Enlightenment CVS committal
Author : raster
Project : e17
Module : libs/evas
Dir : e17/libs/evas/src/modules/loaders/png
Modified Files:
evas_image_load_png.c
Log Message:
check dimensions for safety
===================================================================
RCS file: /cvs/e/e17/libs/evas/src/modules/loaders/png/evas_image_load_png.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -3 -r1.4 -r1.5
--- evas_image_load_png.c 28 Oct 2006 03:02:22 -0000 1.4
+++ evas_image_load_png.c 5 Nov 2006 05:07:52 -0000 1.5
@@ -71,6 +71,12 @@
png_get_IHDR(png_ptr, info_ptr, (png_uint_32 *) (&w32),
(png_uint_32 *) (&h32), &bit_depth, &color_type,
&interlace_type, NULL, NULL);
+ if ((w32 < 1) || (h32 < 1) || (w32 > 8192) || (h32 > 8192))
+ {
+ png_destroy_read_struct(&png_ptr, &info_ptr, (png_infopp) NULL);
+ fclose(f);
+ return 0;
+ }
if (!im->image)
im->image = evas_common_image_surface_new(im);
if (!im->image)
@@ -152,8 +158,12 @@
png_get_IHDR(png_ptr, info_ptr, (png_uint_32 *) (&w32),
(png_uint_32 *) (&h32), &bit_depth, &color_type,
&interlace_type, NULL, NULL);
- im->image->w = (int) w32;
- im->image->h = (int) h32;
+ if ((w32 != im->image->w) || (h32 != im->image->h))
+ {
+ png_destroy_read_struct(&png_ptr, &info_ptr, (png_infopp) NULL);
+ fclose(f);
+ return 0;
+ }
if (color_type == PNG_COLOR_TYPE_PALETTE) png_set_expand(png_ptr);
if (info_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA) hasa = 1;
if (info_ptr->color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
enlightenment-cvs mailing list
enlightenment-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-cvs
