |
for (i_offset=0; i_offset < SUBSAMPLE; i_offset++) |
59 |
for (j_offset=0; j_offset < SUBSAMPLE; j_offset++) |
60 |
@@ -1347,8 +1356,11 @@ pixops_process (guchar *dest_buf, |
61 |
if (x_step == 0 || y_step == 0) |
62 |
return; /* overflow, bail out */ |
63 |
|
64 |
- line_bufs = g_new (guchar *, filter->y.n); |
65 |
filter_weights = make_filter_table (filter); |
66 |
+ if (!filter_weights) |
67 |
+ return; /* overflow, bail out */ |
68 |
+ |
69 |
+ line_bufs = g_new (guchar *, filter->y.n); |
70 |
|
71 |
check_shift = check_size ? get_check_shift (check_size) : 0; |
72 |
|
73 |
@@ -1468,7 +1480,7 @@ tile_make_weights (PixopsFilterDimension *dim, |
74 |
double scale) |
75 |
{ |
76 |
int n = ceil (1 / scale + 1); |
77 |
- double *pixel_weights = g_new (double, SUBSAMPLE * n); |
78 |
+ double *pixel_weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n); |
79 |
int offset; |
80 |
int i; |
81 |
|
82 |
@@ -1526,7 +1538,7 @@ bilinear_magnify_make_weights (PixopsFilterDimension *dim, |
83 |
} |
84 |
|
85 |
dim->n = n; |
86 |
- dim->weights = g_new (double, SUBSAMPLE * n); |
87 |
+ dim->weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n); |
88 |
|
89 |
pixel_weights = dim->weights; |
90 |
|
91 |
@@ -1617,7 +1629,7 @@ bilinear_box_make_weights (PixopsFilterDimension *dim, |
92 |
double scale) |
93 |
{ |
94 |
int n = ceil (1/scale + 3.0); |
95 |
- double *pixel_weights = g_new (double, SUBSAMPLE * n); |
96 |
+ double *pixel_weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n); |
97 |
double w; |
98 |
int offset, i; |
99 |
|
100 |
-- |
101 |
2.5.0 |
102 |
|
103 |
|
104 |
|
105 |
|
106 |
1.1 x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch |
107 |
|
108 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch?rev=1.1&view=markup |
109 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch?rev=1.1&content-type=text/plain |
110 |
|
111 |
Index: gdk-pixbuf-2.30.8-divide-by-zero.patch |
112 |
=================================================================== |
113 |
From 74c418ba2e41ab9e2287420378a6192788b1fab6 Mon Sep 17 00:00:00 2001 |
114 |
From: Sarita Rawat <sarita.rawat@×××××××.com> |
115 |
Date: Fri, 5 Jun 2015 06:56:00 +0000 |
116 |
Subject: [PATCH] Avoid a possible divide-by-zero |
117 |
|
118 |
Pointed out in |
119 |
|
120 |
https://bugzilla.gnome.org/show_bug.cgi?id=750440 |
121 |
--- |
122 |
gdk-pixbuf/gdk-pixbuf-loader.c | 2 +- |
123 |
1 file changed, 1 insertion(+), 1 deletion(-) |
124 |
|
125 |
diff --git a/gdk-pixbuf/gdk-pixbuf-loader.c b/gdk-pixbuf/gdk-pixbuf-loader.c |
126 |
index 65845ed..668b703 100644 |
127 |
--- a/gdk-pixbuf/gdk-pixbuf-loader.c |
128 |
+++ b/gdk-pixbuf/gdk-pixbuf-loader.c |
129 |
@@ -330,7 +330,7 @@ gdk_pixbuf_loader_prepare (GdkPixbuf *pixbuf, |
130 |
else |
131 |
anim = gdk_pixbuf_non_anim_new (pixbuf); |
132 |
|
133 |
- if (priv->needs_scale) { |
134 |
+ if (priv->needs_scale && width != 0 && height != 0) { |
135 |
priv->animation = GDK_PIXBUF_ANIMATION (_gdk_pixbuf_scaled_anim_new (anim, |
136 |
(double) priv->width / width, |
137 |
(double) priv->height / height, |
138 |
-- |
139 |
2.5.0 |