diff options
| author | Philip Withnall <philip@tecnocode.co.uk> | 2016-12-12 22:35:32 +0000 |
|---|---|---|
| committer | Bastien Nocera <hadess@hadess.net> | 2016-12-19 19:01:18 +0100 |
| commit | 5b15f3406a800ffef06906b4ddfedff61318c176 (patch) | |
| tree | 80b295ef509e5285c9c01223f8ccfb7df90cc85b | |
| parent | 6450951d20d05351cb58029007c35bb92014ef26 (diff) | |
| download | gdk-pixbuf-5b15f3406a800ffef06906b4ddfedff61318c176.tar.gz | |
io-gif: Clarify buffer length management
buffer_count is read from the file, and then we potentially copy up to
that number of bytes straight into a buffer without a length check. This
does not result in buffer overflow iff the buffer is at least 255 bytes
long. Make that clear.
Coverity CID 609094
https://bugzilla.gnome.org/show_bug.cgi?id=776026
| -rw-r--r-- | gdk-pixbuf/io-gif.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c index 00d18e28d..5b300934e 100644 --- a/gdk-pixbuf/io-gif.c +++ b/gdk-pixbuf/io-gif.c @@ -188,6 +188,7 @@ struct _GifContext GError **error; }; +/* The buffer must be at least 255 bytes long. */ static int GetDataBlock (GifContext *, unsigned char *); @@ -451,6 +452,7 @@ gif_get_extension (GifContext *context) static int ZeroDataBlock = FALSE; +/* @buf must be at least 255 bytes long. */ static int GetDataBlock (GifContext *context, unsigned char *buf) |