[goffice] Don't crash when loading an EMF image without valid data. [#704311]

From: Jean Bréfort <jbrefort src gnome org>
To: commits-list gnome org
Cc:
Subject: [goffice] Don't crash when loading an EMF image without valid data. [#704311]
Date: Wed, 17 Jul 2013 05:26:00 +0000 (UTC)

commit 49c2e2b03ad61322858940e676a1fc280ee1e81e
Author: Jean Brefort <jean brefort normalesup org>
Date:   Wed Jul 17 07:24:28 2013 +0200

    Don't crash when loading an EMF image without valid data. [#704311]

 ChangeLog              |    5 +++++
 NEWS                   |    3 +++
 goffice/utils/go-emf.c |    8 +++++++-
 3 files changed, 15 insertions(+), 1 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index c0df291..680e136 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-07-17  Jean Brefort  <jean brefort normalesup org>
+
+       * goffice/utils/go-emf.c (go_emf_new_from_data), (go_emf_parse): protect
+       against missing data. [#704311]
+
 2013-07-15  Morten Welinder  <terra gnome org>
 
        * goffice/math/go-regression.c (go_linear_regression_leverage):
diff --git a/NEWS b/NEWS
index b1aa927..459997e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,8 @@
 goffice 0.10.5:
 
+Jean:
+       * Don't crash when loading an EMF image without valid data. [#704311]
+
 Morten:
        * Add prescaling to go_linear_regression_leverage.  [#703381]
 
diff --git a/goffice/utils/go-emf.c b/goffice/utils/go-emf.c
index 17f595e..27d6869 100644
--- a/goffice/utils/go-emf.c
+++ b/goffice/utils/go-emf.c
@@ -257,9 +257,11 @@ GOImage *
 go_emf_new_from_data (char const *data, size_t length, GError **error)
 {
        GOEmf *emf = NULL;
-       GsfInput *input = gsf_input_memory_new (data, length, FALSE);
+       GsfInput *input;
        GOImage *image;
 
+       g_return_val_if_fail (data != NULL && length > 0, NULL);
+       input = gsf_input_memory_new (data, length, FALSE);
        if (input == NULL) {
                if (error)
                        *error = g_error_new (go_error_invalid (), 0,
@@ -4549,7 +4551,11 @@ go_emf_parse (GOEmf *emf, GsfInput *input, GError **error)
 
 #endif
        fsize = gsf_input_size (input);
+       if (fsize < 4)
+               return FALSE;
        data = gsf_input_read (input, 4, NULL);
+       if (!data)
+               return FALSE;
        switch (GSF_LE_GET_GUINT32 (data)) {
        case 0x9ac6cdd7:
                d_ (("Aldus Placeable Metafile\n"));

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]