Re: [E-devel] E SVN: jypark trunk/efl/src/modules/evas/loaders/bmp

Wed, 05 Dec 2012 05:36:22 -0800 

backport?

On Wed, Dec 5, 2012 at 1:28 PM, Stefan Schmidt <s.schm...@samsung.com>wrote:

> Hello.
>
> On 05/12/12 09:58, Enlightenment SVN wrote:
> > Log:
> > if somebody make corrupted bmp file, it can cause crash
> >
> >
> > Author:       jypark
> > Date:         2012-12-05 01:58:56 -0800 (Wed, 05 Dec 2012)
> > New Revision: 80225
> > Trac:         http://trac.enlightenment.org/e/changeset/80225
> >
> > Modified:
> >    trunk/efl/src/modules/evas/loaders/bmp/evas_image_load_bmp.c
> >
> > Modified: trunk/efl/src/modules/evas/loaders/bmp/evas_image_load_bmp.c
> > ===================================================================
> > --- trunk/efl/src/modules/evas/loaders/bmp/evas_image_load_bmp.c
>  2012-12-05 09:46:19 UTC (rev 80224)
> > +++ trunk/efl/src/modules/evas/loaders/bmp/evas_image_load_bmp.c
>  2012-12-05 09:58:56 UTC (rev 80225)
> > @@ -135,6 +135,7 @@
> >      if (!read_ushort(map, fsize, &position, &res2)) goto close_file;
> >      if (!read_uint(map, fsize, &position, &offset)) goto close_file;
> >      if (!read_uint(map, fsize, &position, &head_size)) goto close_file;
> > +   if (offset > fsize) goto close_file;
> >      if (head_size == 12) // OS/2 V1 + Windows 3.0
> >        {
> >           short tmp;
> > @@ -424,6 +425,7 @@
> >      if (!read_ushort(map, fsize, &position, &res2)) goto close_file;
> >      if (!read_uint(map, fsize, &position, &offset)) goto close_file;
> >      if (!read_uint(map, fsize, &position, &head_size)) goto close_file;
> > +   if (offset > fsize) goto close_file;
> >      image_size = fsize - offset;
> >      if (image_size < 1) goto close_file;
>
> You know that you compare signed and unsigned here, right?
> ../../src/modules/evas/loaders/bmp/evas_image_load_bmp.c: In function
> 'evas_image_load_file_head_bmp':
> ../../src/modules/evas/loaders/bmp/evas_image_load_bmp.c:138:15:
> warning: comparison between signed and unsigned integer expressions
> [-Wsign-compare]
> ../../src/modules/evas/loaders/bmp/evas_image_load_bmp.c: In function
> 'evas_image_load_file_data_bmp':
> ../../src/modules/evas/loaders/bmp/evas_image_load_bmp.c:428:15:
> warning: comparison between signed and unsigned integer expressions
> [-Wsign-compare]
>
> regards
> Stefan Schmidt
>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> enlightenment-devel mailing list
> enlightenment-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
>
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
enlightenment-devel mailing list
enlightenment-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel

Reply via email to