upstream/oracle/userland-gate: comparison components/gnome/eog/patches/01-22727572.patch

equal deleted inserted replaced

-:e62a7f3c23ab
+:bea0a4beaf5e
+Security fix from upstream which can be deleted once we update to 3.20.4
+From c1ac983bf3bdbd7d8ab4ab34208f1f399bdacbfc Mon Sep 17 00:00:00 2001
+From: Felix Riemann <[email protected]>
+Date: Sun, 14 Feb 2016 18:50:43 +0100
+Subject: EogPrintPreview: Fix possible integer overflow
+This removes code copied from GDK that was susceptiple to a possible
+integer overflow (cf. CVE-2013-7447), although the code only worked
+on images too small to trigger the overflow. GDK provides a (fixed)
+variant of the code with the same features nowadays, so just use that.
+https://bugzilla.gnome.org/show_bug.cgi?id=762028
+---
+src/eog-print-preview.c | 96 ++-----------------------------------------------
+1 file changed, 3 insertions(+), 93 deletions(-)
+diff --git a/src/eog-print-preview.c b/src/eog-print-preview.c
+index 3710dff..cfd9db1 100644
+--- a/src/eog-print-preview.c
++++ b/src/eog-print-preview.c
+@@ -701,98 +701,6 @@ create_preview_buffer (EogPrintPreview *preview)
+	return pixbuf;
+}
+-/*
+-  Function inspired from gdk_cairo_set_source_pixbuf (). The main reason is
+-  that I want to save the cairo_surface_t created from the scaled buffer to
+-  improve performance.
+-*/
+-static cairo_surface_t *
+-create_surface_from_pixbuf (GdkPixbuf *pixbuf)
+-{
+-  gint width = gdk_pixbuf_get_width (pixbuf);
+-  gint height = gdk_pixbuf_get_height (pixbuf);
+-  guchar *gdk_pixels = gdk_pixbuf_get_pixels (pixbuf);
+-  int gdk_rowstride = gdk_pixbuf_get_rowstride (pixbuf);
+-  int n_channels = gdk_pixbuf_get_n_channels (pixbuf);
+-  int cairo_stride;
+-  guchar *cairo_pixels;
+-  cairo_format_t format;
+-  cairo_surface_t *surface;
+-  static const cairo_user_data_key_t key;
+-  int j;
+-
+-  if (n_channels == 3)
+-    format = CAIRO_FORMAT_RGB24;
+-  else
+-    format = CAIRO_FORMAT_ARGB32;
+-
+-  cairo_stride = cairo_format_stride_for_width (format, width);
+-  cairo_pixels = g_malloc (height * cairo_stride);
+-  surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
+-						 format,
+-						 width, height, cairo_stride);
+-  cairo_surface_set_user_data (surface, &key,
+-			       cairo_pixels, (cairo_destroy_func_t)g_free);
+-
+-  for (j = height; j; j--)
+-    {
+-      guchar *p = gdk_pixels;
+-      guchar *q = cairo_pixels;
+-
+-      if (n_channels == 3)
+-	{
+-	  guchar *end = p + 3 * width;
+-
+-	  while (p < end)
+-	    {
+-#if G_BYTE_ORDER == G_LITTLE_ENDIAN
+-	      q[0] = p[2];
+-	      q[1] = p[1];
+-	      q[2] = p[0];
+-#else
+-	      q[1] = p[0];
+-	      q[2] = p[1];
+-	      q[3] = p[2];
+-#endif
+-	      p += 3;
+-	      q += 4;
+-	    }
+-	}
+-      else
+-	{
+-	  guchar *end = p + 4 * width;
+-	  guint t1,t2,t3;
+-
+-#define MULT(d,c,a,t) G_STMT_START { t = c * a + 0x7f; d = ((t >> 8) + t) >> 8; } G_STMT_END
+-
+-	  while (p < end)
+-	    {
+-#if G_BYTE_ORDER == G_LITTLE_ENDIAN
+-	      MULT(q[0], p[2], p[3], t1);
+-	      MULT(q[1], p[1], p[3], t2);
+-	      MULT(q[2], p[0], p[3], t3);
+-	      q[3] = p[3];
+-#else
+-	      q[0] = p[3];
+-	      MULT(q[1], p[0], p[3], t1);
+-	      MULT(q[2], p[1], p[3], t2);
+-	      MULT(q[3], p[2], p[3], t3);
+-#endif
+-
+-	      p += 4;
+-	      q += 4;
+-	    }
+-
+-#undef MULT
+-	}
+-
+-      gdk_pixels += gdk_rowstride;
+-      cairo_pixels += cairo_stride;
+-    }
+-
+-  return surface;
+-}
+-
+static void
+create_surface (EogPrintPreview *preview)
+{
+@@ -806,7 +714,9 @@ create_surface (EogPrintPreview *preview)
+	pixbuf = create_preview_buffer (preview);
+	if (pixbuf) {
+-		priv->surface = create_surface_from_pixbuf (pixbuf);
++		priv->surface =
++			gdk_cairo_surface_create_from_pixbuf (pixbuf, 0,
++							      gtk_widget_get_window (GTK_WIDGET (preview)));
+		g_object_unref (pixbuf);
+	}
+	priv->flag_create_surface = FALSE;