[gnome-photos/gnome-3-18] print-preview: Fix possible integer overflow flaw
- From: Debarshi Ray <debarshir src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-photos/gnome-3-18] print-preview: Fix possible integer overflow flaw
- Date: Fri, 11 Mar 2016 22:01:56 +0000 (UTC)
commit 7b8d0d8da3689518b10895f17e854ff8620200ae
Author: Rafael Fonseca <r4f4rfs gmail com>
Date: Fri Mar 11 14:40:06 2016 +0100
print-preview: Fix possible integer overflow flaw
This removes code copied from GDK that was susceptiple to a possible
integer overflow (cf. CVE-2013-7447), although the code only worked
on images too small to trigger the overflow. GDK provides a (fixed)
variant of the code with the same features nowadays, so just use that.
https://bugzilla.gnome.org/show_bug.cgi?id=762027
src/photos-print-preview.c | 95 +-------------------------------------------
1 files changed, 2 insertions(+), 93 deletions(-)
---
diff --git a/src/photos-print-preview.c b/src/photos-print-preview.c
index 9a94fbd..c9a8479 100644
--- a/src/photos-print-preview.c
+++ b/src/photos-print-preview.c
@@ -713,98 +713,6 @@ create_preview_buffer (PhotosPrintPreview *preview)
return pixbuf;
}
-/*
- Function inspired from gdk_cairo_set_source_pixbuf (). The main reason is
- that I want to save the cairo_surface_t created from the scaled buffer to
- improve performance.
-*/
-static cairo_surface_t *
-create_surface_from_pixbuf (GdkPixbuf *pixbuf)
-{
- gint width = gdk_pixbuf_get_width (pixbuf);
- gint height = gdk_pixbuf_get_height (pixbuf);
- guchar *gdk_pixels = gdk_pixbuf_get_pixels (pixbuf);
- int gdk_rowstride = gdk_pixbuf_get_rowstride (pixbuf);
- int n_channels = gdk_pixbuf_get_n_channels (pixbuf);
- int cairo_stride;
- guchar *cairo_pixels;
- cairo_format_t format;
- cairo_surface_t *surface;
- static const cairo_user_data_key_t key;
- int j;
-
- if (n_channels == 3)
- format = CAIRO_FORMAT_RGB24;
- else
- format = CAIRO_FORMAT_ARGB32;
-
- cairo_stride = cairo_format_stride_for_width (format, width);
- cairo_pixels = g_malloc (height * cairo_stride);
- surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
- format,
- width, height, cairo_stride);
- cairo_surface_set_user_data (surface, &key,
- cairo_pixels, (cairo_destroy_func_t)g_free);
-
- for (j = height; j; j--)
- {
- guchar *p = gdk_pixels;
- guchar *q = cairo_pixels;
-
- if (n_channels == 3)
- {
- guchar *end = p + 3 * width;
-
- while (p < end)
- {
-#if G_BYTE_ORDER == G_LITTLE_ENDIAN
- q[0] = p[2];
- q[1] = p[1];
- q[2] = p[0];
-#else
- q[1] = p[0];
- q[2] = p[1];
- q[3] = p[2];
-#endif
- p += 3;
- q += 4;
- }
- }
- else
- {
- guchar *end = p + 4 * width;
- guint t1,t2,t3;
-
-#define MULT(d,c,a,t) G_STMT_START { t = c * a + 0x7f; d = ((t >> 8) + t) >> 8; } G_STMT_END
-
- while (p < end)
- {
-#if G_BYTE_ORDER == G_LITTLE_ENDIAN
- MULT(q[0], p[2], p[3], t1);
- MULT(q[1], p[1], p[3], t2);
- MULT(q[2], p[0], p[3], t3);
- q[3] = p[3];
-#else
- q[0] = p[3];
- MULT(q[1], p[0], p[3], t1);
- MULT(q[2], p[1], p[3], t2);
- MULT(q[3], p[2], p[3], t3);
-#endif
-
- p += 4;
- q += 4;
- }
-
-#undef MULT
- }
-
- gdk_pixels += gdk_rowstride;
- cairo_pixels += cairo_stride;
- }
-
- return surface;
-}
-
static void
create_surface (PhotosPrintPreview *preview)
@@ -821,7 +729,8 @@ create_surface (PhotosPrintPreview *preview)
pixbuf = create_preview_buffer (preview);
if (pixbuf != NULL)
{
- priv->surface = create_surface_from_pixbuf (pixbuf);
+ priv->surface = gdk_cairo_surface_create_from_pixbuf (pixbuf, 0,
+ gtk_widget_get_window (GTK_WIDGET (preview)));
g_object_unref (pixbuf);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]