guix/gnu/packages/patches/icecat-CVE-2015-4491.patch

From c154557bc0aa7e310824717f3e829dd82e6726e4 Mon Sep 17 00:00:00 2001
From: Lee Salzman <lsalzman@mozilla.com>
Date: Tue, 21 Jul 2015 13:16:44 -0400
Subject: [PATCH] Bug 1184009 - Limit image preview sizes. r=acomminos,
 a=lmandel

--HG--
extra : transplant_source : %9B%86%13%60%B2%97%F1%8Fb%CB%9C%8D%FBWo%C9%EBPs1
---
 widget/gtk/nsFilePicker.cpp | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/widget/gtk/nsFilePicker.cpp b/widget/gtk/nsFilePicker.cpp
index 0b5a8dc..3c0d543 100644
--- a/widget/gtk/nsFilePicker.cpp
+++ b/widget/gtk/nsFilePicker.cpp
@@ -101,13 +101,16 @@ UpdateFilePreviewWidget(GtkFileChooser *file_chooser,
     return;
   }
 
-  GdkPixbuf *preview_pixbuf;
+  GdkPixbuf *preview_pixbuf = nullptr;
   // Only scale down images that are too big
   if (preview_width > MAX_PREVIEW_SIZE || preview_height > MAX_PREVIEW_SIZE) {
-    preview_pixbuf = gdk_pixbuf_new_from_file_at_size(image_filename,
-                                                      MAX_PREVIEW_SIZE,
-                                                      MAX_PREVIEW_SIZE,
-                                                      nullptr);
+    if (ceil(preview_width / double(MAX_PREVIEW_SIZE) + 1.0) *
+          ceil(preview_height / double(MAX_PREVIEW_SIZE) + 1.0) < 0x7FFFFF) {
+      preview_pixbuf = gdk_pixbuf_new_from_file_at_size(image_filename,
+                                                        MAX_PREVIEW_SIZE,
+                                                        MAX_PREVIEW_SIZE,
+                                                        nullptr);
+    }
   }
   else {
     preview_pixbuf = gdk_pixbuf_new_from_file(image_filename, nullptr);
-- 
2.4.3