diff options
| author | Hermet Park <hermetpark@gmail.com> | 2019-04-24 10:10:36 +0900 |
|---|---|---|
| committer | Hermet Park <hermetpark@gmail.com> | 2019-04-24 10:10:36 +0900 |
| commit | 54754ab8781f78cc2e768c6f067b1418f4066b8e (patch) | |
| tree | 248fd20816d3df71a283a0de9b439fc89bb57111 | |
| parent | caa1542610a7073706f5e5200d58075ea83b04b1 (diff) | |
| download | efl-54754ab8781f78cc2e768c6f067b1418f4066b8e.tar.gz | |
Revert "evas-wbmp: revert previous two patches"
This reverts commit 0ebf41c003ea89f10c45ae7a2e53c68302c05103.
| -rw-r--r-- | src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c b/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c index 633afe9567..7f56da6d02 100644 --- a/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c +++ b/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c @@ -73,6 +73,15 @@ evas_image_load_file_head_wbmp(void *loader_data, position++; /* skipping one byte */ if (read_mb(&w, map, length, &position) < 0) goto bail; if (read_mb(&h, map, length, &position) < 0) goto bail; + + /* Wbmp header identifier is too weak.... + Here checks size validation whether it's acutal wbmp or not. */ + if (((w * h) >> 3) + position != length) + { + *error = EVAS_LOAD_ERROR_UNKNOWN_FORMAT; + goto bail; + } + if ((w < 1) || (h < 1) || (w > IMG_MAX_SIZE) || (h > IMG_MAX_SIZE) || IMG_TOO_BIG(w, h)) { @@ -116,11 +125,20 @@ evas_image_load_file_data_wbmp(void *loader_data, if (!map) goto bail; if (read_mb(&type, map, length, &position) < 0) goto bail; + + if (type != 0) + { + *error = EVAS_LOAD_ERROR_UNKNOWN_FORMAT; + goto bail; + } + position++; /* skipping one byte */ if (read_mb(&w, map, length, &position) < 0) goto bail; if (read_mb(&h, map, length, &position) < 0) goto bail; - if (type != 0) + /* Wbmp header identifier is too weak.... + Here checks size validation whether it's acutal wbmp or not. */ + if (((w * h) >> 3) + position != length) { *error = EVAS_LOAD_ERROR_UNKNOWN_FORMAT; goto bail; @@ -145,7 +163,6 @@ evas_image_load_file_data_wbmp(void *loader_data, for (y = 0; y < (int)prop->h; y++) { - if (position + line_length > length) goto bail; line = ((unsigned char*) map) + position; position += line_length; for (x = 0; x < (int)prop->w; x++) |