Bug in gdk-pixbuf 0.10.1 pnm loader

From: Szekeres Istvan <szekeres pista debian hu>
To: gtk-list gnome org
Subject: Bug in gdk-pixbuf 0.10.1 pnm loader
Date: Sun, 25 Mar 2001 13:28:09 +0200

Hi,

if pnm_skip_whitespace starts skipping a comment but it hits the end of the
input buffer, the rest of the comment that will be read in the next cycle
will not be interpreted as a comment but as normal data. This causes
segfault, etc.

Here is the proposed fix, I hope it's ok.

--- io-pnm.c.orig	Sun Mar 25 13:12:22 2001
+++ io-pnm.c	Sun Mar 25 13:15:00 2001
@@ -193,6 +193,10 @@
 		if (*inptr == '#') {
 			/* in comment - skip to the end of this line */
 			for ( ; *inptr != '\n' && inptr < inend; inptr++);
+			if ( *inptr != '\n' ) {
+				/* couldn't read whole comment */
+				return PNM_SUSPEND;
+			}
 		} else if (!isspace (*inptr)) {
 			inbuf->byte = inptr;
 			inbuf->nbytes = (guint) (inend - inptr);




Pista

Follow-Ups:
- Re: Bug in gdk-pixbuf 0.10.1 pnm loader
  - From: Owen Taylor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]