reject 0-sized buffers as corrupt header data. Fixes bug #171707.

author Manish Singh <yosh@gimp.org>

Mon, 28 Mar 2005 04:01:25 +0000 (04:01 +0000)

committer Manish Singh <yosh@src.gnome.org>

Mon, 28 Mar 2005 04:01:25 +0000 (04:01 +0000)
author Manish Singh <yosh@gimp.org>
Mon, 28 Mar 2005 04:01:25 +0000 (04:01 +0000)
committer Manish Singh <yosh@src.gnome.org>
Mon, 28 Mar 2005 04:01:25 +0000 (04:01 +0000)
diff --git a/gdk-pixbuf/ChangeLog b/gdk-pixbuf/ChangeLog

index 9830f95f9b0f540f3315fcfa1a8cd519f973e649..dea1fc5e834cffdce15a00a07c40fb26bdeb79c5 100644 (file)
--- a/gdk-pixbuf/ChangeLog
+++ b/gdk-pixbuf/ChangeLog
@@ -1,3 +1,8 @@
+Sun Mar 27 19:59:52 2005  Manish Singh  <yosh@gimp.org>
+
+       * io-bmp.c (grow_buffer): reject 0-sized buffers as corrupt header
+       data. Fixes bug #171707.
+
  2005-03-25  Matthias Clasen  <mclasen@redhat.com>
  
         * gdk-pixbuf-data.c (gdk_pixbuf_new_from_data): Use canonical
diff --git a/gdk-pixbuf/io-bmp.c b/gdk-pixbuf/io-bmp.c

index 82882048dc41deace84d864976cc8504eb175ffe..5b70ea047d3dff7fb4aced818fb77b4d62b1f5d3 100644 (file)
--- a/gdk-pixbuf/io-bmp.c
+++ b/gdk-pixbuf/io-bmp.c
@@ -219,7 +219,19 @@ lsb_16 (guchar *src)
  static gboolean grow_buffer (struct bmp_progressive_state *State,
                               GError **error)
  {
-  guchar *tmp = g_try_realloc (State->buff, State->BufferSize);
+  guchar *tmp;
+
+  if (State->BufferSize == 0) {
+    g_set_error (error,
+                GDK_PIXBUF_ERROR,
+                GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+                _("BMP image has bogus header data"));
+    State->read_state = READ_STATE_ERROR;
+    return FALSE;
+  }
+
+  tmp = g_try_realloc (State->buff, State->BufferSize);
+
    if (!tmp) {
      g_set_error (error,
                  GDK_PIXBUF_ERROR,
@@ -228,6 +240,7 @@ static gboolean grow_buffer (struct bmp_progressive_state *State,
      State->read_state = READ_STATE_ERROR;
      return FALSE;
    }
+
    State->buff = tmp;
    return TRUE;
  }
author	Manish Singh <yosh@gimp.org>
	Mon, 28 Mar 2005 04:01:25 +0000 (04:01 +0000)
committer	Manish Singh <yosh@src.gnome.org>
	Mon, 28 Mar 2005 04:01:25 +0000 (04:01 +0000)
gdk-pixbuf/ChangeLog		patch \| blob \| history
gdk-pixbuf/io-bmp.c		patch \| blob \| history