gtk_menu_item_size_allocate bug

[mike engber <engber eazel com>]

There's some code in gtk_menu_item_size_allocate that
can have unsigned arithmetic overflow. (the PR2 release of
Nautilus runs into this when it creates the desktop)

Specifically:
   child_allocation.width -= GTK_MENU_ITEM (widget)->toggle_size;

And a similar expr occurs right below it:

   if (menu_item->submenu && menu_item->show_submenu_indicator)
      child_allocation.width -= 21;

Since the code immediately above this goes to some trouble to avoid
this kind of problem (by casting the expr signed and MAXing with 1)
I assume that these subsequent lines should exercise similar care.

Below is a proposed patch. I kept to the same style of using MAX/MIN
rather than explicit if-else tests - which I think would be more
readable.

-ME

---

Index: gtkmenuitem.c
===================================================================
RCS file: /cvs/gnome/gtk+/gtk/gtkmenuitem.c,v
retrieving revision 1.36.2.2
diff -p -u -r1.36.2.2 gtkmenuitem.c
--- gtkmenuitem.c       1999/09/03 16:51:12     1.36.2.2
+++ gtkmenuitem.c       2000/11/16 02:03:18
@@ -400,9 +400,9 @@ gtk_menu_item_size_allocate (GtkWidget  
       child_allocation.width = MAX (1, (gint)allocation->width -
child_allocation.x * 2);
       child_allocation.height = MAX (1, (gint)allocation->height -
child_allocation.y * 2);
       child_allocation.x += GTK_MENU_ITEM (widget)->toggle_size;
-      child_allocation.width -= GTK_MENU_ITEM (widget)->toggle_size;
+      child_allocation.width -= MIN (child_allocation.width,
GTK_MENU_ITEM (widget)->toggle_size);
       if (menu_item->submenu && menu_item->show_submenu_indicator)
-       child_allocation.width -= 21;
+       child_allocation.width -= MIN (child_allocation.width, 21);
       
       gtk_widget_size_allocate (bin->child, &child_allocation);
     }