[EGIT] [core/efl] efl-1.22 42/84: Revert "evas-wbmp: revert previous two patches"

Wed, 01 May 2019 13:33:44 -0700 

zmike pushed a commit to branch efl-1.22.

http://git.enlightenment.org/core/efl.git/commit/?id=50ed660f2787774fa5d3c187629f6269c97a7ee7

commit 50ed660f2787774fa5d3c187629f6269c97a7ee7
Author: Hermet Park <[email protected]>
Date:   Wed Apr 24 10:10:36 2019 +0900

    Revert "evas-wbmp: revert previous two patches"
    
    This reverts commit 0ebf41c003ea89f10c45ae7a2e53c68302c05103.
---
 .../evas/image_loaders/wbmp/evas_image_load_wbmp.c  | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c 
b/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c
index 633afe9567..7f56da6d02 100644
--- a/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c
+++ b/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c
@@ -73,6 +73,15 @@ evas_image_load_file_head_wbmp(void *loader_data,
    position++; /* skipping one byte */
    if (read_mb(&w, map, length, &position) < 0) goto bail;
    if (read_mb(&h, map, length, &position) < 0) goto bail;
+
+   /* Wbmp header identifier is too weak....
+      Here checks size validation whether it's acutal wbmp or not. */
+   if (((w * h) >> 3) + position != length)
+     {
+        *error = EVAS_LOAD_ERROR_UNKNOWN_FORMAT;
+        goto bail;
+     }
+
    if ((w < 1) || (h < 1) || (w > IMG_MAX_SIZE) || (h > IMG_MAX_SIZE) ||
        IMG_TOO_BIG(w, h))
      {
@@ -116,11 +125,20 @@ evas_image_load_file_data_wbmp(void *loader_data,
    if (!map) goto bail;
 
    if (read_mb(&type, map, length, &position) < 0) goto bail;
+
+   if (type != 0)
+     {
+        *error = EVAS_LOAD_ERROR_UNKNOWN_FORMAT;
+        goto bail;
+     }
+
    position++; /* skipping one byte */
    if (read_mb(&w, map, length, &position) < 0) goto bail;
    if (read_mb(&h, map, length, &position) < 0) goto bail;
 
-   if (type != 0)
+   /* Wbmp header identifier is too weak....
+      Here checks size validation whether it's acutal wbmp or not. */
+   if (((w * h) >> 3) + position != length)
      {
         *error = EVAS_LOAD_ERROR_UNKNOWN_FORMAT;
         goto bail;
@@ -145,7 +163,6 @@ evas_image_load_file_data_wbmp(void *loader_data,
 
    for (y = 0; y < (int)prop->h; y++)
      {
-        if (position + line_length > length) goto bail;
         line = ((unsigned char*) map) + position;
         position += line_length;
         for (x = 0; x < (int)prop->w; x++)

--

Reply via email to