From 2aa2acfff38de7de825868995e49792ecfc03126 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 24 Jan 2012 23:15:03 +0000 Subject: Tue Jan 24 23:15:02 UTC 2012 --- .../gdk-pixbuf-0.22.0-bmp_reject_corrupt.patch | 48 ++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 community-staging/gdk-pixbuf/gdk-pixbuf-0.22.0-bmp_reject_corrupt.patch (limited to 'community-staging/gdk-pixbuf/gdk-pixbuf-0.22.0-bmp_reject_corrupt.patch') diff --git a/community-staging/gdk-pixbuf/gdk-pixbuf-0.22.0-bmp_reject_corrupt.patch b/community-staging/gdk-pixbuf/gdk-pixbuf-0.22.0-bmp_reject_corrupt.patch new file mode 100644 index 000000000..ffb4378aa --- /dev/null +++ b/community-staging/gdk-pixbuf/gdk-pixbuf-0.22.0-bmp_reject_corrupt.patch @@ -0,0 +1,48 @@ +--- gdk-pixbuf-0.22.0/gdk-pixbuf/io-bmp.c 2002-09-27 23:12:40.000000000 +0200 ++++ gdk-pixbuf-0.22.0.patched/gdk-pixbuf/io-bmp.c 2005-03-30 01:33:06.000000000 +0200 +@@ -31,8 +31,6 @@ + #include "gdk-pixbuf-private.h" + #include "gdk-pixbuf-io.h" + +- +- + #if 0 + /* If these structures were unpacked, they would define the two headers of the + * BMP file. After them comes the palette, and then the image data. +@@ -206,7 +204,7 @@ + + if (State == NULL) + return NULL; +- ++ + while (feof(f) == 0) { + length = fread(membuf, 1, sizeof (membuf), f); + if (length > 0) +@@ -245,11 +243,26 @@ + static gboolean + grow_buffer (struct bmp_progressive_state *State) + { +- guchar *tmp = realloc (State->buff, State->BufferSize); ++ guchar *tmp; ++ ++ if (State->BufferSize == 0) { ++#if 0 ++ g_set_error (error, ++ GDK_PIXBUF_ERROR, ++ GDK_PIXBUF_ERROR_CORRUPT_IMAGE, ++ _("BMP image has bogus header data")); ++#endif ++ State->read_state = READ_STATE_ERROR; ++ return FALSE; ++ } ++ ++ tmp = realloc (State->buff, State->BufferSize); ++ + if (!tmp) { + State->read_state = READ_STATE_ERROR; + return FALSE; + } ++ + State->buff = tmp; + return TRUE; + } -- cgit v1.2.3-54-g00ecf