[gthumb] jpeg loader: crash when the original size is too big for a cairo surface
- From: Paolo Bacchilega <paobac src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gthumb] jpeg loader: crash when the original size is too big for a cairo surface
- Date: Mon, 16 Dec 2019 11:39:20 +0000 (UTC)
commit 5bc151d4cf1b42cb42a846d946bd51ae32a510e0
Author: Paolo Bacchilega <paobac src gnome org>
Date: Mon Dec 16 12:01:07 2019 +0100
jpeg loader: crash when the original size is too big for a cairo surface
Iterate over the cairo surface dimensions instead of the
original dimensions when copying the pixels into the cairo
surface.
extensions/cairo_io/cairo-image-surface-jpeg.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
---
diff --git a/extensions/cairo_io/cairo-image-surface-jpeg.c b/extensions/cairo_io/cairo-image-surface-jpeg.c
index 3453d5a1..e0e7379e 100644
--- a/extensions/cairo_io/cairo-image-surface-jpeg.c
+++ b/extensions/cairo_io/cairo-image-surface-jpeg.c
@@ -304,7 +304,7 @@ _cairo_image_surface_create_from_jpeg (GInputStream *istream,
CMYK_table_init ();
cmyk_tab = CMYK_Tab;
- while (srcinfo.output_scanline < srcinfo.output_height) {
+ while (srcinfo.output_scanline < destination_height) {
if (g_cancellable_is_cancelled (cancellable))
goto stop_loading;
@@ -318,7 +318,7 @@ _cairo_image_surface_create_from_jpeg (GInputStream *istream,
if (g_cancellable_is_cancelled (cancellable))
goto stop_loading;
- for (x = 0; x < srcinfo.output_width; x++) {
+ for (x = 0; x < destination_width; x++) {
if (srcinfo.saw_Adobe_marker) {
c = p_buffer[0];
m = p_buffer[1];
@@ -352,7 +352,7 @@ _cairo_image_surface_create_from_jpeg (GInputStream *istream,
case JCS_GRAYSCALE:
{
- while (srcinfo.output_scanline < srcinfo.output_height) {
+ while (srcinfo.output_scanline < destination_height) {
if (g_cancellable_is_cancelled (cancellable))
goto stop_loading;
@@ -366,7 +366,7 @@ _cairo_image_surface_create_from_jpeg (GInputStream *istream,
if (g_cancellable_is_cancelled (cancellable))
goto stop_loading;
- for (x = 0; x < srcinfo.output_width; x++) {
+ for (x = 0; x < destination_width; x++) {
r = g = b = p_buffer[0];
pixel = CAIRO_RGBA_TO_UINT32 (r, g, b, 0xff);
memcpy (p_surface, &pixel, sizeof (guint32));
@@ -384,7 +384,7 @@ _cairo_image_surface_create_from_jpeg (GInputStream *istream,
case JCS_RGB:
{
- while (srcinfo.output_scanline < srcinfo.output_height) {
+ while (srcinfo.output_scanline < destination_height) {
if (g_cancellable_is_cancelled (cancellable))
goto stop_loading;
@@ -398,7 +398,7 @@ _cairo_image_surface_create_from_jpeg (GInputStream *istream,
if (g_cancellable_is_cancelled (cancellable))
goto stop_loading;
- for (x = 0; x < srcinfo.output_width; x++) {
+ for (x = 0; x < destination_width; x++) {
r = p_buffer[0];
g = p_buffer[1];
b = p_buffer[2];
@@ -431,7 +431,7 @@ _cairo_image_surface_create_from_jpeg (GInputStream *istream,
g_cr_tab = YCbCr_G_Cr_Tab;
b_cb_tab = YCbCr_B_Cb_Tab;
- while (srcinfo.output_scanline < srcinfo.output_height) {
+ while (srcinfo.output_scanline < destination_height) {
if (g_cancellable_is_cancelled (cancellable))
goto stop_loading;
@@ -445,7 +445,7 @@ _cairo_image_surface_create_from_jpeg (GInputStream *istream,
if (g_cancellable_is_cancelled (cancellable))
goto stop_loading;
- for (x = 0; x < srcinfo.output_width; x++) {
+ for (x = 0; x < destination_width; x++) {
Y = p_buffer[0];
Cb = p_buffer[1];
Cr = p_buffer[2];
@@ -486,7 +486,7 @@ _cairo_image_surface_create_from_jpeg (GInputStream *istream,
CMYK_table_init ();
cmyk_tab = CMYK_Tab;
- while (srcinfo.output_scanline < srcinfo.output_height) {
+ while (srcinfo.output_scanline < destination_height) {
if (g_cancellable_is_cancelled (cancellable))
goto stop_loading;
@@ -500,7 +500,7 @@ _cairo_image_surface_create_from_jpeg (GInputStream *istream,
if (g_cancellable_is_cancelled (cancellable))
goto stop_loading;
- for (x = 0; x < srcinfo.output_width; x++) {
+ for (x = 0; x < destination_width; x++) {
Y = p_buffer[0];
Cb = p_buffer[1];
Cr = p_buffer[2];
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
