Hello. On 05/12/12 09:58, Enlightenment SVN wrote: > Log: > if somebody make corrupted bmp file, it can cause crash > > > Author: jypark > Date: 2012-12-05 01:58:56 -0800 (Wed, 05 Dec 2012) > New Revision: 80225 > Trac: http://trac.enlightenment.org/e/changeset/80225 > > Modified: > trunk/efl/src/modules/evas/loaders/bmp/evas_image_load_bmp.c > > Modified: trunk/efl/src/modules/evas/loaders/bmp/evas_image_load_bmp.c > =================================================================== > --- trunk/efl/src/modules/evas/loaders/bmp/evas_image_load_bmp.c > 2012-12-05 09:46:19 UTC (rev 80224) > +++ trunk/efl/src/modules/evas/loaders/bmp/evas_image_load_bmp.c > 2012-12-05 09:58:56 UTC (rev 80225) > @@ -135,6 +135,7 @@ > if (!read_ushort(map, fsize, &position, &res2)) goto close_file; > if (!read_uint(map, fsize, &position, &offset)) goto close_file; > if (!read_uint(map, fsize, &position, &head_size)) goto close_file; > + if (offset > fsize) goto close_file; > if (head_size == 12) // OS/2 V1 + Windows 3.0 > { > short tmp; > @@ -424,6 +425,7 @@ > if (!read_ushort(map, fsize, &position, &res2)) goto close_file; > if (!read_uint(map, fsize, &position, &offset)) goto close_file; > if (!read_uint(map, fsize, &position, &head_size)) goto close_file; > + if (offset > fsize) goto close_file; > image_size = fsize - offset; > if (image_size < 1) goto close_file;
You know that you compare signed and unsigned here, right? ../../src/modules/evas/loaders/bmp/evas_image_load_bmp.c: In function 'evas_image_load_file_head_bmp': ../../src/modules/evas/loaders/bmp/evas_image_load_bmp.c:138:15: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] ../../src/modules/evas/loaders/bmp/evas_image_load_bmp.c: In function 'evas_image_load_file_data_bmp': ../../src/modules/evas/loaders/bmp/evas_image_load_bmp.c:428:15: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] regards Stefan Schmidt ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
