media-gfx/eom: Revbump to 1.10.5-r2, resolves #574376

Package-Manager: portage-2.2.26

2 files changed, 29 insertions, 0 deletions

diff --git a/media-gfx/eom/eom-1.10.5-r1.ebuild b/media-gfx/eom/eom-1.10.5-r2.ebuild
index 731c3b38ef3e..67144a8d3831 100644
--- a/media-gfx/eom/eom-1.10.5-r1.ebuild
+++ b/media-gfx/eom/eom-1.10.5-r2.ebuild
@@ -64,6 +64,7 @@ pkg_setup() {
 
 src_prepare() {
 	epatch "${FILESDIR}/eom-1.10-fix-introspection.patch"
+	epatch "${FILESDIR}/eom-cve-2013-7447.patch"
 	eautoreconf
 }
 
diff --git a/media-gfx/eom/files/eom-cve-2013-7447.patch b/media-gfx/eom/files/eom-cve-2013-7447.patch
new file mode 100644
index 000000000000..410b433eb34a
--- /dev/null
+++ b/media-gfx/eom/files/eom-cve-2013-7447.patch
@@ -0,0 +1,28 @@
+From b7849cc5b6e7fd741ef04e334f586266a444ef8a Mon Sep 17 00:00:00 2001
+From: monsta <monsta@inbox.ru>
+Date: Wed, 10 Feb 2016 14:52:54 +0300
+Subject: [PATCH] avoid integer overflow when allocating a large block of
+ memory
+
+it's the same issue as in gdk_cairo_set_source_pixbuf since the code
+is apparently copied from there.
+
+fix is taken from
+https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
+---
+ src/eom-print-preview.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/eom-print-preview.c b/src/eom-print-preview.c
+index f9f005f..7dc2a8a 100644
+--- a/src/eom-print-preview.c
++++ b/src/eom-print-preview.c
+@@ -732,7 +732,7 @@ create_surface_from_pixbuf (GdkPixbuf *pixbuf)
+     format = CAIRO_FORMAT_ARGB32;
+ 
+   cairo_stride = cairo_format_stride_for_width (format, width);
+-  cairo_pixels = g_malloc (height * cairo_stride);
++  cairo_pixels = g_malloc_n (height, cairo_stride);
+   surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
+ 						 format,
+ 						 width, height, cairo_stride);