Security fix from upstream which can be deleted once we update to 3.20.4

From c1ac983bf3bdbd7d8ab4ab34208f1f399bdacbfc Mon Sep 17 00:00:00 2001
From: Felix Riemann <[email protected]>
Date: Sun, 14 Feb 2016 18:50:43 +0100
Subject: EogPrintPreview: Fix possible integer overflow

This removes code copied from GDK that was susceptiple to a possible
integer overflow (cf. CVE-2013-7447), although the code only worked
on images too small to trigger the overflow. GDK provides a (fixed)
variant of the code with the same features nowadays, so just use that.

https://bugzilla.gnome.org/show_bug.cgi?id=762028
---
 src/eog-print-preview.c | 96 ++-----------------------------------------------
 1 file changed, 3 insertions(+), 93 deletions(-)

diff --git a/src/eog-print-preview.c b/src/eog-print-preview.c
index 3710dff..cfd9db1 100644
--- a/src/eog-print-preview.c
+++ b/src/eog-print-preview.c
@@ -701,98 +701,6 @@ create_preview_buffer (EogPrintPreview *preview)
 	return pixbuf;
 }
 
-/*
-  Function inspired from gdk_cairo_set_source_pixbuf (). The main reason is
-  that I want to save the cairo_surface_t created from the scaled buffer to
-  improve performance.
-*/
-static cairo_surface_t *
-create_surface_from_pixbuf (GdkPixbuf *pixbuf)
-{
-  gint width = gdk_pixbuf_get_width (pixbuf);
-  gint height = gdk_pixbuf_get_height (pixbuf);
-  guchar *gdk_pixels = gdk_pixbuf_get_pixels (pixbuf);
-  int gdk_rowstride = gdk_pixbuf_get_rowstride (pixbuf);
-  int n_channels = gdk_pixbuf_get_n_channels (pixbuf);
-  int cairo_stride;
-  guchar *cairo_pixels;
-  cairo_format_t format;
-  cairo_surface_t *surface;
-  static const cairo_user_data_key_t key;
-  int j;
-
-  if (n_channels == 3)
-    format = CAIRO_FORMAT_RGB24;
-  else
-    format = CAIRO_FORMAT_ARGB32;
-
-  cairo_stride = cairo_format_stride_for_width (format, width);
-  cairo_pixels = g_malloc (height * cairo_stride);
-  surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
-						 format,
-						 width, height, cairo_stride);
-  cairo_surface_set_user_data (surface, &key,
-			       cairo_pixels, (cairo_destroy_func_t)g_free);
-
-  for (j = height; j; j--)
-    {
-      guchar *p = gdk_pixels;
-      guchar *q = cairo_pixels;
-
-      if (n_channels == 3)
-	{
-	  guchar *end = p + 3 * width;
-
-	  while (p < end)
-	    {
-#if G_BYTE_ORDER == G_LITTLE_ENDIAN
-	      q[0] = p[2];
-	      q[1] = p[1];
-	      q[2] = p[0];
-#else
-	      q[1] = p[0];
-	      q[2] = p[1];
-	      q[3] = p[2];
-#endif
-	      p += 3;
-	      q += 4;
-	    }
-	}
-      else
-	{
-	  guchar *end = p + 4 * width;
-	  guint t1,t2,t3;
-
-#define MULT(d,c,a,t) G_STMT_START { t = c * a + 0x7f; d = ((t >> 8) + t) >> 8; } G_STMT_END
-
-	  while (p < end)
-	    {
-#if G_BYTE_ORDER == G_LITTLE_ENDIAN
-	      MULT(q[0], p[2], p[3], t1);
-	      MULT(q[1], p[1], p[3], t2);
-	      MULT(q[2], p[0], p[3], t3);
-	      q[3] = p[3];
-#else
-	      q[0] = p[3];
-	      MULT(q[1], p[0], p[3], t1);
-	      MULT(q[2], p[1], p[3], t2);
-	      MULT(q[3], p[2], p[3], t3);
-#endif
-
-	      p += 4;
-	      q += 4;
-	    }
-
-#undef MULT
-	}
-
-      gdk_pixels += gdk_rowstride;
-      cairo_pixels += cairo_stride;
-    }
-
-  return surface;
-}
-
 static void
 create_surface (EogPrintPreview *preview)
 {
@@ -806,7 +714,9 @@ create_surface (EogPrintPreview *preview)
 
 	pixbuf = create_preview_buffer (preview);
 	if (pixbuf) {
-		priv->surface = create_surface_from_pixbuf (pixbuf);
+		priv->surface =
+			gdk_cairo_surface_create_from_pixbuf (pixbuf, 0,
+							      gtk_widget_get_window (GTK_WIDGET (preview)));
 		g_object_unref (pixbuf);
 	}
 	priv->flag_create_surface = FALSE;