[gimp] Use more defensive coding in plausibility check.

From: Nils Philippsen <nphilipp src gnome org>
To: svn-commits-list gnome org
Cc:
Subject: [gimp] Use more defensive coding in plausibility check.
Date: Mon, 16 Nov 2009 16:31:27 +0000 (UTC)

commit f63ba36dd9cc01ca6da83fa05ddd12419ad8953e
Author: Nils Philippsen <nils redhat com>
Date:   Mon Nov 16 17:16:09 2009 +0100

    Use more defensive coding in plausibility check.
    
    Use an equivalent division instead of multiplying values and checking if
    they are more than G_MAXINT32, because divisions cannot overflow.

 plug-ins/file-bmp/bmp-read.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/plug-ins/file-bmp/bmp-read.c b/plug-ins/file-bmp/bmp-read.c
index 4fa415f..bc27e65 100644
--- a/plug-ins/file-bmp/bmp-read.c
+++ b/plug-ins/file-bmp/bmp-read.c
@@ -451,10 +451,10 @@ ReadBMP (const gchar  *name,
     }
 
   /* protect against integer overflows caused by malicious BMPs */
+  /* use divisions in comparisons to avoid type overflows */
 
-  if (((guint64) Bitmap_Head.biWidth) * Bitmap_Head.biBitCnt > G_MAXINT32 ||
-      ((guint64) Bitmap_Head.biWidth) * ABS (Bitmap_Head.biHeight) > G_MAXINT32 ||
-      ((guint64) Bitmap_Head.biWidth) * ABS (Bitmap_Head.biHeight) * 4 > G_MAXINT32)
+  if (((guint64) Bitmap_Head.biWidth) > G_MAXINT32 / Bitmap_Head.biBitCnt ||
+      ((guint64) Bitmap_Head.biWidth) > (G_MAXINT32 / ABS (Bitmap_Head.biHeight)) / 4)
     {
       g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
                    _("'%s' is not a valid BMP file"),

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]