gui/SOURCES/libgxps-0.3.0-integer-overf...

From 123dd99c6a1ae2ef6fcb5547e51fa58e8c954b51 Mon Sep 17 00:00:00 2001
From: Carlos Garcia Campos <carlosgc@gnome.org>
Date: Fri, 8 Dec 2017 11:11:38 +0100
Subject: [PATCH 1/2] gxps-images: fix integer overflow in png decoder

---
 libgxps/gxps-images.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c
index 98c7052..19cb1c0 100644
--- a/libgxps/gxps-images.c
+++ b/libgxps/gxps-images.c
@@ -286,7 +286,7 @@ gxps_images_create_from_png (GXPSArchive *zip,
 	}
 
 	stride = cairo_format_stride_for_width (format, png_width);
-	if (stride < 0) {
+	if (stride < 0 || png_height >= INT_MAX / stride) {
 		fill_png_error (error, image_uri, NULL);
 		g_object_unref (stream);
 		png_destroy_read_struct (&png, &info, NULL);
-- 
2.17.1
libgxps package update Signed-off-by: guibuilder_pel7x64builder0 <guibuilder@powerel.org> 6 years ago			`From 123dd99c6a1ae2ef6fcb5547e51fa58e8c954b51 Mon Sep 17 00:00:00 2001`
			`From: Carlos Garcia Campos <carlosgc@gnome.org>`
			`Date: Fri, 8 Dec 2017 11:11:38 +0100`
			`Subject: [PATCH 1/2] gxps-images: fix integer overflow in png decoder`

			`---`
			`libgxps/gxps-images.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c`
			`index 98c7052..19cb1c0 100644`
			`--- a/libgxps/gxps-images.c`
			`+++ b/libgxps/gxps-images.c`
			`@@ -286,7 +286,7 @@ gxps_images_create_from_png (GXPSArchive *zip,`
			`}`

			`stride = cairo_format_stride_for_width (format, png_width);`
			`- if (stride < 0) {`
			`+ if (stride < 0 \|\| png_height >= INT_MAX / stride) {`
			`fill_png_error (error, image_uri, NULL);`
			`g_object_unref (stream);`
			`png_destroy_read_struct (&png, &info, NULL);`
			`--`
			`2.17.1`