From 3eb4ec89f3da940e89f9f45fdb7f52d928a75561 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Wed, 10 Feb 2021 19:13:36 -0500
Subject: [PATCH] css: Avoid an invalid read

This was broken in ea7185bdb1ba423495340a9b880e619a861064fd.

Pointed out by Christian Hergert.
---
 gtk/gtkcssfiltervalue.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/gtk/gtkcssfiltervalue.c b/gtk/gtkcssfiltervalue.c
index c1c281c1e2..ed334979cb 100644
--- a/gtk/gtkcssfiltervalue.c
+++ b/gtk/gtkcssfiltervalue.c
@@ -991,10 +991,13 @@ gtk_css_filter_value_pop_snapshot (const GtkCssValue *filter,
       if (i < j)
         gtk_snapshot_pop (snapshot);
 
-      if (filter->filters[j].type == GTK_CSS_FILTER_BLUR)
-        gtk_snapshot_pop (snapshot);
-      else if (filter->filters[j].type == GTK_CSS_FILTER_DROP_SHADOW)
-        gtk_css_shadow_value_pop_snapshot (filter->filters[j].drop_shadow.value, snapshot);
+      if (j < filter->n_filters)
+        {
+          if (filter->filters[j].type == GTK_CSS_FILTER_BLUR)
+            gtk_snapshot_pop (snapshot);
+          else if (filter->filters[j].type == GTK_CSS_FILTER_DROP_SHADOW)
+            gtk_css_shadow_value_pop_snapshot (filter->filters[j].drop_shadow.value, snapshot);
+        }
 
       i = j + 1;
     }