$OpenBSD: patch-xwindow_x_imagelib_gdk_c,v 1.2 2012/12/14 18:33:03 naddy Exp $
--- xwindow/x_imagelib_gdk.c.orig	Fri May  7 07:43:53 2004
+++ xwindow/x_imagelib_gdk.c	Fri Dec 14 19:31:46 2012
@@ -294,6 +294,12 @@ create_cardinals_from_bixbuf(
 	unsigned char *pixel ;
 	int i, j ;
 
+	if( !width || !height)
+		return -1;
+	
+	if( width > ((SIZE_MAX / 4) - 2) / height)
+		return -1; /* integer overflow */
+		
 	*cardinal = malloc( (width * height + 2) *4) ;
 	if( !(*cardinal))
 		return  -1 ;
@@ -356,7 +362,7 @@ closest_color_index(
 	int blue
 	)
 {
-	int  closest ;
+	int  closest = 0 ;
 	int  i ;
 	unsigned long  min = 0xffffff ;
 	unsigned long  diff ;
@@ -831,6 +837,9 @@ pixbuf_to_ximage_truecolor(
 
 	width = gdk_pixbuf_get_width( pixbuf) ;
 	height = gdk_pixbuf_get_height( pixbuf) ;
+	
+	if( !width || !height)
+		return	NULL ;
 
 	r_mask = vinfo[0].red_mask ;
 	g_mask = vinfo[0].green_mask ;
@@ -851,6 +860,9 @@ pixbuf_to_ximage_truecolor(
 		int r_limit, g_limit, b_limit ;
 		u_int16_t *data ;
 
+		if( width > (SIZE_MAX / 2) / height)
+			return	NULL ;
+			
 		data = (u_int16_t *)malloc( width *  height * 2) ;
 		if( !data)
 			return  NULL ;
@@ -883,6 +895,9 @@ pixbuf_to_ximage_truecolor(
 	{
 		u_int32_t *  data ;
 
+		if( width > (SIZE_MAX / 4) / height)
+			return	NULL;
+			
 		data = (u_int32_t *)malloc( width *  height * 4) ;
 		if( !data)
 			return  NULL;
