| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, code_last_byte is set only after it has been used, i.e.
context->block_buf[0] = context->block_buf[context->code_last_byte - 2];
comes before anything has touched context->code_last_byte yet.
Except for the initialisation.
context->code_last_byte is set a few lines later, though.
And nowhere else, except for the initialisation which sets it
to 0. That will inevitably lead to context->block_buf[-2] which is
undefined behaviour.
We hence set the code_last_byte to 2 in order to not make that
array index invalid.
https://bugzilla.gnome.org/show_bug.cgi?id=778584
|
|
|
|
|
|
|
|
|
| |
It seems that a pathological gif file can cause a negative array index
to be read. UBSAN reported this:
io-gif.c:509:44: runtime error: index -2 out of bounds for type 'guchar [280]'
io-gif.c:510:44: runtime error: index -1 out of bounds for type 'guchar [280]'
https://bugzilla.gnome.org/show_bug.cgi?id=778584
|
|
|
|
|
|
|
|
|
| |
Fail quickly when the dimensions would create an image that's bigger
than MAXINT bytes long.
See https://bugzilla.gnome.org/show_bug.cgi?id=765094
https://bugzilla.gnome.org/show_bug.cgi?id=785973
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With -Wconversion gcc complains with the following warning:
io-gif.c: In function ‘gif_read’:
io-gif.c:246:20: warning: conversion to ‘guint {aka unsigned int}’ from
‘size_t {aka long unsigned int}’ may alter its value [-Wconversion]
context->ptr += len;
^
io-gif.c:258:28: warning: conversion to ‘guint {aka unsigned int}’ from
‘size_t {aka long unsigned int}’ may alter its value [-Wconversion]
context->amount_needed = len - (context->size - context->ptr);
This change simply changes their types to match the rhs.
https://bugzilla.gnome.org/show_bug.cgi?id=786261
|
|
|
|
|
|
|
|
|
|
| |
The arguments were provided the wrong way round: the variable number
should always be the nmemb argument, rather than loading a single
element of variable size.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
https://bugzilla.gnome.org/show_bug.cgi?id=785696
|
|
|
|
|
|
|
|
| |
The upper and lower bounds when an area is updated are inclusive
coordinates, so the height would be upper - lower + 1, not
upper - lower, which would exclude the upper line.
https://bugzilla.gnome.org/show_bug.cgi?id=581484
|
|
|
|
|
|
|
|
|
|
|
| |
buffer_count is read from the file, and then we potentially copy up to
that number of bytes straight into a buffer without a length check. This
does not result in buffer overflow iff the buffer is at least 255 bytes
long. Make that clear.
Coverity CID 609094
https://bugzilla.gnome.org/show_bug.cgi?id=776026
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using progressive loading, the GIF loader seems to expect us to
load every single frame of the image before being "done". That's really
not the case when thumbnailing, as we only want the first frame in that
case.
Return the GDK_PIXBUF_ERROR_INCOMPLETE_ANIMATION error when not all the
frames have been decoded, so that users of the API can ignore it, like
gnome-desktop's thumbnailer.
https://bugzilla.gnome.org/show_bug.cgi?id=755672
|
| |
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=581461
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=641106
|
| |
|
|
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=144042
|
|
|
|
| |
Coverity complained about this.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was found that gdk-pixbuf GIF image loader gdk_pixbuf__gif_image_load()
routine did not properly handle certain return values from their subroutines.
A remote attacker could provide a specially-crafted GIF image, which once
opened in an application, linked against gdk-pixbuf would lead to gdk-pixbuf
to return partially initialized pixbuf structure, possibly having huge
width and height, leading to that particular application termination due
excessive memory use.
The CVE identifier of CVE-2011-2485 has been assigned to this issue.
|
|
|
|
| |
This is copying similar changes from glib.
|
|
|
|
|
|
|
|
| |
If we're building a loader like png into gdk-pixbuf, we need to
include the alias header. Otherwise we get internal PLT entries,
which makes make check fail.
https://bugzilla.gnome.org/show_bug.cgi?id=623314
|
| |
|
| |
|
| |
|
|
|
|
| |
Bug #592461.
|
|
|
|
|
|
|
|
|
|
|
| |
2008-08-29 Björn Lindqvist <bjourne@gmail.com>
Bug 437791 – Animation is played at the wrong speed
* gdk-pixbuf/io-gif.c (gif_get_lzw): Better 100 ms timeout for
broken GIFs with 0 frame timeout.
svn path=/trunk/; revision=21242
|
|
|
|
|
|
|
|
|
|
|
|
| |
2008-06-21 Johan Dahlin <jdahlin@async.com.br>
* *.[ch]: Include "config.h" instead of <config.h>
Command used:
find -name \*.[ch]|xargs perl -p -i -e 's/^#include <config.h>/#include "config.h"/g'
Rubberstamped by Mitch and Tim
svn path=/trunk/; revision=20669
|
|
|
|
| |
svn path=/trunk/; revision=20463
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2008-05-27 Tor Lillqvist <tml@novell.com>
* io-*.c: Use explicit G_MODULE_EXPORT decoration when building
the loader in question as a module.
* gdk-pixbuf-io.c: Enable included build of the icns and jasper
loaders.
svn path=/trunk/; revision=20192
|
|
|
|
| |
svn path=/trunk/; revision=17197
|
|
|
|
|
|
| |
* io-gif.c (gif_get_lzw): Handle invalid gif animations
a little bit more robustly. (#357974, Vassilis Pandis,
patch by Felix Riemann)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2006-10-11 Tor Lillqvist <tml@novell.com>
* configure.in: Enable having some gdk-pixbuf loaders built-in
even if loading the others dynamically. Define Automake
conditional INCLUDE_FOO for each loader as TRUE if that loader is
built-in. See also gdk-pixbuf/ChangeLog.
2006-10-11 Tor Lillqvist <tml@novell.com>
Enable having some loaders built-in even if loading the others
dynamically. Have loaders in the same order as in configure.in in
all places where they are handled/listed.
* Makefile.am: Define the STATIC_FOO_LIB and FOO_LIB macros
conditionally depending on whether said loader is built-in or
not. Use the names libstatic-pixbufloader-foo.la instead of
libpixbufloader-static-foo.la for the built-in ones so that the
"echo libpixbufloader-*.la" won't match them.
* gdk-pixbuf-io.c: Reorganize code as to plumb the built-in
loaders also if USE_GMODULE. Don't warn about a missing
gdk-pixbuf.loaders file if we have at least one included loader.
* gdk-pixbuf-private.h
* io-*.c: Don't define a generic MODULE_ENTRY, as we can't use it
in the loaders anyway. Each loader needs to check if INCLUDE_foo
is defined.
|
|
|
|
|
|
|
|
|
|
|
| |
2006-03-20 Matthias Clasen <mclasen@redhat.com>
* gdk-pixbuf-animation.c:
* gdk-pixbuf-io.c:
* io-xpm.c:
* io-xbm.c:
* io-gif.c: Always save errno to a temporary before making
other calls. (#335179, Morten Welinder)
|
|
|
|
|
|
|
|
| |
2006-03-14 Matthias Clasen <mclasen@redhat.com>
* io-gif.c (gdk_pixbuf__gif_image_load): Add a shortcut
to stop the gif mainloop after the first frame, if that
is all we are interested in. (#334538)
|
|
|
|
|
|
|
|
|
| |
2006-01-18 Matthias Clasen <mclasen@redhat.com>
* gtk/gtkrbtree.c:
* gtk/gtktreemodel.c: Fix several g_new() calls which
were using extra indirections or pointless casts.
(#327423, Morten Welinder)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2005-03-03 Matthias Clasen <mclasen@redhat.com>
Make the gif loader handle oom when loading
animations. (#168857, Tommi Komulainen)
* io-gif-animation.c (gdk_pixbuf_gif_anim_frame_composite):
Handle oom by returning NULL.
* io-gif.c (gif_get_lzw): Return an error if composite
returns NULL.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2004-11-12 Matthias Clasen <mclasen@redhat.com>
Changes to make gdk-pixbuf threadsafe (#157310, #157306,
Colin Walters):
* gdk-pixbuf-io.h (enum GdkPixbufFormatFlags): Add
GDK_PIXBUF_FORMAT_THREADSAFE to indicate that an image loader
is threadsafe.
* gdk-pixbuf-io.c (get_file_formats, _gdk_pixbuf_load_module):
Use a lock to make initialization of global data structures
threadsafe.
* gdk-pixbuf-private.h:
* gdk-pixbuf-io.c (_gdk_pixbuf_lock, _gdk_pixbuf_unlock):
Auxiliary functions which use another lock to protect
threadunsafe image loaders.
* gdk-pixbuf-io.c (gdk_pixbuf_real_save):
(save_to_callback_with_tmp_file):
(gdk_pixbuf_real_save_to_callback):
(gdk_pixbuf_new_from_xpm_data):
(_gdk_pixbuf_generic_image_load):
* gdk-pixbuf-animation.c (gdk_pixbuf_animation_new_from_file):
* gdk-pixbuf-loader.c (gdk_pixbuf_loader_load_module):
(gdk_pixbuf_loader_close):
(gdk_pixbuf_loader_finalize):
Use _gdk_pixbuf_lock() and _gdk_pixbuf_unlock().
* io-ani.c, io-bmp.c, io-gif.c, io-ico.c:
* io-jpeg.c, io-pcx.c, io-png.c, io-pnm.c:
* io-ras.c, io-tga.c, io-wbmp.c, io-xbm.c:
* io-xpm.c: Mark as threadsafe.
* io-tiff.c: Remove pointless locking, mark as
threadunsafe.
|
|
|
|
|
|
| |
Wed Aug 25 17:23:23 2004 Manish Singh <yosh@gimp.org>
* io-gif.c: remove unused set_need_recomposite() function.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Wed Jul 7 23:53:58 2004 Matthias Clasen <maclas@gmx.de>
* gdk-pixbuf-io.h:
* gdk-pixbuf-io.c (gdk_pixbuf_format_is_disabled):
* gdk-pixbuf-io.c (gdk_pixbuf_format_set_disabled):
* gdk-pixbuf-io.c (gdk_pixbuf_format_get_license):
New functions to disable/enable individual loaders and to
obtain license information about loaders.
* gdk-pixbuf-io.h (GdkPixbufFormat): Add disabled and
license fields.
* gdk-pixbuf-io.c (_gdk_pixbuf_get_module):
* gdk-pixbuf-io.c (_gdk_pixbuf_get_named_module): Skip
disabled loaders.
* io-*.c: Add license information in the fill_info
functions.
|
|
|
|
|
|
|
|
|
| |
Fri Jun 11 22:02:56 2004 Matthias Clasen <maclas@gmx.de>
* io-gif.c, io-pnm.c, io-tga.c, io-xpm.c: Don't use
contractions like "don't" or "isn't" in error messages.
It isn't nice to use them in log entries either...
(#137774, Morten Welinder, patch by Alexander Winston)
|
| |
|
|
|
|
|
|
|
| |
2003-06-23 Matthias Clasen <maclas@gmx.de>
* io-gif.c (gif_get_frame_info): Remove the pointless refusal to load images with dubious
disposal mode on the first frame. Just ignore it, as everybody else does.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2003-06-22 Matthias Clasen <matthias@localhost.localdomain>
* io-gif.c (gif_get_extension): Reset block_count to 0 for all application extensions, otherwise the data blocks
of unknown extensions are not propertly skipped.
Second half of the fix for #106962, handle frames extending beyond the logical screen:
* io-gif.c (clip_frame): New helper function to clip a rectangle to the logical screen size of the gif.
(maybe_update): New helper function to call update_func only if the rectangle is not completely off-bounds.
(gif_get_lzw): Read frames extending outside the logical screen size, but be careful clip to the logical screen size
when operating on the composite pixbuf and when calling update_func.
(gif_init): Set the animation size to the logical screen size.
(gif_get_frame_info): Don't refuse to load images with frames extending beyond the logical screen size.
* io-gif-animation.c (gdk_pixbuf_gif_anim_frame_composite): Be careful to clip all rectangles to the logical screen
size, also handle the fact that frames may be completely off-bounds.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2003-03-06 Matthias Clasen <maclas@gmx.de>
* gdk/gdkrgb.c (gdk_rgb_try_colormap): Return gboolean, not gint.
(#107664, Morten Welinder)
* gdk/x11/gdkwindow-x11.c (gdk_window_get_deskrelative_origin):
* gdk/x11/gdkfont-x11.c (gdk_font_equal):
* gdk/x11/gdkdnd-x11.c (gdk_drag_get_protocol_for_display):
Fix TRUE/1 and FALSE/0 confusion. (#107664, Morten Welinder)
* io-gif.c (gif_read): Fix 0/FALSE confusion (#107664, Morten Welinder)
|
|
|
|
|
|
|
| |
Wed Nov 6 15:19:53 2002 Owen Taylor <otaylor@redhat.com>
* io-gif.c (CHECK_LZW_SP): Fix trailing semicolon on macro,
clean up a bit.
|
|
|
|
|
| |
* io-gif.c (lzw_read_byte): Check for stack overflow throughout.
(#91808, Elliot Lee)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Makefile.am gdk-pixbuf-animation.c gdk-pixbuf-data.c
gdk-pixbuf-io.c gdk-pixbuf-io.h gdk-pixbuf-loader.c
gdk-pixbuf-loader.h gdk-pixbuf-private.h gdk-pixbuf.h
gdk-pixdata.c io-ani-animation.h io-ani.c io-bmp.c
io-gif-animation.c io-gif-animation.h io-gif.c io-ico.c
io-jpeg.c io-png.c io-pnm.c io-ras.c io-tga.c io-tiff.c
io-wbmp.c io-xbm.c io-xpm.c pixbufloader_ani.def
pixbufloader_bmp.def pixbufloader_gif.def pixbufloader_ico.def
pixbufloader_jpeg.def pixbufloader_png.def
pixbufloader_pnm.def pixbufloader_ras.def pixbufloader_tga.def
pixbufloader_tiff.def pixbufloader_wbmp.def
pixbufloader_xbm.def pixbufloader_xpm.def test-gdk-pixbuf.c
gdk-pixbuf-animation.h queryloaders.c: Support for separately
installed loaders. (#77486)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* io-tiff.c (tiff_image_parse): Don't leak pixbuf on error.
* io-gif.c (gdk_pixbuf__gif_image_load_increment): Don't leak
context->buf on error.
* gdk-pixbuf-loader.c (gdk_pixbuf_loader_close): Make sure to call
stop_load even for short images to prevent memleaks.
|