mirror of
https://gitlab.gnome.org/GNOME/gtk.git
synced 2024-12-25 05:01:09 +00:00
Fix integer overflows in the xpm loader
This commit is contained in:
parent
f3f1bdc2f0
commit
868c9a85d7
@ -1,3 +1,8 @@
|
||||
2005-11-15 Matthias Clasen <mclasen@redhat.com>
|
||||
|
||||
* io-xpm.c: Fix several integer overflows which have been
|
||||
reported as CVE-2005-3186 and CVE-2005-2975.
|
||||
|
||||
2005-10-12 Matthias Clasen <mclasen@redhat.com>
|
||||
|
||||
* gdk-pixbuf-loader.c (gdk_pixbuf_loader_write): Only call
|
||||
|
@ -405,7 +405,8 @@ file_buffer (enum buf_op op, gpointer handle)
|
||||
/* Fall through to the xpm_read_string. */
|
||||
|
||||
case op_body:
|
||||
xpm_read_string (h->infile, &h->buffer, &h->buffer_size);
|
||||
if(!xpm_read_string (h->infile, &h->buffer, &h->buffer_size))
|
||||
return NULL;
|
||||
return h->buffer;
|
||||
|
||||
default:
|
||||
@ -500,7 +501,9 @@ pixbuf_create_from_xpm (const gchar * (*get_buf) (enum buf_op op, gpointer handl
|
||||
_("XPM has invalid number of chars per pixel"));
|
||||
return NULL;
|
||||
}
|
||||
if (n_col <= 0 || n_col >= G_MAXINT / (cpp + 1)) {
|
||||
if (n_col <= 0 ||
|
||||
n_col >= G_MAXINT / (cpp + 1) ||
|
||||
n_col >= G_MAXINT / sizeof (XPMColor)) {
|
||||
g_set_error (error,
|
||||
GDK_PIXBUF_ERROR,
|
||||
GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
|
||||
|
Loading…
Reference in New Issue
Block a user