gimp r25291 - in trunk: . plug-ins/common

From: muks svn gnome org
To: svn-commits-list gnome org
Subject: gimp r25291 - in trunk: . plug-ins/common
Date: Fri, 28 Mar 2008 21:48:11 +0000 (GMT)

Author: muks
Date: Fri Mar 28 21:48:10 2008
New Revision: 25291
URL: http://svn.gnome.org/viewvc/gimp?rev=25291&view=rev

Log:
2008-03-28  Mukund Sivaraman  <muks mukund org>

        * plug-ins/common/png.c: Fixed a bug where a pointer to a gint
        is passed to a function which expects gsize, which can cause
        out of bounds access.



Modified:
   trunk/ChangeLog
   trunk/plug-ins/common/png.c

Modified: trunk/plug-ins/common/png.c
==============================================================================
--- trunk/plug-ins/common/png.c	(original)
+++ trunk/plug-ins/common/png.c	Fri Mar 28 21:48:10 2008
@@ -1184,6 +1184,7 @@
   if (pngvals.comment)
     {
       GimpParasite *parasite;
+      gsize text_length = 0;
 
       parasite = gimp_image_parasite_find (orig_image_ID, "gimp-comment");
       if (parasite)
@@ -1207,8 +1208,9 @@
           text->compression = PNG_TEXT_COMPRESSION_NONE;
           text->text        = g_convert (comment, -1,
                                          "ISO-8859-1", "UTF-8",
-                                         NULL, &text->text_length,
+                                         NULL, &text_length,
                                          NULL);
+          text->text_length = text_length;
 
 #endif

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]