[gentoo-commits] gentoo-x86 commit in x11-libs/gdk-pixbuf/files: gdk-pixbuf-2.30.8-pixops-overflow.patch gdk-pixbuf-2.30.8-divide-by-zero.patch - gentoo-commits

From:	"Alexandre Rostovtsev (tetromino)" <tetromino@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in x11-libs/gdk-pixbuf/files: gdk-pixbuf-2.30.8-pixops-overflow.patch gdk-pixbuf-2.30.8-divide-by-zero.patch
Date:	Sat, 01 Aug 2015 00:52:56
Message-Id:	`20150801005250.63240113@oystercatcher.gentoo.org`

1

tetromino    15/08/01 00:52:50

2

3

  Added:                gdk-pixbuf-2.30.8-pixops-overflow.patch

4

                        gdk-pixbuf-2.30.8-divide-by-zero.patch

5

  Log:

6

  Fix integer overflow in pixops (bug #556314, thanks to Agostino Sarubbo). Fix gtk-doc installation (bug #549166, thanks to Rafał Mużyło).

7

8

  (Portage version: 2.2.20/cvs/Linux x86_64, signed Manifest commit with key 0x18E5B6F2D8D5EC8D)

9

10

Revision  Changes    Path

11

1.1                  x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch

12

13

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch?rev=1.1&view=markup

14

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch?rev=1.1&content-type=text/plain

15

16

Index: gdk-pixbuf-2.30.8-pixops-overflow.patch

17

===================================================================

18

From ffec86ed5010c5a2be14f47b33bcf4ed3169a199 Mon Sep 17 00:00:00 2001

19

From: Matthias Clasen <mclasen@××××××.com>

20

Date: Mon, 13 Jul 2015 00:33:40 -0400

21

Subject: [PATCH] pixops: Be more careful about integer overflow

22

23

Our loader code is supposed to handle out-of-memory and overflow

24

situations gracefully, reporting errors instead of aborting. But

25

if you load an image at a specific size, we also execute our

26

scaling code, which was not careful enough about overflow in some

27

places.

28

29

This commit makes the scaling code silently return if it fails to

30

allocate filter tables. This is the best we can do, since

31

gdk_pixbuf_scale() is not taking a GError.

32

33

https://bugzilla.gnome.org/show_bug.cgi?id=752297

34

---

35

 gdk-pixbuf/pixops/pixops.c | 22 +++++++++++++++++-----

36

 1 file changed, 17 insertions(+), 5 deletions(-)

37

38

diff --git a/gdk-pixbuf/pixops/pixops.c b/gdk-pixbuf/pixops/pixops.c

39

index 29a1c14..ce51745 100644

40

--- a/gdk-pixbuf/pixops/pixops.c

41

+++ b/gdk-pixbuf/pixops/pixops.c

42

@@ -1272,7 +1272,16 @@ make_filter_table (PixopsFilter *filter)

43

   int i_offset, j_offset;

44

   int n_x = filter->x.n;

45

   int n_y = filter->y.n;

46

-  int *weights = g_new (int, SUBSAMPLE * SUBSAMPLE * n_x * n_y);

47

+  gsize n_weights;

48

+  int *weights;

49

+

50

+  n_weights = SUBSAMPLE * SUBSAMPLE * n_x * n_y;

51

+  if (n_weights / (SUBSAMPLE * SUBSAMPLE * n_x) != n_y)

52

+    return NULL; /* overflow, bail */

53

+

54

+  weights = g_try_new (int, n_weights);

55

+  if (!weights)

56

+    return NULL; /* overflow, bail */

57

58

   for (i_offset=0; i_offset < SUBSAMPLE; i_offset++)

59

     for (j_offset=0; j_offset < SUBSAMPLE; j_offset++)

60

@@ -1347,8 +1356,11 @@ pixops_process (guchar         *dest_buf,

61

   if (x_step == 0 || y_step == 0)

62

     return; /* overflow, bail out */

63

64

-  line_bufs = g_new (guchar *, filter->y.n);

65

   filter_weights = make_filter_table (filter);

66

+  if (!filter_weights)

67

+    return; /* overflow, bail out */

68

+

69

+  line_bufs = g_new (guchar *, filter->y.n);

70

71

   check_shift = check_size ? get_check_shift (check_size) : 0;

72

73

@@ -1468,7 +1480,7 @@ tile_make_weights (PixopsFilterDimension *dim,

74

 		   double                 scale)

75

{

76

   int n = ceil (1 / scale + 1);

77

-  double *pixel_weights = g_new (double, SUBSAMPLE * n);

78

+  double *pixel_weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n);

79

   int offset;

80

   int i;

81

82

@@ -1526,7 +1538,7 @@ bilinear_magnify_make_weights (PixopsFilterDimension *dim,

83

}

84

85

   dim->n = n;

86

-  dim->weights = g_new (double, SUBSAMPLE * n);

87

+  dim->weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n);

88

89

   pixel_weights = dim->weights;

90

91

@@ -1617,7 +1629,7 @@ bilinear_box_make_weights (PixopsFilterDimension *dim,

92

 			   double                 scale)

93

{

94

   int n = ceil (1/scale + 3.0);

95

-  double *pixel_weights = g_new (double, SUBSAMPLE * n);

96

+  double *pixel_weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n);

97

   double w;

98

   int offset, i;

99

100

--

101

2.5.0

1.1                  x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch

107

108

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch?rev=1.1&view=markup

109

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch?rev=1.1&content-type=text/plain

110

111

Index: gdk-pixbuf-2.30.8-divide-by-zero.patch

112

===================================================================

113

From 74c418ba2e41ab9e2287420378a6192788b1fab6 Mon Sep 17 00:00:00 2001

114

From: Sarita Rawat <sarita.rawat@×××××××.com>

115

Date: Fri, 5 Jun 2015 06:56:00 +0000

116

Subject: [PATCH] Avoid a possible divide-by-zero

117

118

Pointed out in

119

120

https://bugzilla.gnome.org/show_bug.cgi?id=750440

121

---

122

 gdk-pixbuf/gdk-pixbuf-loader.c | 2 +-

123

 1 file changed, 1 insertion(+), 1 deletion(-)

124

125

diff --git a/gdk-pixbuf/gdk-pixbuf-loader.c b/gdk-pixbuf/gdk-pixbuf-loader.c

126

index 65845ed..668b703 100644

127

--- a/gdk-pixbuf/gdk-pixbuf-loader.c

128

+++ b/gdk-pixbuf/gdk-pixbuf-loader.c

129

@@ -330,7 +330,7 @@ gdk_pixbuf_loader_prepare (GdkPixbuf          *pixbuf,

130

         else

131

                 anim = gdk_pixbuf_non_anim_new (pixbuf);

132

133

-	if (priv->needs_scale) {

134

+	if (priv->needs_scale && width != 0 && height != 0) {

135

 		priv->animation  = GDK_PIXBUF_ANIMATION (_gdk_pixbuf_scaled_anim_new (anim,

136

                                          (double) priv->width / width,

137

                                          (double) priv->height / height,

138

--

139

2.5.0

1	tetromino 15/08/01 00:52:50
2
3	Added: gdk-pixbuf-2.30.8-pixops-overflow.patch
4	gdk-pixbuf-2.30.8-divide-by-zero.patch
5	Log:
6	Fix integer overflow in pixops (bug #556314, thanks to Agostino Sarubbo). Fix gtk-doc installation (bug #549166, thanks to Rafał Mużyło).
7
8	(Portage version: 2.2.20/cvs/Linux x86_64, signed Manifest commit with key 0x18E5B6F2D8D5EC8D)
9
10	Revision Changes Path
11	1.1 x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch
12
13	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch?rev=1.1&view=markup
14	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-pixops-overflow.patch?rev=1.1&content-type=text/plain
15
16	Index: gdk-pixbuf-2.30.8-pixops-overflow.patch
17	===================================================================
18	From ffec86ed5010c5a2be14f47b33bcf4ed3169a199 Mon Sep 17 00:00:00 2001
19	From: Matthias Clasen <mclasen@××××××.com>
20	Date: Mon, 13 Jul 2015 00:33:40 -0400
21	Subject: [PATCH] pixops: Be more careful about integer overflow
22
23	Our loader code is supposed to handle out-of-memory and overflow
24	situations gracefully, reporting errors instead of aborting. But
25	if you load an image at a specific size, we also execute our
26	scaling code, which was not careful enough about overflow in some
27	places.
28
29	This commit makes the scaling code silently return if it fails to
30	allocate filter tables. This is the best we can do, since
31	gdk_pixbuf_scale() is not taking a GError.
32
33	https://bugzilla.gnome.org/show_bug.cgi?id=752297
34	---
35	gdk-pixbuf/pixops/pixops.c \| 22 +++++++++++++++++-----
36	1 file changed, 17 insertions(+), 5 deletions(-)
37
38	diff --git a/gdk-pixbuf/pixops/pixops.c b/gdk-pixbuf/pixops/pixops.c
39	index 29a1c14..ce51745 100644
40	--- a/gdk-pixbuf/pixops/pixops.c
41	+++ b/gdk-pixbuf/pixops/pixops.c
42	@@ -1272,7 +1272,16 @@ make_filter_table (PixopsFilter *filter)
43	int i_offset, j_offset;
44	int n_x = filter->x.n;
45	int n_y = filter->y.n;
46	- int weights = g_new (int, SUBSAMPLE SUBSAMPLE * n_x * n_y);
47	+ gsize n_weights;
48	+ int *weights;
49	+
50	+ n_weights = SUBSAMPLE * SUBSAMPLE * n_x * n_y;
51	+ if (n_weights / (SUBSAMPLE * SUBSAMPLE * n_x) != n_y)
52	+ return NULL; /* overflow, bail */
53	+
54	+ weights = g_try_new (int, n_weights);
55	+ if (!weights)
56	+ return NULL; /* overflow, bail */
57
58	for (i_offset=0; i_offset < SUBSAMPLE; i_offset++)
59	for (j_offset=0; j_offset < SUBSAMPLE; j_offset++)
60	@@ -1347,8 +1356,11 @@ pixops_process (guchar *dest_buf,
61	if (x_step == 0 \|\| y_step == 0)
62	return; /* overflow, bail out */
63
64	- line_bufs = g_new (guchar *, filter->y.n);
65	filter_weights = make_filter_table (filter);
66	+ if (!filter_weights)
67	+ return; /* overflow, bail out */
68	+
69	+ line_bufs = g_new (guchar *, filter->y.n);
70
71	check_shift = check_size ? get_check_shift (check_size) : 0;
72
73	@@ -1468,7 +1480,7 @@ tile_make_weights (PixopsFilterDimension *dim,
74	double scale)
75	{
76	int n = ceil (1 / scale + 1);
77	- double pixel_weights = g_new (double, SUBSAMPLE n);
78	+ double pixel_weights = g_malloc_n (sizeof (double) SUBSAMPLE, n);
79	int offset;
80	int i;
81
82	@@ -1526,7 +1538,7 @@ bilinear_magnify_make_weights (PixopsFilterDimension *dim,
83	}
84
85	dim->n = n;
86	- dim->weights = g_new (double, SUBSAMPLE * n);
87	+ dim->weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n);
88
89	pixel_weights = dim->weights;
90
91	@@ -1617,7 +1629,7 @@ bilinear_box_make_weights (PixopsFilterDimension *dim,
92	double scale)
93	{
94	int n = ceil (1/scale + 3.0);
95	- double pixel_weights = g_new (double, SUBSAMPLE n);
96	+ double pixel_weights = g_malloc_n (sizeof (double) SUBSAMPLE, n);
97	double w;
98	int offset, i;
99
100	--
101	2.5.0
102
103
104
105
106	1.1 x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch
107
108	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch?rev=1.1&view=markup
109	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/x11-libs/gdk-pixbuf/files/gdk-pixbuf-2.30.8-divide-by-zero.patch?rev=1.1&content-type=text/plain
110
111	Index: gdk-pixbuf-2.30.8-divide-by-zero.patch
112	===================================================================
113	From 74c418ba2e41ab9e2287420378a6192788b1fab6 Mon Sep 17 00:00:00 2001
114	From: Sarita Rawat <sarita.rawat@×××××××.com>
115	Date: Fri, 5 Jun 2015 06:56:00 +0000
116	Subject: [PATCH] Avoid a possible divide-by-zero
117
118	Pointed out in
119
120	https://bugzilla.gnome.org/show_bug.cgi?id=750440
121	---
122	gdk-pixbuf/gdk-pixbuf-loader.c \| 2 +-
123	1 file changed, 1 insertion(+), 1 deletion(-)
124
125	diff --git a/gdk-pixbuf/gdk-pixbuf-loader.c b/gdk-pixbuf/gdk-pixbuf-loader.c
126	index 65845ed..668b703 100644
127	--- a/gdk-pixbuf/gdk-pixbuf-loader.c
128	+++ b/gdk-pixbuf/gdk-pixbuf-loader.c
129	@@ -330,7 +330,7 @@ gdk_pixbuf_loader_prepare (GdkPixbuf *pixbuf,
130	else
131	anim = gdk_pixbuf_non_anim_new (pixbuf);
132
133	- if (priv->needs_scale) {
134	+ if (priv->needs_scale && width != 0 && height != 0) {
135	priv->animation = GDK_PIXBUF_ANIMATION (_gdk_pixbuf_scaled_anim_new (anim,
136	(double) priv->width / width,
137	(double) priv->height / height,
138	--
139	2.5.0

Gentoo Archives: gentoo-commits