projects / gtk4.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6c85a4b)
css: Avoid an invalid read
authorMatthias Clasen <mclasen@redhat.com>
Thu, 11 Feb 2021 00:13:36 +0000 (19:13 -0500)
committerMatthias Clasen <mclasen@redhat.com>
Thu, 11 Feb 2021 00:13:36 +0000 (19:13 -0500)
This was broken in ea7185bdb1ba423495340a9b880e619a861064fd.

Pointed out by Christian Hergert.

gtk/gtkcssfiltervalue.c patch | blob | history

diff --git a/gtk/gtkcssfiltervalue.c b/gtk/gtkcssfiltervalue.c
index c1c281c1e2d2f41d33e9ab0aafb5147826be8062..ed334979cb6a1f51231a3123f8647ffd7a3e9911 100644 (file)
--- a/gtk/gtkcssfiltervalue.c
+++ b/gtk/gtkcssfiltervalue.c
@@ -991,10 +991,13 @@ gtk_css_filter_value_pop_snapshot (const GtkCssValue *filter,
       if (i < j)
         gtk_snapshot_pop (snapshot);
 
-      if (filter->filters[j].type == GTK_CSS_FILTER_BLUR)
-        gtk_snapshot_pop (snapshot);
-      else if (filter->filters[j].type == GTK_CSS_FILTER_DROP_SHADOW)
-        gtk_css_shadow_value_pop_snapshot (filter->filters[j].drop_shadow.value, snapshot);
+      if (j < filter->n_filters)
+        {
+          if (filter->filters[j].type == GTK_CSS_FILTER_BLUR)
+            gtk_snapshot_pop (snapshot);
+          else if (filter->filters[j].type == GTK_CSS_FILTER_DROP_SHADOW)
+            gtk_css_shadow_value_pop_snapshot (filter->filters[j].drop_shadow.value, snapshot);
+        }
 
       i = j + 1;
     }
Unnamed repository; edit this file 'description' to name the repository.