File gtk3-bsc957399-gdkcairo-surface-error.patch of Package gtk3.1686

From 40f2af665d59f2732ac587734b4958682d5f7c7d Mon Sep 17 00:00:00 2001
From: Benjamin Otte <otte@redhat.com>
Date: Sat, 21 Feb 2015 00:03:49 +0100
Subject: [PATCH] gdkcairo: Bail if surface is in error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Don't try to paint onto an error surface. This happens for example when
gdk_cairo_set_source_pixbuf() is called with a pixbuf that is too big
for Cairo to handle.

Spotted by Christian Boxdörfer
---
 gdk/gdkcairo.c            |  3 +++
 testsuite/gdk/Makefile.am |  5 +++--
 testsuite/gdk/cairo.c     | 40 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 46 insertions(+), 2 deletions(-)
 create mode 100644 testsuite/gdk/cairo.c

diff --git a/gdk/gdkcairo.c b/gdk/gdkcairo.c
index bb7f33e..633b391 100644
--- a/gdk/gdkcairo.c
+++ b/gdk/gdkcairo.c
@@ -185,6 +185,9 @@ gdk_cairo_surface_paint_pixbuf (cairo_surface_t *surface,
   int n_channels;
   int j;
 
+  if (cairo_surface_status (surface) != CAIRO_STATUS_SUCCESS)
+    return;
+
   /* This function can't just copy any pixbuf to any surface, be
    * sure to read the invariants here before calling it */
 
diff --git a/testsuite/gdk/Makefile.am b/testsuite/gdk/Makefile.am
index 5b0d30f..32b018a 100644
--- a/testsuite/gdk/Makefile.am
+++ b/testsuite/gdk/Makefile.am
@@ -18,10 +18,11 @@ LDADD = 				\
 #TEST_PROGS              += check-gdk-cairo
 
 TEST_PROGS += 				\
-	rgba				\
-	encoding			\
+	cairo				\
 	display				\
+	encoding			\
 	keysyms				\
+	rgba				\
 	$(NULL)
 
 CLEANFILES = 			\
diff --git a/testsuite/gdk/cairo.c b/testsuite/gdk/cairo.c
new file mode 100644
index 0000000..77be879
--- /dev/null
+++ b/testsuite/gdk/cairo.c
@@ -0,0 +1,40 @@
+#include <gdk/gdk.h>
+
+static void
+test_set_source_big_pixbuf (void)
+{
+  cairo_surface_t *surface;
+  GdkPixbuf *pixbuf;
+  cairo_t *cr;
+
+#define WAY_TOO_BIG 65540
+
+  /* Check that too big really is to big.
+   * If this check fails, somebody improved Cairo and this test is useless.
+   */
+  surface = cairo_image_surface_create (CAIRO_FORMAT_ARGB32, WAY_TOO_BIG, 1);
+  g_assert_cmpint (cairo_surface_status (surface), !=, CAIRO_STATUS_SUCCESS);
+  cairo_surface_destroy (surface);
+
+  surface = cairo_image_surface_create (CAIRO_FORMAT_ARGB32, 10, 10);
+  cr = cairo_create (surface);
+  pixbuf = gdk_pixbuf_new (GDK_COLORSPACE_RGB, FALSE, 8, WAY_TOO_BIG, 1);
+
+  gdk_cairo_set_source_pixbuf (cr, pixbuf, 0, 0);
+  g_assert_cmpint (cairo_status (cr), !=, CAIRO_STATUS_SUCCESS);
+
+  g_object_unref (pixbuf);
+  cairo_destroy (cr);
+  cairo_surface_destroy (surface);
+}
+
+int
+main (int argc, char *argv[])
+{
+  g_test_init (&argc, &argv, NULL);
+  gdk_init (&argc, &argv);
+
+  g_test_add_func ("/drawing/set-source-big-pixbuf", test_set_source_big_pixbuf);
+
+  return g_test_run ();
+}
-- 
2.6.2