[gdk-pixbuf] io-gif: Fail quickly when image dimensions are too big
- From: Bastien Nocera <hadess src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gdk-pixbuf] io-gif: Fail quickly when image dimensions are too big
- Date: Tue, 19 Sep 2017 09:36:22 +0000 (UTC)
commit 0012e066ba37439d402ce46afbc1311530a4ec61
Author: Bastien Nocera <hadess hadess net>
Date: Wed Aug 23 18:02:41 2017 +0200
io-gif: Fail quickly when image dimensions are too big
Fail quickly when the dimensions would create an image that's bigger
than MAXINT bytes long.
See https://bugzilla.gnome.org/show_bug.cgi?id=765094
https://bugzilla.gnome.org/show_bug.cgi?id=785973
gdk-pixbuf/io-gif.c | 30 +++++++++++++++++++++++-------
1 files changed, 23 insertions(+), 7 deletions(-)
---
diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c
index 057960c..ef10017 100644
--- a/gdk-pixbuf/io-gif.c
+++ b/gdk-pixbuf/io-gif.c
@@ -851,13 +851,29 @@ gif_get_lzw (GifContext *context)
pixels[2] = 0;
pixels[3] = 0;
}
- } else
- context->frame->pixbuf =
- gdk_pixbuf_new (GDK_COLORSPACE_RGB,
- TRUE,
- 8,
- context->frame_len,
- context->frame_height);
+ } else {
+ int rowstride;
+ guint64 len;
+
+ rowstride = gdk_pixbuf_calculate_rowstride (GDK_COLORSPACE_RGB,
+ TRUE,
+ 8,
+ context->frame_len,
+ context->frame_height);
+ if (rowstride > 0 &&
+ g_uint64_checked_mul (&len, rowstride, context->frame_height) &&
+ len <= G_MAXINT) {
+ context->frame->pixbuf =
+ gdk_pixbuf_new (GDK_COLORSPACE_RGB,
+ TRUE,
+ 8,
+ context->frame_len,
+ context->frame_height);
+ } else {
+ context->frame->pixbuf = NULL;
+ }
+ }
+
if (!context->frame->pixbuf) {
g_free (context->frame);
g_set_error_literal (context->error,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
