From 6356e709b8cf4e9610f6e4ec2507488f6c740769 Mon Sep 17 00:00:00 2001 From: Carsten Haitzler Date: Sat, 25 Nov 2006 15:37:45 +0000 Subject: [PATCH] 1. image size bounds checks for eet 2. e17 bug 3. color class add fir ibar state of label 4. epeg scales before getting pixel data. SVN revision: 27205 --- legacy/eet/src/lib/eet_image.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/legacy/eet/src/lib/eet_image.c b/legacy/eet/src/lib/eet_image.c index e8d678d..d253f96 100644 --- a/legacy/eet/src/lib/eet_image.c +++ b/legacy/eet/src/lib/eet_image.c @@ -121,6 +121,12 @@ eet_data_image_jpeg_header_decode(const void *data, int size, unsigned int *w, u /* head decoding */ *w = cinfo.output_width; *h = cinfo.output_height; + if ((*w < 1) || (*h < 1) || (*w > 8192) || (*h > 8192)) + { + jpeg_destroy_decompress(&cinfo); + _eet_memfile_read_close(f); + return 0; + } /* end head decoding */ jpeg_destroy_decompress(&cinfo); _eet_memfile_read_close(f); @@ -163,6 +169,12 @@ eet_data_image_jpeg_rgb_decode(const void *data, int size, unsigned int *w, unsi /* head decoding */ *w = cinfo.output_width; *h = cinfo.output_height; + if ((*w < 1) || (*h < 1) || (*w > 8192) || (*h > 8192)) + { + jpeg_destroy_decompress(&cinfo); + _eet_memfile_read_close(f); + return NULL; + } /* end head decoding */ /* data decoding */ if (cinfo.rec_outbuf_height > 16) @@ -817,7 +829,7 @@ eet_data_image_header_decode(const void *data, int size, unsigned int *w, unsign ih = header[2]; al = header[3]; cp = header[4]; - if ((iw > 8192) || (ih > 8192)) return 0; + if ((iw < 1) || (ih < 1) || (iw > 8192) || (ih > 8192)) return 0; if ((cp == 0) && (size < ((iw * ih * 4) + 32))) return 0; if (w) *w = iw; if (h) *h = ih; -- 2.7.4