[EGIT] [legacy/imlib2_loaders] master 03/04: XCF loader: Fix hang in corrupt image

Sun, 13 Mar 2022 11:42:27 -0700 

kwo pushed a commit to branch master.

http://git.enlightenment.org/legacy/imlib2_loaders.git/commit/?id=e66795608847fa71b97c370f8e1e4f608b700bf7

commit e66795608847fa71b97c370f8e1e4f608b700bf7
Author: Kim Woelders <[email protected]>
Date:   Sat Mar 12 16:05:24 2022 +0100

    XCF loader: Fix hang in corrupt image
---
 src/modules/loaders/loader_xcf.c | 47 +++++++++++++++++-----------------------
 1 file changed, 20 insertions(+), 27 deletions(-)

diff --git a/src/modules/loaders/loader_xcf.c b/src/modules/loaders/loader_xcf.c
index 70d97f6..6cd2250 100644
--- a/src/modules/loaders/loader_xcf.c
+++ b/src/modules/loaders/loader_xcf.c
@@ -609,40 +609,24 @@ xcf_seek_pos(int pos)
 static int
 xcf_read_int8(FILE * fp, DATA8 * data, int count)
 {
-   int                 total;
-   int                 bytes;
-
-   total = count;
-   while (count > 0)
-     {
-        bytes = fread(data, 1, count, fp);
-        if (bytes <= 0)         /* something bad happened */
-           break;
-        count -= bytes;
-        data += bytes;
-     }
-
-   return total;
+   return fread(data, 1, count, fp);
 }
 
 static int
 xcf_read_int32(FILE * fp, DATA32 * data, int count)
 {
-   int                 total;
+   int                 i, nr;
 
-   total = count;
-   if (count > 0)
+   nr = fread(data, 4, count, fp);
+   if (nr != count)
+      return 0;
+   for (i = 0; i < count; i++)
      {
-        xcf_read_int8(fp, (DATA8 *) data, count * 4);
-
-        while (count--)
-          {
-             *data = (DATA32) ntohl(*data);
-             data++;
-          }
+        *data = (DATA32) ntohl(*data);
+        data++;
      }
 
-   return total * 4;
+   return 4 * nr;
 }
 
 static int
@@ -673,8 +657,17 @@ xcf_read_string(FILE * fp, char **data, int count)
 static int
 xcf_load_prop(PropType * prop_type, DATA32 * prop_size)
 {
-   image->cp += xcf_read_int32(image->fp, (DATA32 *) prop_type, 1);
-   image->cp += xcf_read_int32(image->fp, (DATA32 *) prop_size, 1);
+   int                 nr;
+
+   nr = xcf_read_int32(image->fp, (DATA32 *) prop_type, 1);
+   if (nr != 4)
+      return 0;
+   nr = xcf_read_int32(image->fp, (DATA32 *) prop_size, 1);
+   if (nr != 4)
+      return 0;
+
+   image->cp += 8;
+
    return 1;
 }
 

--

Reply via email to