[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: kdelibs/kimgio
From: Dirk Mueller <mueller () kde ! org>
Date: 2005-04-13 20:22:04
Message-ID: 20050413202204.DB0C5492 () office ! kde ! org
[Download RAW message or body]
CVS commit by mueller:
be more robust about malformed input
M +17 -9 xcf.cpp 1.5
--- kdelibs/kimgio/xcf.cpp #1.4:1.5
@@ -235,8 +235,8 @@ bool XCFImageFormat::loadImageProperties
Q_UINT32 flags;
- char* data;
+ char* data=0;
property >> flags >> data;
- if (strcmp(tag, "gimp-comment") == 0)
+ if (tag && strncmp(tag, "gimp-comment", \
strlen("gimp-comment")) == 0)
xcf_image.image.setText("Comment", \
0, data);
@@ -258,4 +258,7 @@ bool XCFImageFormat::loadImageProperties
case PROP_COLORMAP:
property >> xcf_image.num_colors;
+ if(xcf_image.num_colors < 0 || \
xcf_image.num_colors > 65535) + return \
false; +
\
xcf_image.palette.reserve(xcf_image.num_colors);
@@ -308,4 +311,7 @@ bool XCFImageFormat::loadProperty(QDataS
}
+ if(size > 65535 || size < 4)
+ return false;
+
size = 3 * (size - 4) + 4;
data = new char[size];
@@ -337,6 +343,11 @@ bool XCFImageFormat::loadProperty(QDataS
size = 0;
- } else
- xcf_io.readBytes(data, size);
+ } else {
+ xcf_io >> size;
+ if(size >256000)
+ return false;
+ data = new char[size];
+ xcf_io.readRawBytes(data, size);
+ }
if (xcf_io.device()->status() != IO_Ok) {
@@ -345,9 +356,6 @@ bool XCFImageFormat::loadProperty(QDataS
}
- if (size != 0) {
- bytes.resize(size);
- for (uint i = 0; i < size; i++)
- bytes[i] = data[i];
- delete[] data;
+ if (size != 0 && data) {
+ bytes.assign(data,size);
}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic