From 894b1ae76a32720f4bb3d39cf460402e3ce331d6 Mon Sep 17 00:00:00 2001 From: Matthias Clasen <mclasen@redhat.com> Date: Sat, 29 Jun 2013 22:06:54 -0400 Subject: Avoid integer overflow Use g_malloc_n in gdk_cairo_set_source_pixbuf when allocating a large block of memory, to avoid integer overflow. Pointed out by Bert Massop in https://bugzilla.gnome.org/show_bug.cgi?id=703220 Index: gtk+-2.24.29/gdk/gdkcairo.c =================================================================== --- gtk+-2.24.29/gdk/gdkcairo.c +++ gtk+-2.24.29/gdk/gdkcairo.c 2016-02-11 23:25:11.380927480 +0200 @@ -211,7 +211,7 @@ format = CAIRO_FORMAT_ARGB32; cairo_stride = cairo_format_stride_for_width (format, width); - cairo_pixels = g_malloc (height * cairo_stride); + cairo_pixels = g_malloc_n (height, cairo_stride); surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels, format, width, height, cairo_stride);