AuroraMiddleware/gtk
1
0
Fork 1
mirror of https://gitlab.gnome.org/GNOME/gtk.git synced 2024-11-06 00:30:08 +00:00
Code Issues Projects Releases Wiki Activity

Fix integer overflows in the xpm loader

Browse Source
This commit is contained in:
Matthias Clasen 2005-11-15 15:59:05 +00:00
parent f3f1bdc2f0
commit 868c9a85d7
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
gdk-pixbuf/ChangeLog
View File

@ -1,3 +1,8 @@
2005-11-15 Matthias Clasen <mclasen@redhat.com>
* io-xpm.c: Fix several integer overflows which have been
reported as CVE-2005-3186 and CVE-2005-2975.
2005-10-12 Matthias Clasen <mclasen@redhat.com> 2005-10-12 Matthias Clasen <mclasen@redhat.com>
* gdk-pixbuf-loader.c (gdk_pixbuf_loader_write): Only call * gdk-pixbuf-loader.c (gdk_pixbuf_loader_write): Only call

7
gdk-pixbuf/io-xpm.c
View File

@ -405,7 +405,8 @@ file_buffer (enum buf_op op, gpointer handle)
/* Fall through to the xpm_read_string. */ /* Fall through to the xpm_read_string. */
case op_body: case op_body:
xpm_read_string (h->infile, &h->buffer, &h->buffer_size); if(!xpm_read_string (h->infile, &h->buffer, &h->buffer_size))
return NULL;
return h->buffer; return h->buffer;
default: default:
@ -500,7 +501,9 @@ pixbuf_create_from_xpm (const gchar * (*get_buf) (enum buf_op op, gpointer handl
_("XPM has invalid number of chars per pixel")); _("XPM has invalid number of chars per pixel"));
return NULL; return NULL;
} }
if (n_col <= 0 || n_col >= G_MAXINT / (cpp + 1)) { if (n_col <= 0 ||
n_col >= G_MAXINT / (cpp + 1) ||
n_col >= G_MAXINT / sizeof (XPMColor)) {
g_set_error (error, g_set_error (error,
GDK_PIXBUF_ERROR, GDK_PIXBUF_ERROR,
GDK_PIXBUF_ERROR_CORRUPT_IMAGE, GDK_PIXBUF_ERROR_CORRUPT_IMAGE,