roytam1/basilisk55
1
0
Fork 0
mirror of https://github.com/roytam1/basilisk55.git synced 2026-05-26 05:02:25 +00:00
Code Issues Projects Releases Wiki Activity

import from UXP: [gfx] Fix integer overflow in cairo PDF surface image emission (121a74e1)

Browse Source
This commit is contained in:
roytam1
2026-05-08 07:07:08 +08:00
parent 44d151de02
commit ccd5312757
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
gfx/cairo/cairo/src/cairo-pdf-surface.c
+7 -5
View File
@@ -1743,7 +1743,8 @@ _cairo_pdf_surface_emit_smask (cairo_pdf_surface_t *surface,
unsigned long alpha_size;
uint32_t *pixel32;
uint8_t *pixel8;
int i, x, y;
int x, y;
unsigned long i;
cairo_bool_t opaque;
uint8_t a;
@@ -1755,10 +1756,10 @@ _cairo_pdf_surface_emit_smask (cairo_pdf_surface_t *surface,
stream_ret->id = 0;
if (image->format == CAIRO_FORMAT_A1) {
alpha_size = (image->width + 7) / 8 * image->height;
alpha_size = (unsigned long) ((image->width + 7) / 8) * image->height;
alpha = _cairo_malloc_ab ((image->width+7) / 8, image->height);
} else {
alpha_size = image->height * image->width;
alpha_size = (unsigned long) image->height * image->width;
alpha = _cairo_malloc_ab (image->height, image->width);
}
@@ -1841,7 +1842,8 @@ _cairo_pdf_surface_emit_image (cairo_pdf_surface_t *surface,
char *rgb;
unsigned long rgb_size;
uint32_t *pixel;
int i, x, y;
int x, y;
unsigned long i;
cairo_pdf_resource_t smask = {0}; /* squelch bogus compiler warning */
cairo_bool_t need_smask;
const char *interpolate = "true";
@@ -1856,7 +1858,7 @@ _cairo_pdf_surface_emit_image (cairo_pdf_surface_t *surface,
image->format == CAIRO_FORMAT_A8 ||
image->format == CAIRO_FORMAT_A1);
rgb_size = image->height * image->width * 3;
rgb_size = (unsigned long) image->height * image->width * 3;
rgb = _cairo_malloc_abc (image->width, image->height, 3);
if (unlikely (rgb == NULL)) {
status = _cairo_error (CAIRO_STATUS_NO_MEMORY);