[gdk-pixbuf] gdk-pixbuf: Fix overflow check in gdk_pixbuf_new()

[Philip Withnall <pwithnall src gnome org>]

commit d579de66166d6d9130b8047cf54e61a4ae29aa6e
Author: Philip Withnall <withnall endlessm com>
Date:   Mon Jan 16 10:13:48 2017 +0000

    gdk-pixbuf: Fix overflow check in gdk_pixbuf_new()
    
    The recommended way to do an overflow check is to check against the
    limit you have in mind, rather than doing the calculation and seeing if
    it failed.
    
    Fix this by rearranging the check: move the variables we control (or
    have previously checked) over to one side, leaving the unknown variable
    on its own on the left-hand side. This ensures the overflow check
    doesn’t overflow itself.
    
    Coverity ID: 1388538
    
    https://bugzilla.gnome.org/show_bug.cgi?id=777315

 gdk-pixbuf/gdk-pixbuf.c |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)
---
diff --git a/gdk-pixbuf/gdk-pixbuf.c b/gdk-pixbuf/gdk-pixbuf.c
index 6bfaafb..d7b78e4 100644
--- a/gdk-pixbuf/gdk-pixbuf.c
+++ b/gdk-pixbuf/gdk-pixbuf.c
@@ -453,12 +453,13 @@ gdk_pixbuf_new (GdkColorspace colorspace,
        g_return_val_if_fail (height > 0, NULL);
 
        channels = has_alpha ? 4 : 3;
-        rowstride = (unsigned) width * channels;
-        if (rowstride / channels != width || rowstride + 3 < 0) /* overflow */
-                return NULL;
-        
+
+       /* Overflow? */
+       if (width > (G_MAXUINT - 3) / channels)
+               return NULL;
+
        /* Always align rows to 32-bit boundaries */
-       rowstride = (rowstride + 3) & ~3;
+       rowstride = (width * channels + 3) & ~3;
 
        buf = g_try_malloc_n (height, rowstride);
        if (!buf)