Enlightenment CVS committal
Author : raster
Project : e17
Module : libs/eet
Dir : e17/libs/eet/src/lib
Modified Files:
eet_image.c
Log Message:
1. image size bounds checks for eet
2. e17 bug
3. color class add fir ibar state of label
4. epeg scales before getting pixel data.
===================================================================
RCS file: /cvs/e/e17/libs/eet/src/lib/eet_image.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -3 -r1.9 -r1.10
--- eet_image.c 13 Jun 2006 10:20:22 -0000 1.9
+++ eet_image.c 25 Nov 2006 15:37:45 -0000 1.10
@@ -121,6 +121,12 @@
/* head decoding */
*w = cinfo.output_width;
*h = cinfo.output_height;
+ if ((*w < 1) || (*h < 1) || (*w > 8192) || (*h > 8192))
+ {
+ jpeg_destroy_decompress(&cinfo);
+ _eet_memfile_read_close(f);
+ return 0;
+ }
/* end head decoding */
jpeg_destroy_decompress(&cinfo);
_eet_memfile_read_close(f);
@@ -163,6 +169,12 @@
/* head decoding */
*w = cinfo.output_width;
*h = cinfo.output_height;
+ if ((*w < 1) || (*h < 1) || (*w > 8192) || (*h > 8192))
+ {
+ jpeg_destroy_decompress(&cinfo);
+ _eet_memfile_read_close(f);
+ return NULL;
+ }
/* end head decoding */
/* data decoding */
if (cinfo.rec_outbuf_height > 16)
@@ -817,7 +829,7 @@
ih = header[2];
al = header[3];
cp = header[4];
- if ((iw > 8192) || (ih > 8192)) return 0;
+ if ((iw < 1) || (ih < 1) || (iw > 8192) || (ih > 8192)) return 0;
if ((cp == 0) && (size < ((iw * ih * 4) + 32))) return 0;
if (w) *w = iw;
if (h) *h = ih;
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
enlightenment-cvs mailing list
enlightenment-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-cvs
