ico: Fix possible offset overflow

In case the offset is MAXINT, don't try to get a header size past it. https://bugzilla.gnome.org/show_bug.cgi?id=776040
author: Bastien Nocera <hadess@hadess.net> 2017-07-13 22:13:36 +0200
committer: Bastien Nocera <hadess@hadess.net> 2017-07-13 22:13:36 +0200
commit: b92030b46ec0d4b7a38c0a9b79bcca5dd3aed5c6 (patch)
tree: f423b01cdcc081d0a2e4b0918e08bd1afea5c841 /gdk-pixbuf
parent: e08c11540bec325189b621666b1fa5e58178693d (diff)
download: gdk-pixbuf-b92030b46ec0d4b7a38c0a9b79bcca5dd3aed5c6.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c
index b7945dec2..e5444640c 100644
--- a/gdk-pixbuf/io-ico.c
+++ b/gdk-pixbuf/io-ico.c
@@ -326,7 +326,9 @@ static void DecodeHeader(guchar *Data, gint Bytes,
 	for (l = State->entries; l != NULL; l = g_list_next (l)) {
 		entry = l->data;
 
-		if (entry->DIBoffset < 0) {
+		/* We check whether the HeaderSize (int) would overflow */
+		if (entry->DIBoffset > INT_MAX - INFOHEADER_SIZE)
+		  {
 			g_set_error (error,
 			             GDK_PIXBUF_ERROR,
 			             GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
author	Bastien Nocera <hadess@hadess.net>	2017-07-13 22:13:36 +0200
committer	Bastien Nocera <hadess@hadess.net>	2017-07-13 22:13:36 +0200
commit	b92030b46ec0d4b7a38c0a9b79bcca5dd3aed5c6 (patch)
tree	f423b01cdcc081d0a2e4b0918e08bd1afea5c841 /gdk-pixbuf
parent	e08c11540bec325189b621666b1fa5e58178693d (diff)
download	gdk-pixbuf-b92030b46ec0d4b7a38c0a9b79bcca5dd3aed5c6.tar.gz