[gdk-pixbuf/wip/hadess/better-xpm-checks: 2/5] xpm: Sanity check XPM file dimensions

From: Bastien Nocera <hadess src gnome org>
To: commits-list gnome org
Cc:
Subject: [gdk-pixbuf/wip/hadess/better-xpm-checks: 2/5] xpm: Sanity check XPM file dimensions
Date: Fri, 1 Mar 2019 11:25:51 +0000 (UTC)

commit 76f929158e48f4a1c222c816a65f242c290dff20
Author: Bastien Nocera <hadess hadess net>
Date:   Fri Mar 1 12:00:57 2019 +0100

    xpm: Sanity check XPM file dimensions
    
    In the same way that libXpm sanity checks it.

 gdk-pixbuf/io-xpm.c | 9 +++++++++
 1 file changed, 9 insertions(+)
---
diff --git a/gdk-pixbuf/io-xpm.c b/gdk-pixbuf/io-xpm.c
index fedcc708d..0da5b241b 100644
--- a/gdk-pixbuf/io-xpm.c
+++ b/gdk-pixbuf/io-xpm.c
@@ -498,6 +498,15 @@ pixbuf_create_from_xpm (const gchar * (*get_buf) (enum buf_op op, gpointer handl
                return NULL;
 
        }
+       /* Check from libXpm's ParsePixels() */
+       if ((h > 0 && w >= UINT_MAX / h) ||
+           w * h >= UINT_MAX / sizeof(unsigned int)) {
+               g_set_error_literal (error,
+                                     GDK_PIXBUF_ERROR,
+                                     GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+                                     _("Invalid XPM header"));
+               return NULL;
+       }
        if (cpp <= 0 || cpp >= 32) {
                 g_set_error_literal (error,
                                      GDK_PIXBUF_ERROR,

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]