Репозитории ALT
5.1: | 1.9.15-alt2.3 |
4.1: | 1.9.15-alt1 |
4.0: | 1.9.15-alt1 |
3.0: | 1.9.14-alt5 |
Группа :: Система/Библиотеки
Пакет: imlib
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: imlib-1.9.14-suse-alt-bound.patch
Скачать
Скачать
diff -uprk.orig imlib-1.9.14.orig/gdk_imlib/io-bmp.c imlib-1.9.14/gdk_imlib/io-bmp.c
--- imlib-1.9.14.orig/gdk_imlib/io-bmp.c 2002-03-04 20:06:29 +0300
+++ imlib-1.9.14/gdk_imlib/io-bmp.c 2004-09-02 16:36:16 +0400
@@ -10,7 +10,7 @@ loader_bmp (FILE *file, int *w, int *h,
linesize, linepos, rshift = 0, gshift = 0, bshift = 0;
unsigned char byte;
short int word;
- long int dbuf[4], dword, rmask = 0, gmask = 0, bmask = 0, offset,
+ long int dbuf[4], dword, rmask = 0xff, gmask = 0xff, bmask = 0xff, offset,
size;
signed char bbuf[4];
struct _cmap
@@ -32,7 +32,7 @@ loader_bmp (FILE *file, int *w, int *h,
* Reading the bmp header
*/
- fread(&bbuf, 1, 2, file);
+ fread(bbuf, 1, 2, file);
fread(dbuf, 4, 4, file);
@@ -42,12 +42,12 @@ loader_bmp (FILE *file, int *w, int *h,
fread(dbuf, 4, 2, file);
*w = (int)dbuf[0];
*h = (int)dbuf[1];
- if (*w > 32767)
+ if ((*w <= 0) || (*w > 32767))
{
fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
return NULL;
}
- if (*h > 32767)
+ if ((*h <= 0) || (*h > 32767))
{
fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
return NULL;
@@ -72,6 +72,9 @@ loader_bmp (FILE *file, int *w, int *h,
ncolors = (int)dbuf[0];
if (ncolors == 0)
ncolors = 1 << bpp;
+ if ((ncolors < 0) || (ncolors > (1 << bpp)))
+ ncolors = 1 << bpp;
+
/* some more sanity checks */
if (((comp == BI_RLE4) && (bpp != 4)) || ((comp == BI_RLE8) && (bpp != 8)) || ((comp == BI_BITFIELDS) && (bpp != 16 && bpp != 32)))
{
@@ -197,9 +200,13 @@ loader_bmp (FILE *file, int *w, int *h,
for (bit = 0; bit < 8; bit++)
{
index = ((byte & (0x80 >> bit)) ? 1 : 0);
- ptr[poffset] = cmap[index].r;
- ptr[poffset + 1] = cmap[index].g;
- ptr[poffset + 2] = cmap[index].b;
+ /* possibly corrupted file? */
+ if (index < ncolors && poffset < *w * *h * 3)
+ {
+ ptr[poffset] = cmap[index].r;
+ ptr[poffset + 1] = cmap[index].g;
+ ptr[poffset + 2] = cmap[index].b;
+ }
column++;
}
}
@@ -221,9 +228,13 @@ loader_bmp (FILE *file, int *w, int *h,
index = ((byte & (0xF0 >> nibble * 4)) >> (!nibble * 4));
if (index >= 16)
index = 15;
- ptr[poffset] = cmap[index].r;
- ptr[poffset + 1] = cmap[index].g;
- ptr[poffset + 2] = cmap[index].b;
+ /* possibly corrupted file? */
+ if (index < ncolors && poffset < *w * *h * 3)
+ {
+ ptr[poffset] = cmap[index].r;
+ ptr[poffset + 1] = cmap[index].g;
+ ptr[poffset + 2] = cmap[index].b;
+ }
column++;
}
}
@@ -263,9 +274,13 @@ loader_bmp (FILE *file, int *w, int *h,
{
linepos++;
byte = getc(file);
- ptr[poffset] = cmap[byte].r;
- ptr[poffset + 1] = cmap[byte].g;
- ptr[poffset + 2] = cmap[byte].b;
+ /* possibly corrupted file? */
+ if (byte < ncolors && poffset < *w * *h * 3)
+ {
+ ptr[poffset] = cmap[byte].r;
+ ptr[poffset + 1] = cmap[byte].g;
+ ptr[poffset + 2] = cmap[byte].b;
+ }
column++;
}
if (absolute & 0x01)
@@ -276,9 +291,13 @@ loader_bmp (FILE *file, int *w, int *h,
{
for (i = 0; i < first; i++)
{
- ptr[poffset] = cmap[byte].r;
- ptr[poffset + 1] = cmap[byte].g;
- ptr[poffset + 2] = cmap[byte].b;
+ /* possibly corrupted file? */
+ if (byte < ncolors && poffset < *w * *h * 3)
+ {
+ ptr[poffset] = cmap[byte].r;
+ ptr[poffset + 1] = cmap[byte].g;
+ ptr[poffset + 2] = cmap[byte].b;
+ }
column++;
linepos++;
}
@@ -286,20 +305,27 @@ loader_bmp (FILE *file, int *w, int *h,
}
else
{
- ptr[poffset] = cmap[byte].r;
- ptr[poffset + 1] = cmap[byte].g;
- ptr[poffset + 2] = cmap[byte].b;
+ /* possibly corrupted file? */
+ if (byte < ncolors && poffset < *w * *h * 3)
+ {
+ ptr[poffset] = cmap[byte].r;
+ ptr[poffset + 1] = cmap[byte].g;
+ ptr[poffset + 2] = cmap[byte].b;
+ }
column++;
- linepos += size;
}
}
}
else if (bpp == 24)
{
- linepos += fread(&bbuf, 1, 3, file);
- ptr[poffset] = (unsigned char)bbuf[2];
- ptr[poffset + 1] = (unsigned char)bbuf[1];
- ptr[poffset + 2] = (unsigned char)bbuf[0];
+ linepos += fread(bbuf, 1, 3, file);
+ /* possibly corrupted file? */
+ if (poffset < *w * *h * 3)
+ {
+ ptr[poffset] = (unsigned char)bbuf[2];
+ ptr[poffset + 1] = (unsigned char)bbuf[1];
+ ptr[poffset + 2] = (unsigned char)bbuf[0];
+ }
column++;
}
else if (bpp == 16)
@@ -307,12 +333,16 @@ loader_bmp (FILE *file, int *w, int *h,
unsigned char temp;
linepos += fread(&word, 2, 1, file);
- temp = (word & rmask) >> rshift;
- ptr[poffset] = temp;
- temp = (word & gmask) >> gshift;
- ptr[poffset + 1] = temp;
- temp = (word & bmask) >> gshift;
- ptr[poffset + 2] = temp;
+ /* possibly corrupted file? */
+ if (poffset < *w * *h * 3)
+ {
+ temp = (word & rmask) >> rshift;
+ ptr[poffset] = temp;
+ temp = (word & gmask) >> gshift;
+ ptr[poffset + 1] = temp;
+ temp = (word & bmask) >> gshift;
+ ptr[poffset + 2] = temp;
+ }
column++;
}
else
@@ -320,12 +350,16 @@ loader_bmp (FILE *file, int *w, int *h,
unsigned char temp;
linepos += fread(&dword, 4, 1, file);
- temp = (dword & rmask) >> rshift;
- ptr[poffset] = temp;
- temp = (dword & gmask) >> gshift;
- ptr[poffset + 1] = temp;
- temp = (dword & bmask) >> bshift;
- ptr[poffset + 2] = temp;
+ /* possibly corrupted file? */
+ if (poffset < *w * *h * 3)
+ {
+ temp = (dword & rmask) >> rshift;
+ ptr[poffset] = temp;
+ temp = (dword & gmask) >> gshift;
+ ptr[poffset + 1] = temp;
+ temp = (dword & bmask) >> bshift;
+ ptr[poffset + 2] = temp;
+ }
column++;
}
}
diff -uprk.orig imlib-1.9.14.orig/Imlib/load.c imlib-1.9.14/Imlib/load.c
--- imlib-1.9.14.orig/Imlib/load.c 2002-03-22 17:43:04 +0300
+++ imlib-1.9.14/Imlib/load.c 2004-09-02 16:34:16 +0400
@@ -631,12 +631,12 @@ _LoadBMP(ImlibData * id, FILE *file, int
fread(dbuf, 4, 2, file);
*w = (int)dbuf[0];
*h = (int)dbuf[1];
- if (*w > 32767)
+ if ((*w < 0) || (*w > 32767))
{
fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
return NULL;
}
- if (*h > 32767)
+ if ((*h < 0) || (*h > 32767))
{
fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
return NULL;
@@ -661,6 +661,9 @@ _LoadBMP(ImlibData * id, FILE *file, int
ncolors = (int)dbuf[0];
if (ncolors == 0)
ncolors = 1 << bpp;
+ if ((ncolors < 0) || (ncolors > (1 << bpp)))
+ ncolors = 1 << bpp;
+
/* some more sanity checks */
if (((comp == BI_RLE4) && (bpp != 4)) || ((comp == BI_RLE8) && (bpp != 8)) || ((comp == BI_BITFIELDS) && (bpp != 16 && bpp != 32)))
{
@@ -786,9 +789,13 @@ _LoadBMP(ImlibData * id, FILE *file, int
for (bit = 0; bit < 8; bit++)
{
index = ((byte & (0x80 >> bit)) ? 1 : 0);
- ptr[poffset] = cmap[index].r;
- ptr[poffset + 1] = cmap[index].g;
- ptr[poffset + 2] = cmap[index].b;
+ /* possibly corrupted file? */
+ if (index < ncolors && poffset < *w * *h * 3)
+ {
+ ptr[poffset] = cmap[index].r;
+ ptr[poffset + 1] = cmap[index].g;
+ ptr[poffset + 2] = cmap[index].b;
+ }
column++;
}
}
@@ -810,9 +817,13 @@ _LoadBMP(ImlibData * id, FILE *file, int
index = ((byte & (0xF0 >> nibble * 4)) >> (!nibble * 4));
if (index >= 16)
index = 15;
- ptr[poffset] = cmap[index].r;
- ptr[poffset + 1] = cmap[index].g;
- ptr[poffset + 2] = cmap[index].b;
+ /* possibly corrupted file? */
+ if (index < ncolors && poffset < *w * *h * 3)
+ {
+ ptr[poffset] = cmap[index].r;
+ ptr[poffset + 1] = cmap[index].g;
+ ptr[poffset + 2] = cmap[index].b;
+ }
column++;
}
}
@@ -851,9 +862,13 @@ _LoadBMP(ImlibData * id, FILE *file, int
{
linepos++;
byte = getc(file);
- ptr[poffset] = cmap[byte].r;
- ptr[poffset + 1] = cmap[byte].g;
- ptr[poffset + 2] = cmap[byte].b;
+ /* possibly corrupted file? */
+ if (byte < ncolors && poffset < *w * *h * 3)
+ {
+ ptr[poffset] = cmap[byte].r;
+ ptr[poffset + 1] = cmap[byte].g;
+ ptr[poffset + 2] = cmap[byte].b;
+ }
column++;
}
if (absolute & 0x01)
@@ -864,9 +879,13 @@ _LoadBMP(ImlibData * id, FILE *file, int
{
for (i = 0; i < first; i++)
{
- ptr[poffset] = cmap[byte].r;
- ptr[poffset + 1] = cmap[byte].g;
- ptr[poffset + 2] = cmap[byte].b;
+ /* possibly corrupted file? */
+ if (byte < ncolors && poffset < *w * *h * 3)
+ {
+ ptr[poffset] = cmap[byte].r;
+ ptr[poffset + 1] = cmap[byte].g;
+ ptr[poffset + 2] = cmap[byte].b;
+ }
column++;
linepos++;
}
@@ -874,9 +893,13 @@ _LoadBMP(ImlibData * id, FILE *file, int
}
else
{
- ptr[poffset] = cmap[byte].r;
- ptr[poffset + 1] = cmap[byte].g;
- ptr[poffset + 2] = cmap[byte].b;
+ /* possibly corrupted file? */
+ if (byte < ncolors && poffset < *w * *h * 3)
+ {
+ ptr[poffset] = cmap[byte].r;
+ ptr[poffset + 1] = cmap[byte].g;
+ ptr[poffset + 2] = cmap[byte].b;
+ }
column++;
}
}
@@ -884,9 +907,13 @@ _LoadBMP(ImlibData * id, FILE *file, int
else if (bpp == 24)
{
linepos += fread(bbuf, 1, 3, file);
- ptr[poffset] = (unsigned char)bbuf[2];
- ptr[poffset + 1] = (unsigned char)bbuf[1];
- ptr[poffset + 2] = (unsigned char)bbuf[0];
+ /* possibly corrupted file? */
+ if (poffset < *w * *h * 3)
+ {
+ ptr[poffset] = (unsigned char)bbuf[2];
+ ptr[poffset + 1] = (unsigned char)bbuf[1];
+ ptr[poffset + 2] = (unsigned char)bbuf[0];
+ }
column++;
}
else if (bpp == 16)
@@ -894,12 +921,16 @@ _LoadBMP(ImlibData * id, FILE *file, int
unsigned char temp;
linepos += fread(&word, 2, 1, file);
- temp = (word & rmask) >> rshift;
- ptr[poffset] = temp;
- temp = (word & gmask) >> gshift;
- ptr[poffset + 1] = temp;
- temp = (word & bmask) >> gshift;
- ptr[poffset + 2] = temp;
+ /* possibly corrupted file? */
+ if (poffset < *w * *h * 3)
+ {
+ temp = (word & rmask) >> rshift;
+ ptr[poffset] = temp;
+ temp = (word & gmask) >> gshift;
+ ptr[poffset + 1] = temp;
+ temp = (word & bmask) >> gshift;
+ ptr[poffset + 2] = temp;
+ }
column++;
}
else
@@ -907,12 +938,16 @@ _LoadBMP(ImlibData * id, FILE *file, int
unsigned char temp;
linepos += fread(&dword, 4, 1, file);
- temp = (dword & rmask) >> rshift;
- ptr[poffset] = temp;
- temp = (dword & gmask) >> gshift;
- ptr[poffset + 1] = temp;
- temp = (dword & bmask) >> bshift;
- ptr[poffset + 2] = temp;
+ /* possibly corrupted file? */
+ if (poffset < *w * *h * 3)
+ {
+ temp = (dword & rmask) >> rshift;
+ ptr[poffset] = temp;
+ temp = (dword & gmask) >> gshift;
+ ptr[poffset + 1] = temp;
+ temp = (dword & bmask) >> bshift;
+ ptr[poffset + 2] = temp;
+ }
column++;
}
}