Группа :: Система/Библиотеки
Пакет: gdk-pixbuf
навигация по пакетам
Главная Изменения Спек Патчи Загрузить Bugs and FR
Патч: gdk-pixbuf-0.22.0-rh-alt-bound.patch
diff -uprk.orig gdk-pixbuf-0.22.0.orig/gdk-pixbuf/io-ico.c gdk-pixbuf-0.22.0/gdk-pixbuf/io-ico.c
--- gdk-pixbuf-0.22.0.orig/gdk-pixbuf/io-ico.c 2004-09-03 18:22:50 +0400
+++ gdk-pixbuf-0.22.0/gdk-pixbuf/io-ico.c 2004-09-03 18:25:45 +0400
@@ -330,6 +330,9 @@ DecodeHeader (guchar *Data, gint Bytes,
State->HeaderSize+=I;
+ if (State->HeaderSize < 0)
+ return FALSE;
+
if (State->HeaderSize>State->BytesInHeaderBuf) {guchar *tmp=realloc(State->HeaderBuf,State->HeaderSize);
if (!tmp)
diff -uprk.orig gdk-pixbuf-0.22.0.orig/gdk-pixbuf/io-xpm.c gdk-pixbuf-0.22.0/gdk-pixbuf/io-xpm.c
--- gdk-pixbuf-0.22.0.orig/gdk-pixbuf/io-xpm.c 2001-03-01 23:16:28 +0300
+++ gdk-pixbuf-0.22.0/gdk-pixbuf/io-xpm.c 2004-09-03 18:36:20 +0400
@@ -243,8 +243,8 @@ xpm_extract_color (const gchar *buffer)
break;
else { if (numnames > 0) {- space -= 1;
- strcat (color, " ");
+ strncat (color, " ", space);
+ space -= MIN (space, 1);
}
strncat (color, temp, space);
@@ -352,16 +352,31 @@ pixbuf_create_from_xpm (const gchar * (*
return NULL;
}
sscanf (buffer, "%d %d %d %d", &w, &h, &n_col, &cpp);
- if (cpp >= 32) {- g_warning ("XPM has more than 31 chars per pixel.");+ if (cpp <= 0 || cpp >= 32) {+ g_warning ("XPM has invalid number of chars per pixel");+ return NULL;
+ }
+ if (n_col <= 0 || n_col >= G_MAXINT / (cpp + 1) || n_col >= G_MAXINT / sizeof (_XPMColor)) {+ g_warning ("XPM file has invalid number of colors");return NULL;
}
/* The hash is used for fast lookups of color from chars */
color_hash = g_hash_table_new (g_str_hash, g_str_equal);
- name_buf = g_new (gchar, n_col * (cpp + 1));
- colors = g_new (_XPMColor, n_col);
+ name_buf = malloc (n_col * (cpp + 1));
+ if (!name_buf) {+ g_warning ("Cannot allocate memory for loading XPM image");+ g_hash_table_destroy (color_hash);
+ return NULL;
+ }
+ colors = malloc (sizeof (_XPMColor) * n_col);
+ if (!colors) {+ g_warning ("Cannot allocate memory for loading XPM image");+ g_hash_table_destroy (color_hash);
+ g_free (name_buf);
+ return NULL;
+ }
for (cnt = 0; cnt < n_col; cnt++) {gchar *color_name;