pull fix from upstream (Philip Lafleur <plafleur@cvs.gnome.org>)

* app/paint/gimpink-blob.c (blob_make_convex): Check if the
	array index is legal before using it, not the other way around.
	Fixes bug #144856.

fixes out of bounds read noticed by Alf Schlichting
<a.schlichting@lemarit.com> with malloc.conf
ok brad@
This commit is contained in:
david 2004-08-04 03:58:13 +00:00
parent de8b8eebad
commit 2ac5c3f75f

View File

@ -0,0 +1,21 @@
$OpenBSD: patch-app_blob_c,v 1.1 2004/08/04 03:58:13 david Exp $
--- app/blob.c.orig Sat Dec 16 15:36:51 2000
+++ app/blob.c Wed Jul 28 12:08:51 2004
@@ -239,7 +239,7 @@ blob_make_convex (Blob *b, EdgeType *pre
{
present[i2] &= ~EDGE_LEFT;
i2 = i1;
- while (!(present[--i1] & EDGE_LEFT) && i1>=start);
+ while ((--i1) >= start && (! (present[i1] & EDGE_LEFT)));
if (i1<start)
{
@@ -279,7 +279,7 @@ blob_make_convex (Blob *b, EdgeType *pre
{
present[i2] &= ~EDGE_RIGHT;
i2 = i1;
- while (!(present[--i1] & EDGE_RIGHT) && i1>=start);
+ while ((--i1) >= start && (! (present[i1] & EDGE_RIGHT)));
if (i1<start)
{