From d7dcf9d28fdf05c8acabd8ed3dc25e0cf279e61e Mon Sep 17 00:00:00 2001
From: Chris Wilson <chris@chris-wilson.co.uk>
Date: Mon, 5 Dec 2011 14:42:15 +0000
Subject: gl: Check against user-provided invalid sizes

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
---
 src/cairo-egl-context.c | 3 +++
 src/cairo-glx-context.c | 3 +++
 src/cairo-wgl-context.c | 3 +++
 3 files changed, 9 insertions(+)

(limited to 'src')

diff --git a/src/cairo-egl-context.c b/src/cairo-egl-context.c
index ec238526..00bfcbf9 100644
--- a/src/cairo-egl-context.c
+++ b/src/cairo-egl-context.c
@@ -218,6 +218,9 @@ cairo_gl_surface_create_for_egl (cairo_device_t	*device,
     if (device->backend->type != CAIRO_DEVICE_TYPE_GL)
 	return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_SURFACE_TYPE_MISMATCH));
 
+    if (width <= 0 || height <= 0)
+        return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_INVALID_SIZE));
+
     surface = calloc (1, sizeof (cairo_egl_surface_t));
     if (unlikely (surface == NULL))
 	return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY));
diff --git a/src/cairo-glx-context.c b/src/cairo-glx-context.c
index f89fa32c..512bee8d 100644
--- a/src/cairo-glx-context.c
+++ b/src/cairo-glx-context.c
@@ -265,6 +265,9 @@ cairo_gl_surface_create_for_window (cairo_device_t	*device,
     if (device->backend->type != CAIRO_DEVICE_TYPE_GL)
 	return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_SURFACE_TYPE_MISMATCH));
 
+    if (width <= 0 || height <= 0)
+        return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_INVALID_SIZE));
+
     surface = calloc (1, sizeof (cairo_glx_surface_t));
     if (unlikely (surface == NULL))
 	return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY));
diff --git a/src/cairo-wgl-context.c b/src/cairo-wgl-context.c
index 82f12110..48723744 100644
--- a/src/cairo-wgl-context.c
+++ b/src/cairo-wgl-context.c
@@ -246,6 +246,9 @@ cairo_gl_surface_create_for_dc (cairo_device_t	*device,
     if (device->backend->type != CAIRO_DEVICE_TYPE_GL)
         return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_SURFACE_TYPE_MISMATCH));
 
+    if (width <= 0 || height <= 0)
+        return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_INVALID_SIZE));
+
     surface = calloc (1, sizeof (cairo_wgl_surface_t));
     if (unlikely (surface == NULL))
         return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY));
-- 
cgit v1.2.3