diff options
author | Matthias Clasen <mclasen@redhat.com> | 2015-12-05 15:49:32 -0500 |
---|---|---|
committer | Matthias Clasen <mclasen@redhat.com> | 2015-12-14 07:02:12 -0500 |
commit | 075bc1b08a64a064edc4890454a108680f23f798 (patch) | |
tree | bcfa8b052a1b591561b4a02f3e6f61a1f8636832 | |
parent | 08934635023ff47e27d43f59c3ca53c1b9e3652f (diff) | |
download | gdk-pixbuf-075bc1b08a64a064edc4890454a108680f23f798.tar.gz |
bmp: Reject bogus depth
Erroring out early if we find a bogus image depth is
the right thing to do, and avoids possible memory
overruns later on.
https://bugzilla.gnome.org/show_bug.cgi?id=747605
-rw-r--r-- | gdk-pixbuf/io-bmp.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/gdk-pixbuf/io-bmp.c b/gdk-pixbuf/io-bmp.c index 1f197e83d..5c30bfbba 100644 --- a/gdk-pixbuf/io-bmp.c +++ b/gdk-pixbuf/io-bmp.c @@ -318,6 +318,15 @@ static gboolean DecodeHeader(unsigned char *BFH, unsigned char *BIH, return FALSE; } + if (State->Header.depth > 32) + { + g_set_error_literal (error, + GDK_PIXBUF_ERROR, + GDK_PIXBUF_ERROR_CORRUPT_IMAGE, + _("BMP image has unsupported depth")); + State->read_state = READ_STATE_ERROR; + } + if (State->Header.size == 12) clrUsed = 1 << State->Header.depth; else |