From 107f8447818e50ba61221ca2ab0871347b7d6596 Mon Sep 17 00:00:00 2001
From: Caolán McNamara <caolanm@redhat.com>
Date: Wed, 9 May 2012 09:17:42 +0100
Subject: Related: fdo#48961 don't crash on silly pixmap sizes

Change-Id: I43dbe846160d19b203ad6bed06e807d4fbf7ce56
---
 canvas/source/cairo/cairo_xlib_cairo.cxx | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

(limited to 'canvas')

diff --git a/canvas/source/cairo/cairo_xlib_cairo.cxx b/canvas/source/cairo/cairo_xlib_cairo.cxx
index df14fcecb24c..0259154c043e 100644
--- a/canvas/source/cairo/cairo_xlib_cairo.cxx
+++ b/canvas/source/cairo/cairo_xlib_cairo.cxx
@@ -40,6 +40,24 @@
 #include <vcl/virdev.hxx>
 #include <basegfx/vector/b2isize.hxx>
 
+namespace
+{
+    Pixmap limitXCreatePixmap(Display *display, Drawable d, unsigned int width, unsigned int height, unsigned int depth)
+    {
+        // The X protocol request CreatePixmap puts an upper bound
+        // of 16 bit to the size.
+        //
+        // see, e.g. moz#424333, fdo#48961
+        // we've a duplicate of this in vcl :-(
+        if (width > SAL_MAX_INT16 || height > SAL_MAX_INT16)
+        {
+            SAL_WARN("canvas", "overlarge pixmap: " << width << " x " << height);
+            return None;
+        }
+        return XCreatePixmap(display, d, width, height, depth);
+    }
+}
+
 namespace cairo
 {
 
@@ -232,7 +250,7 @@ namespace cairo
             }
 
             pFormat = XRenderFindStandardFormat( (Display*)maSysData.pDisplay, nFormat );
-            hPixmap = XCreatePixmap( (Display*)maSysData.pDisplay, maSysData.hDrawable,
+            hPixmap = limitXCreatePixmap( (Display*)maSysData.pDisplay, maSysData.hDrawable,
                                      width > 0 ? width : 1, height > 0 ? height : 1,
                                      pFormat->depth );
 
-- 
cgit