diff options
| author | Hermet Park <hermetpark@gmail.com> | 2019-04-23 19:04:21 +0900 |
|---|---|---|
| committer | Hermet Park <hermetpark@gmail.com> | 2019-04-23 19:19:07 +0900 |
| commit | 68fe9ec6bf60b4730ad7fdbf2698dc7aa130b94d (patch) | |
| tree | 1b126c8731a163c191a18ad12f17eb89a6ad00e0 | |
| parent | 7f0e9f9df7474465aed654d3de3c7bf3701a92ee (diff) | |
| download | efl-68fe9ec6bf60b4730ad7fdbf2698dc7aa130b94d.tar.gz | |
evas image: check format more strong way for wbmp.
wbmp format doesn't have any tags for verifying file header,
It's easy to pass other format headers if they have the first 1 byte 0x0,
This ocassionally brings wrong result (= succeeed loading image),
if unknown file format is tried.
So, to make it sure, here verify the size of image additionally.
if the image size is not expected, It returns fail as the result.
This problem is actually happened in this scenario.
open any mpeg file with elm_image.
elm_image_file_set() will return true though it fails to read data.
since wbmp make it pass to succeed.
@fix
| -rw-r--r-- | src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c b/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c index 633afe9567..00e67f3713 100644 --- a/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c +++ b/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c @@ -73,6 +73,15 @@ evas_image_load_file_head_wbmp(void *loader_data, position++; /* skipping one byte */ if (read_mb(&w, map, length, &position) < 0) goto bail; if (read_mb(&h, map, length, &position) < 0) goto bail; + + /* Wbmp header identifier is too weak.... + Here checks size validation whether it's acutal wbmp or not. */ + if (((w * h) >> 3) + position != length) + { + *error = EVAS_LOAD_ERROR_UNKNOWN_FORMAT; + goto bail; + } + if ((w < 1) || (h < 1) || (w > IMG_MAX_SIZE) || (h > IMG_MAX_SIZE) || IMG_TOO_BIG(w, h)) { @@ -116,11 +125,20 @@ evas_image_load_file_data_wbmp(void *loader_data, if (!map) goto bail; if (read_mb(&type, map, length, &position) < 0) goto bail; + + if (type != 0) + { + *error = EVAS_LOAD_ERROR_UNKNOWN_FORMAT; + goto bail; + } + position++; /* skipping one byte */ if (read_mb(&w, map, length, &position) < 0) goto bail; if (read_mb(&h, map, length, &position) < 0) goto bail; - if (type != 0) + /* Wbmp header identifier is too weak.... + Here checks size validation whether it's acutal wbmp or not. */ + if (((w * h) >> 3) + position != length) { *error = EVAS_LOAD_ERROR_UNKNOWN_FORMAT; goto bail; |