Check the number of scanned items. (#168906, Morten Welinder)

2005-03-03  Matthias Clasen  <mclasen@redhat.com>

	* io-xpm.c (pixbuf_create_from_xpm): Check the number
	of scanned items.  (#168906, Morten Welinder)

diff --git a/gdk-pixbuf/ChangeLog b/gdk-pixbuf/ChangeLog
index b03ae2395801b6ab36fa16593bb0272e15700aef..922ee94b51900237d6f60be3c2734926ab4bf480 100644 (file)
--- a/gdk-pixbuf/ChangeLog
+++ b/gdk-pixbuf/ChangeLog
@@ -1,5 +1,8 @@
 2005-03-03  Matthias Clasen  <mclasen@redhat.com>
 
+       * io-xpm.c (pixbuf_create_from_xpm): Check the number
+       of scanned items.  (#168906, Morten Welinder)
+
        Make the gif loader handle oom when loading 
        animations.  (#168857, Tommi Komulainen)
        

diff --git a/gdk-pixbuf/io-xpm.c b/gdk-pixbuf/io-xpm.c
index 2125b9c454ab90211de8eabdf50748c23e1d38ee..45a7cae46265da9ff42a731b2a4a867c066927a6 100644 (file)
--- a/gdk-pixbuf/io-xpm.c
+++ b/gdk-pixbuf/io-xpm.c
@@ -1230,6 +1230,15 @@ pixbuf_create_from_xpm (const gchar * (*get_buf) (enum buf_op op, gpointer handl
                return NULL;
        }
        items = sscanf (buffer, "%d %d %d %d %d %d", &w, &h, &n_col, &cpp, &x_hot, &y_hot);
+
+       if (items != 4 && items != 6) {
+               g_set_error (error,
+                             GDK_PIXBUF_ERROR,
+                             GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+                             _("Invalid XPM header"));
+               return NULL;
+       }
+
        if (w <= 0) {
                 g_set_error (error,
                              GDK_PIXBUF_ERROR,