From ce57150203f8b8fa4527984f178cac8496d8afa9 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Fri, 18 Nov 2022 00:02:20 -0500
Subject: [PATCH 1/4] gsk: Add an assertion to help static analysis

clang gets wild ideas about negative radii otherwise.
---
 gsk/gskrendernodeimpl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gsk/gskrendernodeimpl.c b/gsk/gskrendernodeimpl.c
index 286269ec15..a797bafb49 100644
--- a/gsk/gskrendernodeimpl.c
+++ b/gsk/gskrendernodeimpl.c
@@ -4818,6 +4818,8 @@ blur_image_surface (cairo_surface_t *surface, int radius, int iterations)
   cairo_surface_t *tmp;
   int width, height;
 
+  g_assert (radius >= 0);
+
   width = cairo_image_surface_get_width (surface);
   height = cairo_image_surface_get_height (surface);
   tmp = cairo_image_surface_create (CAIRO_FORMAT_ARGB32, width, height);

From 95fc5109bbcfdb8c991d3c447916d6094e6d40bb Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Thu, 17 Nov 2022 23:21:19 -0500
Subject: [PATCH 2/4] composetable: Fix a memory leak

Pointed out by clang.
---
 gtk/gtkcomposetable.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gtk/gtkcomposetable.c b/gtk/gtkcomposetable.c
index 0a4f8fd750..37a70ec6a6 100644
--- a/gtk/gtkcomposetable.c
+++ b/gtk/gtkcomposetable.c
@@ -963,6 +963,7 @@ parser_get_compose_table (GtkComposeParser *parser)
           if (char_data->len >= 0x8000)
             {
               g_warning ("GTK can't handle compose tables this large (%s)", parser->compose_file ? parser->compose_file : "");
+              g_free (data);
               g_string_free (char_data, TRUE);
               return NULL;
             }

From 8c1a041104f22f0b20320c12d5bb3070b757e687 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Thu, 17 Nov 2022 23:51:28 -0500
Subject: [PATCH 3/4] gdk: Fix possible memory errors

clang complained that we may end up jumping
to the cleanup code without initializing data
in the jpeg code. Always initialize data to
NULL to prevent that eventuality.
---
 gdk/loaders/gdkjpeg.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gdk/loaders/gdkjpeg.c b/gdk/loaders/gdkjpeg.c
index d0520cf9e8..6eada9d515 100644
--- a/gdk/loaders/gdkjpeg.c
+++ b/gdk/loaders/gdkjpeg.c
@@ -141,7 +141,7 @@ gdk_load_jpeg (GBytes  *input_bytes,
   struct jpeg_decompress_struct info;
   struct error_handler_data jerr;
   guint width, height, stride;
-  unsigned char *data;
+  unsigned char *data = NULL;
   unsigned char *row[1];
   GBytes *bytes;
   GdkTexture *texture;
@@ -155,6 +155,7 @@ gdk_load_jpeg (GBytes  *input_bytes,
 
   if (sigsetjmp (jerr.setjmp_buffer, 1))
     {
+      g_free (data);
       jpeg_destroy_decompress (&info);
       return NULL;
     }
@@ -247,7 +248,7 @@ gdk_save_jpeg (GdkTexture *texture)
   struct jpeg_compress_struct info;
   struct error_handler_data jerr;
   struct jpeg_error_mgr err;
-  guchar *data;
+  guchar *data = NULL;
   gulong size = 0;
   guchar *input = NULL;
   GdkMemoryTexture *memtex = NULL;

From 9cbfbbdf39f002aa483e18abde0a762839202aa0 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Thu, 17 Nov 2022 23:52:35 -0500
Subject: [PATCH 4/4] stringsorter: Fix one case of collation handling

When not ignoring case, and not collating, we were
returning sort keys that were already freed. Oops.

Pointed out by clang.
---
 gtk/gtkstringsorter.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/gtk/gtkstringsorter.c b/gtk/gtkstringsorter.c
index 507adca17c..ed2a0ac34c 100644
--- a/gtk/gtkstringsorter.c
+++ b/gtk/gtkstringsorter.c
@@ -86,14 +86,20 @@ gtk_string_sorter_get_key (GtkExpression *expression,
   switch (collation)
     {
     case GTK_COLLATION_NONE:
-      key = s;
+      if (ignore_case)
+        key = g_steal_pointer (&s);
+      else
+        key = g_strdup (s);
       break;
+
     case GTK_COLLATION_UNICODE:
       key = g_utf8_collate_key (s, -1);
       break;
+
     case GTK_COLLATION_FILENAME:
       key = g_utf8_collate_key_for_filename (s, -1);
       break;
+
     default:
       g_assert_not_reached ();
       break;