Author: post
Date: 2010-01-19 20:11:25 +0100 (Tue, 19 Jan 2010)
New Revision: 3037
Modified:
branches/rawstudio-ng-color/librawstudio/rs-rawfile.c
Log:
raw_get_rational(): Ensure that we don't read out of bounds, and check for
division by zero.
Modified: branches/rawstudio-ng-color/librawstudio/rs-rawfile.c
===================================================================
--- branches/rawstudio-ng-color/librawstudio/rs-rawfile.c 2010-01-19
17:43:08 UTC (rev 3036)
+++ branches/rawstudio-ng-color/librawstudio/rs-rawfile.c 2010-01-19
19:11:25 UTC (rev 3037)
@@ -144,11 +144,17 @@
gboolean
raw_get_rational(RAWFILE *rawfile, guint pos, gfloat *target)
{
+ if((rawfile->base+pos+8)>rawfile->size)
+ return(FALSE);
+
guint counter, divisor;
raw_get_uint(rawfile, pos, &counter);
raw_get_uint(rawfile, pos+4, &divisor);
+
+ if (divisor == 0)
+ return(FALSE);
+
*target = (gfloat) counter / (gfloat) divisor;
-
return(TRUE);
}
_______________________________________________
Rawstudio-commit mailing list
[email protected]
http://rawstudio.org/cgi-bin/mailman/listinfo/rawstudio-commit
