summarylogtreecommitdiffstats
path: root/gdk-pixbuf-0.22.0-bmp_reject_corrupt.patch
blob: ffb4378aa3abd19b16d8a438bc8cd2f2ec6cb6ca (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
--- gdk-pixbuf-0.22.0/gdk-pixbuf/io-bmp.c	2002-09-27 23:12:40.000000000 +0200
+++ gdk-pixbuf-0.22.0.patched/gdk-pixbuf/io-bmp.c	2005-03-30 01:33:06.000000000 +0200
@@ -31,8 +31,6 @@
 #include "gdk-pixbuf-private.h"
 #include "gdk-pixbuf-io.h"
 
-
-
 #if 0
 /* If these structures were unpacked, they would define the two headers of the
  * BMP file.  After them comes the palette, and then the image data.
@@ -206,7 +204,7 @@
 
 	if (State == NULL)
 		return NULL;
-
+ 	
 	while (feof(f) == 0) {
 		length = fread(membuf, 1, sizeof (membuf), f);
 		if (length > 0)
@@ -245,11 +243,26 @@
 static gboolean
 grow_buffer (struct bmp_progressive_state *State)
 {
-  guchar *tmp = realloc (State->buff, State->BufferSize);
+  guchar *tmp;
+
+  if (State->BufferSize == 0) {
+#if 0
+    g_set_error (error,
+		 GDK_PIXBUF_ERROR,
+		 GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+		 _("BMP image has bogus header data"));
+#endif
+    State->read_state = READ_STATE_ERROR;
+    return FALSE;
+  }
+
+  tmp = realloc (State->buff, State->BufferSize);
+
   if (!tmp) {
     State->read_state = READ_STATE_ERROR;
     return FALSE;
   }
+
   State->buff = tmp;
   return TRUE;
 }