>
> Note however, than none of the fixes that we are making at the
> current time actually address the issue of _auditing_ the image
> loaders, and until that is done, there will be easy ways of crashing
> (or worse) any program using GdkPixbuf.
>
Speaking about auditing...
here is a patch to io-xpm.c which makes it have one less possible segfault.
An example crasher is attached. Ok to commit the fix ?
===================================================================
RCS file: /cvs/gnome/gtk+/gdk-pixbuf/io-xpm.c,v
retrieving revision 1.27
diff -u -3 -p -u -r1.27 io-xpm.c
--- io-xpm.c 2001/05/07 15:58:41 1.27
+++ io-xpm.c 2001/08/30 08:49:23
@@ -1,3 +1,4 @@
+/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
/* GdkPixbuf library - XPM image loader
*
* Copyright (C) 1999 Mark Crichton
@@ -945,9 +946,12 @@ parse_color (const char *spec,
if ((i = strlen(spec+1))%3) {
return FALSE;
}
- i /= 3;
+ if ((i /= 3) > 100) {
+ return FALSE;
+ }
sprintf(fmt, "%%%dx%%%dx%%%dx", i, i, i);
+
if (sscanf(spec+1, fmt, &red, &green, &blue) != 3) {
return FALSE;
}
Attachment:
teta[1].xpm
Description: Binary data