summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* 1.5.0.v1.5.0Kim Woelders2018-02-222-5/+37
|
* Drop -Waggregate-returnKim Woelders2018-02-221-1/+1
| | | | xcb cookie returns trigger this warning.
* Expose XImage cache control functionsKim Woelders2018-02-174-10/+109
|
* Add imlib_get_cache_used()Kim Woelders2018-02-172-4/+18
| | | | And some cosmetics.
* Refactor the XImage cacheKim Woelders2018-02-101-100/+70
| | | | Simpler, faster.
* Add IMLIB2_XIMAGE_CACHE_COUNT to enable testing the ximage cacheKim Woelders2018-02-101-0/+11
|
* Introduce IMLIB2_SHM_OPT to enable overriding/testing SHM modesKim Woelders2018-02-101-0/+18
|
* Fix potential OOB memory access if border sizes exceed image dimensionsKim Woelders2018-02-091-28/+28
|
* Fix potential OOB memory access if border elements are negativeKim Woelders2018-02-091-4/+4
|
* Strip trailing whitespace, cosmeticsKim Woelders2018-02-091-319/+319
|
* Autofoo cosmeticsKim Woelders2018-02-081-2/+3
|
* IndentKim Woelders2018-02-082-10/+16
|
* Add support for MIT-SHM FD-passingAlexander Volkov2018-02-083-42/+148
| | | | | | | | | | | | Summary: This is more secure way of using shared memory because it's visible only to the X server and the application. Reviewers: kwo Reviewed By: kwo Differential Revision: https://phab.enlightenment.org/D5788
* introduce __imlib_ShmDestroyXImage() instead of __imlib_ShmDetach()Alexander Volkov2018-02-083-8/+16
| | | | | | | | | | | | Summary: It enhances the code, because __imlib_ShmDestroyXImage() is symmetrical to __imlib_ShmGetXImage(), while __imlib_ShmDetach() looks unrelated. Reviewers: kwo Reviewed By: kwo Differential Revision: https://phab.enlightenment.org/D5787
* put a check for shared memory inside __imlib_ShmGetXImage()Alexander Volkov2018-02-083-25/+13
| | | | | | | | | | | | Summary: This check actually refers to the internal implementation and should not be done outside this function. Reviewers: kwo Reviewed By: kwo Differential Revision: https://phab.enlightenment.org/D5783
* imlib_create_scaled_image_from_drawable(): Drop shape handling if unshapedKim Woelders2017-12-231-16/+27
|
* imlib_create_scaled_image_from_drawable(): speed up 1:1 caseKim Woelders2017-12-231-32/+53
|
* imlib2_grab: Always use imlib_create_scaled_image_from_drawable() to grab imageKim Woelders2017-12-231-5/+2
| | | | | | | | | | | | | | Apparently, when using XShmGetImage to get an XImage for a (non-root?) window, the image no longer includes subwindows (like when using IncludeInferiors in GC). When using XGetImage the XImage still includes subwindows. imlib_create_scaled_image_from_drawable() (as opposed to imlib_create_image_from_drawable() ) is implemented in such a way that the drawable to be grabbed is always copied to a pixmap first. This way we always get the "IncludeInferiors" type grab we most likely want here.
* Remove redundant CAST_IMAGE()Kim Woelders2017-12-171-2/+0
|
* Introduce __imlib_LoadImageData()Kim Woelders2017-12-175-196/+74
|
* Make some more functions static.Kim Woelders2017-12-152-4/+2
|
* XPM loader: Fix incorrect image invalidation.Kim Woelders2017-05-011-1/+0
| | | | Introduced in d5ebec2948d93c0c47c249e1506a1a6bdbf27b68.
* 1.4.10.v1.4.10Kim Woelders2017-04-152-174/+188
|
* Prevent OOB read with large file support on 32 bitTobias Stoeckmann2017-03-251-1/+3
| | | | | | | | | | | | | | | | | If imlib2 is compiled with large file support on 32 bit systems, which is not the default, the TGA loader is vulnerable to an out of boundary read due to insufficient off_t/size_t validations. If large file support is enabled, off_t is 64 bit, while size_t is the regular 32 bit on 32 bit architectures. Casting directly leads to issues with files which are larger than 4 GB. As it's unlikely to encounter such files, they will be simply ignored on such systems. 64 bit systems are not affected. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* Properly release resources on error pathTobias Stoeckmann2017-03-129-9/+58
| | | | | | | | | The code did not properly release resources in some error paths, leading to memory leaks or possible double free issues. If an image could not be loaded, some code paths check if width is 0 to determine if an error occurred. Therefore, always set width to 0 in such cases.
* Avoid out of boundary operations while parsing xpmTobias Stoeckmann2017-02-201-4/+24
| | | | | | | | | | | | | | | | | | It is possible to trigger out of boundary read and write accesses while parsing XPM files. 1. If the color definition is shorter than the specified cpp, i.e. characters per pixel, an out of boundary write can be triggered. The write will modify stack memory and could therefore be used to corrupt local variables or return addresses. 2. If the pixel area contains less than the required amount of characters per pixel, an out of boundary read can be triggered. This affects files with more than one character per pixel. 3. If an out of memory condition occurs, a null pointer dereference can be triggered because the variable line is reallocated if not enough memory was available. Dereferencing line with an offset would lead to yet another out of boundary write, which will lead to a segmentation fault on almost every system out there.
* Fix missing break.Kim Woelders2017-02-121-0/+1
| | | | | | | | | | | | Found by gcc 7: grab.c: In function ‘__imlib_GrabXImageToRGBA’: grab.c:85:14: error: this statement may fall through [-Werror=implicit-fallthrough=] for (y = 0; y < h; y++) ^~~ grab.c:97:11: note: here case 24: ^~~~
* PNM loader: Fix reading PNM bitmaps.Kim Woelders2016-09-031-0/+1
| | | | | | | | | | Attempting to read a PNM bitmap (ASCII format) would cause a lockup due to infinite loop, and in certain cases write access outside allocated memory. Fixes CVE-2016-6348 (out-of-bounds writes ... presumably - CVE text not disclosed yet). Found by Neelima Krishnan, Intel Corporation.
* 1.4.9.v1.4.9Kim Woelders2016-04-292-2/+36
|
* Fix various potential OOM crashes.Kim Woelders2016-04-166-125/+93
| | | | | | | | There were several potential OOM crashes in __imlib_ListFilters(), __imlib_ListLoaders() and __imlib_TrimLoaderList(). The fix of __imlib_TrimLoaderList() is from patch by Yuriy M. Kaminskiy <yumkam@gmail.com>.
* Move __imlib_ItemInList() to file.c.Kim Woelders2016-04-164-21/+20
| | | | It may not be the ideal location but it's better than image.c
* Trivial file function cleanups.Kim Woelders2016-04-152-16/+14
|
* Eliminate pImlibExternalFilter type.Kim Woelders2016-04-152-8/+6
|
* Make a number of functions static.Kim Woelders2016-04-154-14/+11
|
* Harden API and internals against overly large imagesYuriy M. Kaminskiy2016-04-133-5/+28
| | | | Prevents potential integer overflow -> insufficient allocation -> heap overflow scenarios.
* Fix cross-endianness for masks (1-bit depth images)Alexander Smirnov2016-04-131-0/+2
| | | | | | | | | | Summary: Imlib generates masks on the client side with the bit order of the client. Set this bit order for produced XImages. Reviewers: kwo Differential Revision: https://phab.enlightenment.org/D3891
* loader_xpm: remove nonsense/impossible/broken conditionYuriy M. Kaminskiy2016-04-121-2/+1
| | | | | | | | 1) ptr is DATA32 *, so (ptr-im->data) is (w * h) at most; so this condition was broken, it should've been ((ptr-im->data) >= w*h); 2) ... however, ptr != NULL and (context > 1) are only possible together, and ptr and count are incremented always together too, so there are no point to check both; leave only less expensive check.
* Fix integer overflow resulting in insufficient heap allocationYuriy M. Kaminskiy2016-04-091-1/+2
| | | | | | | | | | | | | | | | | | | | | | IMAGE_DIMENSIONS_OK ensures that image width and height are less then 46340, so that maximum number of pixels is ~2**31. Unfortunately, there are a lot of code that allocates image data with something like malloc(w * h * sizeof(DATA32)); Obviously, on 32-bit machines this results in integer overflow, insufficient heap allocation, with [massive] out-of-bounds heap overwrite. Either X_MAX should be reduced to 32767, or (w)*(h) should be checked to not exceed ULONG_MAX/sizeof(DATA32). Security implications: *) for 32-bit machines: insufficient heap allocation and heap overwrite in many image loaders, with escalation potential to remote code execution; *) for 64-bit machines: it seems, no impact.
* Fix potential divide-by-zero in imlib_image_draw_ellipse().Kim Woelders2016-04-071-0/+24
| | | | | | | | | | Attempting to draw a 2x1 ellipse with e.g. imlib_image_draw_ellipse(x, y, 2, 1) causes a divide-by-zero. It seems happy enough to draw 1x1, 1x2 and 2x2, but not 2x1. Patch by Simon Lees. https://bugs.debian.org/639414
* GIF loader: Indent.Kim Woelders2016-04-071-25/+25
| | | | And remove now unused label "finish".
* GIF loader: Reduce progress checks from per-pixel to per-row.Kim Woelders2016-04-071-2/+2
| | | | Patch by Yuriy M. Kaminskiy.
* GIF loader: Remove check made redundant by previous commit.Kim Woelders2016-04-071-8/+0
| | | | Patch by Yuriy M. Kaminskiy.
* GIF loader: Fix out-of-bound reads from colormap.Kim Woelders2016-04-071-14/+17
| | | | | | | | | Bug-Debian: http://bugs.debian.org/785369 Note: removes all special-casing from the inner loop, optimize for common case. Author: Yuriy M. Kaminskiy <yumkam+debian@gmail.com> Reported-By: Jakub Wilk <jwilk@debian.org> Thanks to Bernhard U:belacker <bernhardu@vr-web.de> for analysis.
* Revert "gif: fix oob reads w/bad colormaps"Kim Woelders2016-04-071-10/+3
| | | | | | This reverts commit 16de244bd03d2f75da6508feb1ad9cb4e668e9dc. Will push alternative solution.
* Fix off-by-one OOB read in __imlib_MergeUpdate().Kim Woelders2016-04-061-1/+1
| | | | | | Patch by Yuriy M. Kaminskiy. https://bugs.debian.org/819818
* gif: fix oob reads w/bad colormapsBernhard Übelacker2016-04-021-3/+10
| | | | | | Verify the color map is inbounds before indexing with it. https://bugs.debian.org/785369
* Fix some "variable might be clobbered" warnings.Kim Woelders2016-03-212-8/+13
|
* Fix some "variable set but not used" warnings.Kim Woelders2016-03-212-14/+19
|
* Fix "assuming signed overflow does not occur" warning.Kim Woelders2016-03-211-4/+5
|
* 1.4.8.v1.4.8Kim Woelders2016-03-122-2/+24
|
View Lorry Controller Status