[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: kdegraphics/kfile-plugins/jpeg
From: Dirk Mueller <mueller () kde ! org>
Date: 2003-12-15 19:09:31
[Download RAW message or body]
CVS commit by mueller:
fix an integer overflow problem. Not exploitable though.
M +9 -7 exif.cpp 1.5
M +1 -1 exif.h 1.3
--- kdegraphics/kfile-plugins/jpeg/exif.cpp #1.4:1.5
@@ -11,4 +11,5 @@
#include "exif.h"
#include <qwmatrix.h>
+#include <kglobal.h>
@@ -225,7 +226,8 @@ int ExifData::ReadJpegSections (QFile &
}
for(SectionsRead = 0; SectionsRead < MAX_SECTIONS-1; ){
- int itemlen;
int marker = 0;
- int ll,lh, got;
+ int got;
+ unsigned int ll,lh;
+ unsigned int itemlen;
uchar * Data;
@@ -255,5 +257,5 @@ int ExifData::ReadJpegSections (QFile &
itemlen = (lh << 8) | ll;
- if (itemlen < 2){
+ if (itemlen < 2) {
throw FatalError("invalid marker");
}
@@ -269,5 +271,5 @@ int ExifData::ReadJpegSections (QFile &
got = infile.readBlock((char*)Data+2, itemlen-2); // Read the whole section.
- if (got != itemlen-2){
+ if (( unsigned ) got != itemlen-2){
throw FatalError("reading from file");
}
@@ -279,7 +281,7 @@ int ExifData::ReadJpegSections (QFile &
// If reading entire image is requested, read the rest of the data.
if (ReadMode & READ_IMAGE){
- int size;
+ unsigned long size;
- size = infile.size()-infile.at();
+ size = kMax( 0ul, infile.size()-infile.at() );
Data = (uchar *)malloc(size);
if (Data == NULL){
@@ -288,5 +290,5 @@ int ExifData::ReadJpegSections (QFile &
got = infile.readBlock((char*)Data, size);
- if (got != size){
+ if (( unsigned ) got != size){
throw FatalError("could not read the rest of the image");
}
--- kdegraphics/kfile-plugins/jpeg/exif.h #1.2:1.3
@@ -34,5 +34,5 @@ typedef unsigned char uchar;
typedef struct {
unsigned short Tag;
- char * Desc;
+ const char*const Desc;
}TagTable_t;
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic