From 4615ad8d8333a500640c65c8324163b36ebd3539 Mon Sep 17 00:00:00 2001
From: Tony Cook <tony@develop-help.com>
Date: Wed, 2 Jan 2019 18:39:28 +1100
Subject: [PATCH] gradgen allocated sizeof(i_color *) per entry rather than
 sizeof(i_color)

i_color is four bytes, so this is safe on any arch I've used.
---
 Changes   | 3 +++
 Imager.xs | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/Changes b/Changes
index 2d6f454b..02bb4040 100644
--- a/Changes
+++ b/Changes
@@ -61,6 +61,9 @@ High severity:
  - avoid accessing a possibly NULL map from MakeMapObject() in a
    logging call. (GIF) CID 185296.
 
+ - gradgen() allocated the wrong amount of space (always too much) for
+   the color array.  CID 185291.
+
 Imager 1.008 - 31 Dec 2018
 ============
 
diff --git a/Imager.xs b/Imager.xs
index dffe2d29..e184078a 100644
--- a/Imager.xs
+++ b/Imager.xs
@@ -141,7 +141,7 @@ calloc_temp(pTHX_ size_t size) {
 #define i_img_dimPtr(size) ((i_img_dim *)calloc_temp(aTHX_ sizeof(i_img_dim) * (size)))
 #define SvI_img_dim(sv, pname) (SvIV(sv))
 
-#define i_colorPtr(size) ((i_color *)calloc_temp(aTHX_ sizeof(i_color *) * (size)))
+#define i_colorPtr(size) ((i_color *)calloc_temp(aTHX_ sizeof(i_color) * (size)))
 
 #define SvI_color(sv, pname) S_sv_to_i_color(aTHX_ sv, pname)
 
-- 
2.39.2