1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
/**
* Test that crafted TGA files don't trigger OOB reads.
*/
#include "gd.h"
#include "gdtest.h"
static void check_file(char *basename);
static size_t read_test_file(char **buffer, char *basename);
int main()
{
check_file("heap_overflow_1.tga");
check_file("heap_overflow_2.tga");
return gdNumFailures();
}
static void check_file(char *basename)
{
gdImagePtr im;
char *buffer;
size_t size;
size = read_test_file(&buffer, basename);
im = gdImageCreateFromTgaPtr(size, (void *) buffer);
if (!gdTestAssert(im == NULL)) {
gdImageDestroy(im);
}
free(buffer);
}
static size_t read_test_file(char **buffer, char *basename)
{
char *filename;
FILE *fp;
size_t exp_size, act_size;
filename = gdTestFilePath2("tga", basename);
fp = fopen(filename, "rb");
gdTestAssert(fp != NULL);
fseek(fp, 0, SEEK_END);
exp_size = ftell(fp);
fseek(fp, 0, SEEK_SET);
*buffer = malloc(exp_size);
gdTestAssert(*buffer != NULL);
act_size = fread(*buffer, sizeof(**buffer), exp_size, fp);
gdTestAssert(act_size == exp_size);
fclose(fp);
free(filename);
return act_size;
}
|