guix/gnu/packages/patches/icecat-CVE-2015-4491.patch
Mark H Weaver c037a0f7ce gnu: icecat: Add fixes for CVE-2015-{4473,4482,4488,4489,4491,4492}.
WARNING: CVE-2015-4473 may not be fully addressed here, because I was unable
to backport some of the patches (for upstream bugs 1182711 and 1146213).  I
was also unable to backport CVE-2015-4484 (upstream bug 1171540) and
CVE-2015-4487 (upstream bug 1171603).  I was unable to find any commit in the
upstream repository that claims to address bug 1105914 (CVE-2015-4478).

* gnu/packages/patches/icecat-CVE-2015-4473-partial.patch,
  gnu/packages/patches/icecat-CVE-2015-4482.patch,
  gnu/packages/patches/icecat-CVE-2015-4488.patch,
  gnu/packages/patches/icecat-CVE-2015-4489.patch,
  gnu/packages/patches/icecat-CVE-2015-4491.patch,
  gnu/packages/patches/icecat-CVE-2015-4492.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
2015-08-12 20:37:44 -04:00

41 lines
1.7 KiB
Diff

From c154557bc0aa7e310824717f3e829dd82e6726e4 Mon Sep 17 00:00:00 2001
From: Lee Salzman <lsalzman@mozilla.com>
Date: Tue, 21 Jul 2015 13:16:44 -0400
Subject: [PATCH] Bug 1184009 - Limit image preview sizes. r=acomminos,
a=lmandel
--HG--
extra : transplant_source : %9B%86%13%60%B2%97%F1%8Fb%CB%9C%8D%FBWo%C9%EBPs1
---
widget/gtk/nsFilePicker.cpp | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp
index 0b5a8dc..3c0d543 100644
--- a/widget/gtk/nsFilePicker.cpp
+++ b/widget/gtk/nsFilePicker.cpp
@@ -101,13 +101,16 @@ UpdateFilePreviewWidget(GtkFileChooser *file_chooser,
return;
}
- GdkPixbuf *preview_pixbuf;
+ GdkPixbuf *preview_pixbuf = nullptr;
// Only scale down images that are too big
if (preview_width > MAX_PREVIEW_SIZE || preview_height > MAX_PREVIEW_SIZE) {
- preview_pixbuf = gdk_pixbuf_new_from_file_at_size(image_filename,
- MAX_PREVIEW_SIZE,
- MAX_PREVIEW_SIZE,
- nullptr);
+ if (ceil(preview_width / double(MAX_PREVIEW_SIZE) + 1.0) *
+ ceil(preview_height / double(MAX_PREVIEW_SIZE) + 1.0) < 0x7FFFFF) {
+ preview_pixbuf = gdk_pixbuf_new_from_file_at_size(image_filename,
+ MAX_PREVIEW_SIZE,
+ MAX_PREVIEW_SIZE,
+ nullptr);
+ }
}
else {
preview_pixbuf = gdk_pixbuf_new_from_file(image_filename, nullptr);
--
2.4.3