diff options
Diffstat (limited to 'gdk-pixbuf')
| -rw-r--r-- | gdk-pixbuf/ChangeLog | 3 | ||||
| -rw-r--r-- | gdk-pixbuf/io-xpm.c | 9 |
2 files changed, 12 insertions, 0 deletions
diff --git a/gdk-pixbuf/ChangeLog b/gdk-pixbuf/ChangeLog index b03ae23958..922ee94b51 100644 --- a/gdk-pixbuf/ChangeLog +++ b/gdk-pixbuf/ChangeLog @@ -1,5 +1,8 @@ 2005-03-03 Matthias Clasen <mclasen@redhat.com> + * io-xpm.c (pixbuf_create_from_xpm): Check the number + of scanned items. (#168906, Morten Welinder) + Make the gif loader handle oom when loading animations. (#168857, Tommi Komulainen) diff --git a/gdk-pixbuf/io-xpm.c b/gdk-pixbuf/io-xpm.c index 2125b9c454..45a7cae462 100644 --- a/gdk-pixbuf/io-xpm.c +++ b/gdk-pixbuf/io-xpm.c @@ -1230,6 +1230,15 @@ pixbuf_create_from_xpm (const gchar * (*get_buf) (enum buf_op op, gpointer handl return NULL; } items = sscanf (buffer, "%d %d %d %d %d %d", &w, &h, &n_col, &cpp, &x_hot, &y_hot); + + if (items != 4 && items != 6) { + g_set_error (error, + GDK_PIXBUF_ERROR, + GDK_PIXBUF_ERROR_CORRUPT_IMAGE, + _("Invalid XPM header")); + return NULL; + } + if (w <= 0) { g_set_error (error, GDK_PIXBUF_ERROR, |