--- gdk-pixbuf/io-xbm.c~ 2010-07-09 20:55:04.000000000 -0400
+++ gdk-pixbuf/io-xbm.c 2012-06-25 17:22:10.169832013 -0400
@@ -183,10 +183,16 @@
type++;
}
- if (!strcmp ("width", type))
+ if (!strcmp ("width", type)) {
+ if (value <= 0)
+ RETURN (FALSE);
ww = (unsigned int) value;
- if (!strcmp ("height", type))
+ }
+ if (!strcmp ("height", type)) {
+ if (value <= 0)
+ RETURN (FALSE);
hh = (unsigned int) value;
+ }
if (!strcmp ("hot", type)) {
if (type-- == name_and_type
|| type-- == name_and_type)
@@ -231,6 +237,8 @@
bytes_per_line = (ww+7)/8 + padding;
size = bytes_per_line * hh;
+ if (size / bytes_per_line != hh) /* overflow */
+ RETURN (FALSE);
bits = g_malloc (size);
if (version10p) {
distrib
>
Mageia
>
1
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
e0218968964715a81472fa2607ff00f8
>
files
>
2
