[Pixman] [PATCH] create_bits(): Cast the result of height * stride to size_t
Søren Sandmann
soren.sandmann at gmail.com
Wed Apr 9 11:24:03 PDT 2014
In create_bits() both height and stride are ints, so the result is
also an int, which will overflow if height or stride are big enough
and size_t is bigger than int.
This patch simply casts height to size_t to prevent these overflows,
which prevents the crash in:
https://bugzilla.redhat.com/show_bug.cgi?id=972647
It's not even close to fixing the full problem of supporting big
images in pixman.
See also
https://bugs.freedesktop.org/show_bug.cgi?id=69014
---
pixman/pixman-bits-image.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pixman/pixman-bits-image.c b/pixman/pixman-bits-image.c
index f9121a3..dcdcc69 100644
--- a/pixman/pixman-bits-image.c
+++ b/pixman/pixman-bits-image.c
@@ -926,7 +926,7 @@ create_bits (pixman_format_code_t format,
if (_pixman_multiply_overflows_size (height, stride))
return NULL;
- buf_size = height * stride;
+ buf_size = (size_t)height * stride;
if (rowstride_bytes)
*rowstride_bytes = stride;
--
1.8.3.1
More information about the Pixman
mailing list