diff options
| author | Bastien Nocera <hadess@hadess.net> | 2017-07-13 22:12:06 +0200 |
|---|---|---|
| committer | Bastien Nocera <hadess@hadess.net> | 2017-07-13 22:12:06 +0200 |
| commit | e08c11540bec325189b621666b1fa5e58178693d (patch) | |
| tree | fd62eb3319dd1b882fc8a174d5da30efde8c2777 /gdk-pixbuf | |
| parent | 99508c712d50e691328f47ce137cdbfa48b2d2e7 (diff) | |
| download | gdk-pixbuf-e08c11540bec325189b621666b1fa5e58178693d.tar.gz | |
ico: Don't use signed ints to do uints offset arithmetics
Make sure that the calculations we're doing on unsigned bytes can fit in
the target variable by making it a 32-bit unsigned int.
As detected by UBSan:
io-ico.c:288:26: runtime error: left shift of 146 by 24 places cannot be
represented in type 'int'
io-ico.c:287:38: runtime error: left shift of 222 by 24 places cannot be
represented in type 'int'
https://bugzilla.gnome.org/show_bug.cgi?id=776040
Diffstat (limited to 'gdk-pixbuf')
| -rw-r--r-- | gdk-pixbuf/io-ico.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c index 9e5cce280..b7945dec2 100644 --- a/gdk-pixbuf/io-ico.c +++ b/gdk-pixbuf/io-ico.c @@ -131,7 +131,7 @@ struct ico_direntry_data { gint ImageScore; gint width; gint height; - gint DIBoffset; + guint DIBoffset; gint x_hot; gint y_hot; }; @@ -166,7 +166,7 @@ struct ico_progressive_state { struct headerpair Header; /* Decoded (BE->CPU) header */ GList *entries; - gint DIBoffset; + guint DIBoffset; GdkPixbuf *pixbuf; /* Our "target" */ }; @@ -284,16 +284,16 @@ static void DecodeHeader(guchar *Data, gint Bytes, int depth; int x_hot; int y_hot; - int data_size G_GNUC_UNUSED; - int data_offset; + guint data_size G_GNUC_UNUSED; + guint data_offset; width = Ptr[0]; height = Ptr[1]; depth = Ptr[2]; x_hot = (Ptr[5] << 8) + Ptr[4]; y_hot = (Ptr[7] << 8) + Ptr[6]; - data_size = (Ptr[11] << 24) + (Ptr[10] << 16) + (Ptr[9] << 8) + (Ptr[8]); - data_offset = (Ptr[15] << 24) + (Ptr[14] << 16) + (Ptr[13] << 8) + (Ptr[12]); + data_size = ((guint) (Ptr[11]) << 24) + (Ptr[10] << 16) + (Ptr[9] << 8) + (Ptr[8]); + data_offset = ((guint) (Ptr[15]) << 24) + (Ptr[14] << 16) + (Ptr[13] << 8) + (Ptr[12]); DEBUG(g_print ("Image %d: %d x %d\n\tDepth: %d\n", I, width, height, depth); if (imgtype == 2) g_print ("\tHotspot: %d x %d\n", x_hot, y_hot); |