Author: dynis
Date: Sat Jan 17 17:41:52 2009
New Revision: 6120
URL: http://source.netsurf-browser.org?rev=6120&view=rev
Log:
Boundary check the bitmap offset. Kudos to Joonas Pihlaja.
Modified:
trunk/libnsbmp/libnsbmp.c
Modified: trunk/libnsbmp/libnsbmp.c
URL:
http://source.netsurf-browser.org/trunk/libnsbmp/libnsbmp.c?rev=6120&r1=6119&r2=6120&view=diff
==============================================================================
--- trunk/libnsbmp/libnsbmp.c (original)
+++ trunk/libnsbmp/libnsbmp.c Sat Jan 17 17:41:52 2009
@@ -170,6 +170,10 @@
return BMP_DATA_ERROR;
bmp->bitmap_offset = read_uint32(data, 10);
data += BMP_FILE_HEADER_SIZE;
+
+ /* boundary checking */
+ if (bmp->bitmap_offset >= size)
+ return BMP_INSUFFICIENT_DATA;
/* decode the BMP header */
return bmp_analyse_header(bmp, data);
_______________________________________________
netsurf-commits mailing list
[email protected]
http://vlists.pepperfish.net/cgi-bin/mailman/listinfo/netsurf-commits-netsurf-browser.org
