reject 0-sized buffers as corrupt header data. Fixes bug #171707.

Sun Mar 27 19:59:52 2005 Manish Singh <yosh@gimp.org> * io-bmp.c (grow_buffer): reject 0-sized buffers as corrupt header data. Fixes bug #171707.
author: Manish Singh <yosh@gimp.org> 2005-03-28 04:01:25 +0000
committer: Manish Singh <yosh@src.gnome.org> 2005-03-28 04:01:25 +0000
commit: fcde8479cca084c59be1bfd72a4dc4b72bbd66f8 (patch)
tree: 76570f369a92ccf741265c08517ccc21f40cb69f /gdk-pixbuf/io-bmp.c
parent: 4d48403bc61b5986623afcad52e26b3c19b40203 (diff)
download: gtk+-fcde8479cca084c59be1bfd72a4dc4b72bbd66f8.tar.gz
1 files changed, 14 insertions, 1 deletions
diff --git a/gdk-pixbuf/io-bmp.c b/gdk-pixbuf/io-bmp.c
index 82882048dc..5b70ea047d 100644
--- a/gdk-pixbuf/io-bmp.c
+++ b/gdk-pixbuf/io-bmp.c
@@ -219,7 +219,19 @@ lsb_16 (guchar *src)
 static gboolean grow_buffer (struct bmp_progressive_state *State,
                              GError **error)
 {
-  guchar *tmp = g_try_realloc (State->buff, State->BufferSize);
+  guchar *tmp;
+
+  if (State->BufferSize == 0) {
+    g_set_error (error,
+		 GDK_PIXBUF_ERROR,
+		 GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+		 _("BMP image has bogus header data"));
+    State->read_state = READ_STATE_ERROR;
+    return FALSE;
+  }
+
+  tmp = g_try_realloc (State->buff, State->BufferSize);
+
   if (!tmp) {
     g_set_error (error,
 		 GDK_PIXBUF_ERROR,
@@ -228,6 +240,7 @@ static gboolean grow_buffer (struct bmp_progressive_state *State,
     State->read_state = READ_STATE_ERROR;
     return FALSE;
   }
+
   State->buff = tmp;
   return TRUE;
 }
author	Manish Singh <yosh@gimp.org>	2005-03-28 04:01:25 +0000
committer	Manish Singh <yosh@src.gnome.org>	2005-03-28 04:01:25 +0000
commit	fcde8479cca084c59be1bfd72a4dc4b72bbd66f8 (patch)
tree	76570f369a92ccf741265c08517ccc21f40cb69f /gdk-pixbuf/io-bmp.c
parent	4d48403bc61b5986623afcad52e26b3c19b40203 (diff)
download	gtk+-fcde8479cca084c59be1bfd72a4dc4b72bbd66f8.tar.gz