css: Don't crash when color stop offsets descend

author Benjamin Otte <otte@redhat.com>

Wed, 10 Nov 2021 16:26:13 +0000 (17:26 +0100)

committer Benjamin Otte <otte@redhat.com>

Wed, 10 Nov 2021 16:28:14 +0000 (17:28 +0100)
author Benjamin Otte <otte@redhat.com>
Wed, 10 Nov 2021 16:26:13 +0000 (17:26 +0100)
committer Benjamin Otte <otte@redhat.com>
Wed, 10 Nov 2021 16:28:14 +0000 (17:28 +0100)
diff --git a/gtk/gtkcssimageradial.c b/gtk/gtkcssimageradial.c

index 4b36a1e16568321f4bc35b9218cc18d29b9540c3..d43bf75173f8fa36856201255cf5b4ef01332214 100644 (file)
--- a/gtk/gtkcssimageradial.c
+++ b/gtk/gtkcssimageradial.c
@@ -178,7 +178,7 @@ gtk_css_image_radial_snapshot (GtkCssImage *image,
        else
          pos = MIN (1.0, _gtk_css_number_value_get (stop->offset, hradius) / hradius);
  
-      pos = MAX (pos, 0);
+      pos = MAX (pos, offset);
        step = (pos - offset) / (i - last);
        for (last = last + 1; last <= i; last++)
          {
diff --git a/testsuite/reftests/css-radial-gradient-colorstop-crash.css b/testsuite/reftests/css-radial-gradient-colorstop-crash.css

new file mode 100644 (file)

index 0000000..bc64f2e
--- /dev/null
+++ b/testsuite/reftests/css-radial-gradient-colorstop-crash.css
@@ -0,0 +1,7 @@
+window {
+  background: red;
+}
+
+#test {
+  background: radial-gradient(circle, red 100%, blue 0%, red 100%);
+}
diff --git a/testsuite/reftests/css-radial-gradient-colorstop-crash.ref.ui b/testsuite/reftests/css-radial-gradient-colorstop-crash.ref.ui

new file mode 100644 (file)

index 0000000..778a999
--- /dev/null
+++ b/testsuite/reftests/css-radial-gradient-colorstop-crash.ref.ui
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<interface>
+  <object class="GtkWindow">
+    <property name="width_request">10</property>
+    <property name="height_request">10</property>
+    <property name="decorated">0</property>
+  </object>
+</interface>
diff --git a/testsuite/reftests/css-radial-gradient-colorstop-crash.ui b/testsuite/reftests/css-radial-gradient-colorstop-crash.ui

new file mode 100644 (file)

index 0000000..75379ad
--- /dev/null
+++ b/testsuite/reftests/css-radial-gradient-colorstop-crash.ui
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<interface>
+  <object class="GtkWindow">
+    <property name="name">test</property>
+    <property name="width_request">10</property>
+    <property name="height_request">10</property>
+    <property name="decorated">0</property>
+  </object>
+</interface>
diff --git a/testsuite/reftests/meson.build b/testsuite/reftests/meson.build

index 8ef810ae7d66c928f8e8596eebb746c33e85d7a0..f66ace543c69f8d272ce5bda5a4848303408feb5 100644 (file)
--- a/testsuite/reftests/meson.build
+++ b/testsuite/reftests/meson.build
@@ -258,6 +258,9 @@ testdata = [
    'css-multi-state.css',
    'css-multi-state.ref.ui',
    'css-multi-state.ui',
+  'css-radial-gradient-colorstop-crash.css',
+  'css-radial-gradient-colorstop-crash.ref.ui',
+  'css-radial-gradient-colorstop-crash.ui',
    'data-url.css',
    'data-url.ref.ui',
    'data-url.ui',
author	Benjamin Otte <otte@redhat.com>
	Wed, 10 Nov 2021 16:26:13 +0000 (17:26 +0100)
committer	Benjamin Otte <otte@redhat.com>
	Wed, 10 Nov 2021 16:28:14 +0000 (17:28 +0100)
gtk/gtkcssimageradial.c		patch \| blob \| history
testsuite/reftests/css-radial-gradient-colorstop-crash.css	[new file with mode: 0644]	patch \| blob
testsuite/reftests/css-radial-gradient-colorstop-crash.ref.ui	[new file with mode: 0644]	patch \| blob
testsuite/reftests/css-radial-gradient-colorstop-crash.ui	[new file with mode: 0644]	patch \| blob
testsuite/reftests/meson.build		patch \| blob \| history