raster pushed a commit to branch master. http://git.enlightenment.org/legacy/imlib2.git/commit/?id=a2cb5b9c9bfcf0d865c37b40b6f2e44b029333e4
commit a2cb5b9c9bfcf0d865c37b40b6f2e44b029333e4 Author: Fabian Keil <[email protected]> Date: Thu Dec 4 12:49:04 2014 +0100 loader_tga: Abort file loading if the file obviously isn't large enough Prevents an integer overflow later on that resulted in a datasize of 18446744073709551575 for id:000131,src:000104,op:havoc,rep:32,+cov whose actual size is 48 byte. --- src/modules/loaders/loader_tga.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/modules/loaders/loader_tga.c b/src/modules/loaders/loader_tga.c index 175a4f5..e040ac0 100644 --- a/src/modules/loaders/loader_tga.c +++ b/src/modules/loaders/loader_tga.c @@ -237,6 +237,14 @@ load(ImlibImage * im, ImlibProgressFunction progress, { } + if ((size_t)ss.st_size < sizeof(tga_header) + header->idLength + + (footer_present ? sizeof(tga_footer) : 0)) + { + munmap(seg, ss.st_size); + close(fd); + return 0; + } + /* skip over header */ filedata = (char *)filedata + sizeof(tga_header); --
