diff options
| author | Claudio Saavedra <csaavedra@alumnos.utalca.cl> | 2008-03-11 20:51:09 +0000 |
|---|---|---|
| committer | Claudio Saavedra <csaavedra@src.gnome.org> | 2008-03-11 20:51:09 +0000 |
| commit | 415bfe39e4ba32870124e6448364518529c64cdd (patch) | |
| tree | a04f4646b0a8e4ca10916a303415b6583bcdc376 | |
| parent | bd12de15d542051ba0281781e7398d4c945e301a (diff) | |
| download | gdk-pixbuf-415bfe39e4ba32870124e6448364518529c64cdd.tar.gz | |
Check for the BMP header magic numbers before decoding it. (#505085)
2008-03-11 Claudio Saavedra <csaavedra@alumnos.utalca.cl>
* io-bmp.c: (DecodeHeader): Check for the BMP header magic numbers
before decoding it. (#505085)
svn path=/branches/gtk-2-12/; revision=19754
| -rw-r--r-- | gdk-pixbuf/ChangeLog | 5 | ||||
| -rw-r--r-- | gdk-pixbuf/io-bmp.c | 11 |
2 files changed, 16 insertions, 0 deletions
diff --git a/gdk-pixbuf/ChangeLog b/gdk-pixbuf/ChangeLog index c869130a9..5563a9367 100644 --- a/gdk-pixbuf/ChangeLog +++ b/gdk-pixbuf/ChangeLog @@ -1,3 +1,8 @@ +2008-03-11 Claudio Saavedra <csaavedra@alumnos.utalca.cl> + + * io-bmp.c: (DecodeHeader): Check for the BMP header magic numbers + before decoding it. (#505085) + 2008-02-12 Matthias Clasen <mclasne@redhat.com> * === Released 2.12.8 === diff --git a/gdk-pixbuf/io-bmp.c b/gdk-pixbuf/io-bmp.c index d0347c963..099a16d96 100644 --- a/gdk-pixbuf/io-bmp.c +++ b/gdk-pixbuf/io-bmp.c @@ -258,6 +258,17 @@ static gboolean DecodeHeader(unsigned char *BFH, unsigned char *BIH, { gint clrUsed; + /* First check for the two first bytes content. A sane + BMP file must start with bytes 0x42 0x4D. */ + if (*BFH != 0x42 || *(BFH + 1) != 0x4D) { + g_set_error (error, + GDK_PIXBUF_ERROR, + GDK_PIXBUF_ERROR_CORRUPT_IMAGE, + _("BMP image has bogus header data")); + State->read_state = READ_STATE_ERROR; + return FALSE; + } + /* FIXME this is totally unrobust against bogus image data. */ if (State->BufferSize < lsb_32 (&BIH[0]) + 14) { State->BufferSize = lsb_32 (&BIH[0]) + 14; |