[gdk-pixbuf] qtif: Avoid buffer overrun on short reads
- From: Bastien Nocera <hadess src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gdk-pixbuf] qtif: Avoid buffer overrun on short reads
- Date: Tue, 13 Dec 2016 18:22:28 +0000 (UTC)
commit 92ac5e82a01a378189e149094a7cf80795203d96
Author: Bastien Nocera <hadess hadess net>
Date: Tue Dec 13 19:16:19 2016 +0100
qtif: Avoid buffer overrun on short reads
When filling the QTIF buffer, stop looping when we've copied 'size'
bytes, not when the buffer is filled. This fixes out-of-bounds accesses
when size is shorter than the expected header.
https://bugzilla.gnome.org/show_bug.cgi?id=775648
gdk-pixbuf/io-qtif.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/gdk-pixbuf/io-qtif.c b/gdk-pixbuf/io-qtif.c
index 0bd3d5f..c814c9d 100644
--- a/gdk-pixbuf/io-qtif.c
+++ b/gdk-pixbuf/io-qtif.c
@@ -432,7 +432,7 @@ static gboolean gdk_pixbuf__qtif_image_load_increment (gpointer data,
context->atom_count--;
/* Copy to header buffer in context, in case supplied data is not enough. */
- while(context->run_length < sizeof(QtHeader))
+ while (context->run_length < sizeof(QtHeader) && size > 0u)
{
context->header_buffer[context->run_length] = *buf;
context->run_length++;
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]