cedric pushed a commit to branch master. http://git.enlightenment.org/core/efl.git/commit/?id=0a758d10c9f115def7043aed93547bf4876f99fe
commit 0a758d10c9f115def7043aed93547bf4876f99fe Author: jiin.moon <[email protected]> Date: Mon Jan 26 11:02:58 2015 +0100 evas: fix to load BMP file compressed with RLE. Summary: If the file size of RLE compressed image is bigger than original image, BMP loader doesn't work as well. @fix Reviewers: Hermet, cedric Subscribers: cedric Differential Revision: https://phab.enlightenment.org/D1892 Signed-off-by: Cedric BAIL <[email protected]> --- src/modules/evas/image_loaders/bmp/evas_image_load_bmp.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/modules/evas/image_loaders/bmp/evas_image_load_bmp.c b/src/modules/evas/image_loaders/bmp/evas_image_load_bmp.c index d54cfdc..cf8156d 100644 --- a/src/modules/evas/image_loaders/bmp/evas_image_load_bmp.c +++ b/src/modules/evas/image_loaders/bmp/evas_image_load_bmp.c @@ -563,7 +563,11 @@ evas_image_load_file_data_bmp(void *loader_data, position = header.offset; if ((scale_ratio == 1) || (header.comp !=0)) - buffer = malloc(image_size + 8); // add 8 for padding to avoid checks + { + if (image_size < fsize - position) + image_size = fsize - position; + buffer = malloc(image_size + 8); // add 8 for padding to avoid checks + } else { scale_surface = malloc(image_w * sizeof(DATA32)); //for one line decoding --
