$OpenBSD: patch-xwindow_x_imagelib_gdk_c,v 1.1 2005/03/11 21:30:14 robert Exp $
--- xwindow/x_imagelib_gdk.c.orig	Fri Mar 11 21:52:55 2005
+++ xwindow/x_imagelib_gdk.c	Fri Mar 11 21:57:26 2005
@@ -294,6 +294,12 @@
 	unsigned char *pixel ;
 	int i, j ;
 
+	if( !width || !height)
+		return -1;
+	
+	if( width > ((SIZE_MAX / 4) - 2) / height)
+		return -1; /* integer overflow */
+		
 	*cardinal = malloc( (width * height + 2) *4) ;
 	if( !(*cardinal))
 		return  -1 ;
@@ -356,7 +362,7 @@
 	int blue
 	)
 {
-	int  closest ;
+	int  closest = 0 ;
 	int  i ;
 	unsigned long  min = 0xffffff ;
 	unsigned long  diff ;
@@ -831,6 +837,9 @@
 
 	width = gdk_pixbuf_get_width( pixbuf) ;
 	height = gdk_pixbuf_get_height( pixbuf) ;
+	
+	if( !width || !height)
+		return	NULL ;
 
 	r_mask = vinfo[0].red_mask ;
 	g_mask = vinfo[0].green_mask ;
@@ -851,6 +860,9 @@
 		int r_limit, g_limit, b_limit ;
 		u_int16_t *data ;
 
+		if( width > (SIZE_MAX / 2) / height)
+			return	NULL ;
+			
 		data = (u_int16_t *)malloc( width *  height * 2) ;
 		if( !data)
 			return  NULL ;
@@ -883,6 +895,9 @@
 	{
 		u_int32_t *  data ;
 
+		if( width > (SIZE_MAX / 4) / height)
+			return	NULL;
+			
 		data = (u_int32_t *)malloc( width *  height * 4) ;
 		if( !data)
 			return  NULL;
