[gtk/gtk-2-24: 1/2] Resolve GIMP segfault from accessing memory past end of pixbuf Fixes https://gitlab.gnome.org/GNOME/

From: Matthias Clasen <matthiasc src gnome org>
To: commits-list gnome org
Cc:
Subject: [gtk/gtk-2-24: 1/2] Resolve GIMP segfault from accessing memory past end of pixbuf Fixes https://gitlab.gnome.org/GNOME/
Date: Fri, 1 May 2020 22:20:49 +0000 (UTC)

commit d1b21ff1598cfab03e6b918edd76de766356566c
Author: Nam Nguyen <namn berkeley edu>
Date:   Fri May 1 21:55:49 2020 +0000

    Resolve GIMP segfault from accessing memory past end of pixbuf
    Fixes https://gitlab.gnome.org/GNOME/gtk/-/issues/2684
    
    GIMP segfaults while switching themes between dark and gray and inputting Ctrl-O
    to open a file. This is because p advances past end of pixbuf in pixbuf-render.c
    compute_hint() with num_channels = 3 (no alpha). This is resolved by fixing the
    if statement to only check for alpha, thereby advancing p, if there is an alpha
    channel.

 modules/engines/pixbuf/pixbuf-render.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
---
diff --git a/modules/engines/pixbuf/pixbuf-render.c b/modules/engines/pixbuf/pixbuf-render.c
index a272ff4a5e..5139339658 100644
--- a/modules/engines/pixbuf/pixbuf-render.c
+++ b/modules/engines/pixbuf/pixbuf-render.c
@@ -603,7 +603,7 @@ compute_hint (GdkPixbuf *pixbuf,
          if (r != *(p++) ||
              g != *(p++) ||
              b != *(p++) ||
-             (n_channels != 4 && a != *(p++)))
+             (n_channels == 4 && a != *(p++)))
            {
              hints &= ~THEME_CONSTANT_ROWS;
              if (!(hints & THEME_MISSING))

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]