[gimp] Bug 493778 – metadata plug-in crashes on some images



commit b28b0e4687a5cdc60d31871abc3ff3583ba78a2c
Author: Massimo Valentini <sixtysix inwind it>
Date:   Mon Jul 20 14:59:29 2009 +0200

    Bug 493778 â?? metadata plug-in crashes on some images
    
    The problem is that the parser adds an empty property value when
    parsing an empty Alt-array, "<rdf:Alt/>".
    
    But when it is encoded it is expected to be in the form of a NULL
    terminated array of pairs of property values, with the result that the
    NULL terminator is considered the second element of the first pair and
    the loop encoding these properties goes beyond the end of the array,
    thus dereferencing invalid pointers.
    
    This commit alters the parser to avoid adding dummy values when empty
    rdf:Alt, rdf:Bag and rdf:Seq elements are found.

 plug-ins/metadata/xmp-parse.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)
---
diff --git a/plug-ins/metadata/xmp-parse.c b/plug-ins/metadata/xmp-parse.c
index bab90f0..7d6113c 100644
--- a/plug-ins/metadata/xmp-parse.c
+++ b/plug-ins/metadata/xmp-parse.c
@@ -948,6 +948,11 @@ end_element_handler    (GMarkupParseContext  *markup_context,
     case STATE_INSIDE_ALT:
     case STATE_INSIDE_BAG:
     case STATE_INSIDE_SEQ:
+      if (context->property && context->prop_cur_value < 0)
+        {
+          g_free (context->property);
+          context->property = NULL;
+        }
       context->state = STATE_INSIDE_PROPERTY;
       break;
 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]