Attachment 22861 Details for Bug 59100

[patch] The patch from vendor-sec (mclasen@redhat.com)

xpm.diff (text/plain), 2.62 KB, created by Sebastian Krahmer on 2004-08-24 17:01:20 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Sebastian Krahmer

Created: 2004-08-24 17:01:20 UTC

Size: 2.62 KB

patch

obsolete

>Index: io-xpm.c
>===================================================================
>RCS file: /cvs/gnome/gtk+/gdk-pixbuf/io-xpm.c,v
>retrieving revision 1.44
>diff -u -r1.44 io-xpm.c
>--- io-xpm.c	8 Jul 2004 03:56:36 -0000	1.44
>+++ io-xpm.c	23 Aug 2004 15:02:34 -0000
>@@ -1079,7 +1079,7 @@
> 	gint key = 0;
> 	gint current_key = 1;
> 	gint space = 128;
>-	gchar word[128], color[128], current_color[128];
>+	gchar word[129], color[129], current_color[129];
> 	gchar *r; 
> 	
> 	word[0] = '\0';
>@@ -1121,8 +1121,8 @@
> 				return NULL;
> 			/* accumulate color name */
> 			if (color[0] != '\0') {
>-				strcat (color, " ");
>-				space--;
>+				strncat (color, " ", space);
>+				space -= MIN (space, 1);
> 			}
> 			strncat (color, word, space);
> 			space -= MIN (space, strlen (word));
>@@ -1246,27 +1246,45 @@
> 		return NULL;
> 
> 	}
>-	if (n_col <= 0) {
>+	if (cpp <= 0 || cpp >= 32) {
>                 g_set_error (error,
>                              GDK_PIXBUF_ERROR,
>                              GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
>-                             _("XPM file has invalid number of colors"));
>+                             _("XPM has invalid number of chars per pixel"));
> 		return NULL;
>-
> 	}
>-	if (cpp <= 0 || cpp >= 32) {
>+	if (n_col <= 0 || n_col >= G_MAXSIZE / (cpp + 1)) {
>                 g_set_error (error,
>                              GDK_PIXBUF_ERROR,
>                              GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
>-                             _("XPM has invalid number of chars per pixel"));
>+                             _("XPM file has invalid number of colors"));
> 		return NULL;
> 	}
> 
> 	/* The hash is used for fast lookups of color from chars */
> 	color_hash = g_hash_table_new (g_str_hash, g_str_equal);
> 
>-	name_buf = g_new (gchar, n_col * (cpp + 1));
>-	colors = g_new (XPMColor, n_col);
>+	name_buf = g_try_malloc (n_col * (cpp + 1));
>+	if (!name_buf) {
>+		g_set_error (error,
>+			     GDK_PIXBUF_ERROR,
>+                             GDK_PIXBUF_ERROR_INSUFFICIENT_MEMORY,
>+                             _("Cannot allocate memory for loading XPM image"));
>+		g_hash_table_destroy (color_hash);
>+		return NULL;
>+	}
>+	colors = (XPMColor *) g_try_malloc (sizeof (XPMColor) * n_col);
>+	if (!colors) {
>+		g_set_error (error,
>+			     GDK_PIXBUF_ERROR,
>+                             GDK_PIXBUF_ERROR_INSUFFICIENT_MEMORY,
>+                             _("Cannot allocate memory for loading XPM image"));
>+		g_hash_table_destroy (color_hash);
>+		g_free (name_buf);
>+		return NULL;
>+	}
>+	g_print ("n_col %d name_buf %p (%d) colors %p (%d)\n",
>+		 n_col, name_buf, n_col * (cpp + 1), colors, sizeof (XPMColor) * n_col);
> 
> 	for (cnt = 0; cnt < n_col; cnt++) {
> 		gchar *color_name;

Actions: View | Diff

Attachments on bug 59100: 22861 | 22897 | 22999 | 23166 | 23191