Commit c839b706 authored by Carlos Garcia Campos's avatar Carlos Garcia Campos

[glib] Fix CVE-2009-3607

parent 44462e0c
......@@ -609,28 +609,28 @@ create_surface_from_thumbnail_data (guchar *data,
gint rowstride)
{
guchar *cairo_pixels;
gint cairo_stride;
cairo_surface_t *surface;
static cairo_user_data_key_t key;
int j;
cairo_pixels = (guchar *)g_malloc (4 * width * height);
surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
CAIRO_FORMAT_RGB24,
width, height, 4 * width);
cairo_surface_set_user_data (surface, &key,
cairo_pixels, (cairo_destroy_func_t)g_free);
surface = cairo_image_surface_create (CAIRO_FORMAT_RGB24, width, height);
if (cairo_surface_status (surface))
return NULL;
cairo_pixels = cairo_image_surface_get_data (surface);
cairo_stride = cairo_image_surface_get_stride (surface);
for (j = height; j; j--) {
guchar *p = data;
guchar *q = cairo_pixels;
guchar *end = p + 3 * width;
while (p < end) {
#if G_BYTE_ORDER == G_LITTLE_ENDIAN
q[0] = p[2];
q[1] = p[1];
q[2] = p[0];
#else
#else
q[1] = p[0];
q[2] = p[1];
q[3] = p[2];
......@@ -640,7 +640,7 @@ create_surface_from_thumbnail_data (guchar *data,
}
data += rowstride;
cairo_pixels += 4 * width;
cairo_pixels += cairo_stride;
}
return surface;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment