[gtk+/gtk-2-24] win32: add more clipboard data checks to avoid crash
- From: Marc-Andre Lureau <malureau src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gtk+/gtk-2-24] win32: add more clipboard data checks to avoid crash
- Date: Thu, 24 Apr 2014 14:08:47 +0000 (UTC)
commit dd37429b51e07a61b309b0620f49e235bfe0a9c7
Author: Marc-André Lureau <marcandre lureau gmail com>
Date: Tue Apr 22 19:47:47 2014 +0200
win32: add more clipboard data checks to avoid crash
It may happen that the received clipboard data is empty, but
if it's of type image/bmp, gtk+ will crash:
gdk_property_change: 00030AD4 GDK_SELECTION image/bmp REPLACE 8*0 bits:
... delayed rendering
gdk_selection_send_notify_for_display: 00030AD4 CLIPBOARD image/bmp
GDK_SELECTION (no-op)
_gdk_win32_selection_convert_to_dib: 1252003C image/bmp
Program received signal SIGSEGV, Segmentation fault.
0x749a9f40 in msvcrt!memmove () from C:\Windows\syswow64\msvcrt.dll
Thread 1 (Thread 2248.0x1b34):
target=0xc07b) at gdkselection-win32.c:1292
at gdkevents-win32.c:3498
wparam=8, lparam=0) at gdkevents-win32.c:232
message=773, wparam=8, lparam=0)
at gdkevents-win32.c:263
C:\Windows\syswow64\user32.dll
C:\Users\rugoosse\AppData\Local\virt-viewer\bin\libpangocairo-1.0-0.dll
wparam=0, lparam=-1687549457)
at gdkevents-win32.c:248
C:\Users\rugoosse\AppData\Local\virt-viewer\bin\libpangocairo-1.0-0.dll
https://bugzilla.gnome.org/show_bug.cgi?id=728745
gdk/win32/gdkproperty-win32.c | 6 ++++++
gdk/win32/gdkselection-win32.c | 2 ++
2 files changed, 8 insertions(+), 0 deletions(-)
---
diff --git a/gdk/win32/gdkproperty-win32.c b/gdk/win32/gdkproperty-win32.c
index 39163b5..88a29e8 100644
--- a/gdk/win32/gdkproperty-win32.c
+++ b/gdk/win32/gdkproperty-win32.c
@@ -193,6 +193,12 @@ gdk_property_change (GdkWindow *window,
format == 8 &&
mode == GDK_PROP_MODE_REPLACE)
{
+ if (type == _image_bmp && nelements < sizeof (BITMAPFILEHEADER))
+ {
+ g_warning ("Clipboard contains invalid bitmap data");
+ return;
+ }
+
if (type == _utf8_string)
{
if (!OpenClipboard (GDK_WINDOW_HWND (window)))
diff --git a/gdk/win32/gdkselection-win32.c b/gdk/win32/gdkselection-win32.c
index 41d4d3d..1b497c5 100644
--- a/gdk/win32/gdkselection-win32.c
+++ b/gdk/win32/gdkselection-win32.c
@@ -1286,6 +1286,8 @@ _gdk_win32_selection_convert_to_dib (HGLOBAL hdata,
if (target == _image_bmp)
{
+ g_return_val_if_fail (GlobalSize (hdata) >= sizeof (BITMAPFILEHEADER), NULL);
+
/* No conversion is needed, just strip the BITMAPFILEHEADER */
HGLOBAL hdatanew;
SIZE_T size = GlobalSize (hdata) - sizeof (BITMAPFILEHEADER);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]