[gdk-pixbuf] io-gif: Clarify buffer length management

From: Bastien Nocera <hadess src gnome org>
To: commits-list gnome org
Cc:
Subject: [gdk-pixbuf] io-gif: Clarify buffer length management
Date: Mon, 19 Dec 2016 18:02:50 +0000 (UTC)

commit 5b15f3406a800ffef06906b4ddfedff61318c176
Author: Philip Withnall <philip tecnocode co uk>
Date:   Mon Dec 12 22:35:32 2016 +0000

    io-gif: Clarify buffer length management
    
    buffer_count is read from the file, and then we potentially copy up to
    that number of bytes straight into a buffer without a length check. This
    does not result in buffer overflow iff the buffer is at least 255 bytes
    long. Make that clear.
    
    Coverity CID 609094
    
    https://bugzilla.gnome.org/show_bug.cgi?id=776026

 gdk-pixbuf/io-gif.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)
---
diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c
index 00d18e2..5b30093 100644
--- a/gdk-pixbuf/io-gif.c
+++ b/gdk-pixbuf/io-gif.c
@@ -188,6 +188,7 @@ struct _GifContext
         GError **error;
 };
 
+/* The buffer must be at least 255 bytes long. */
 static int GetDataBlock (GifContext *, unsigned char *);
 
 
@@ -451,6 +452,7 @@ gif_get_extension (GifContext *context)
 
 static int ZeroDataBlock = FALSE;
 
+/* @buf must be at least 255 bytes long. */
 static int
 GetDataBlock (GifContext *context,
              unsigned char *buf)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]