From: Andrea Canciani <ranma42@gmail.com>
Date: Tue, 12 Oct 2010 13:38:20 +0000 (+0200)
Subject: Fix an overflow in the new radial gradient code
X-Git-Tag: 1.0_branch~429
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a966cd04c16ad0c34b0f17e9021a4f3532575ca4;p=profile%2Fivi%2Fpixman.git

Fix an overflow in the new radial gradient code

huge-radial in the cairo test suite pointed out an undocumented
overflow in the radial gradient code.
By casting to pixman_fixed_48_16_t before doing the operations,
the overflow can be avoided.
---

diff --git a/pixman/pixman-radial-gradient.c b/pixman/pixman-radial-gradient.c
index ed073ab..f0dcc96 100644
--- a/pixman/pixman-radial-gradient.c
+++ b/pixman/pixman-radial-gradient.c
@@ -290,10 +290,11 @@ radial_gradient_get_scanline_32 (pixman_image_t *image,
 	db = dot (unit.vector[0], unit.vector[1], 0,
 		  radial->delta.x, radial->delta.y, 0);
 
-	c = dot (v.vector[0], v.vector[1], -radial->c1.radius,
+	c = dot (v.vector[0], v.vector[1],
+		 -((pixman_fixed_48_16_t) radial->c1.radius),
 		 v.vector[0], v.vector[1], radial->c1.radius);
-	dc = dot (2 * v.vector[0] + unit.vector[0],
-		  2 * v.vector[1] + unit.vector[1],
+	dc = dot (2 * (pixman_fixed_48_16_t) v.vector[0] + unit.vector[0],
+		  2 * (pixman_fixed_48_16_t) v.vector[1] + unit.vector[1],
 		  0,
 		  unit.vector[0], unit.vector[1], 0);
 	ddc = 2 * dot (unit.vector[0], unit.vector[1], 0,