kwo pushed a commit to branch master.
http://git.enlightenment.org/legacy/imlib2.git/commit/?id=bbde5efdc00177638beab4511f8367e8cecc1f8d
commit bbde5efdc00177638beab4511f8367e8cecc1f8d
Author: Quentin Rameau <quinq@fifth.space>
Date: Tue Feb 9 16:11:38 2016 +0100
Fix bz2 loader filename check
Do not impose an arbitrary small buffer size limit on filenames when
checking and trimming bz2 extension.
---
src/modules/loaders/loader_bz2.c | 24 +++++++++---------------
1 file changed, 9 insertions(+), 15 deletions(-)
diff --git a/src/modules/loaders/loader_bz2.c b/src/modules/loaders/loader_bz2.c
index 8e33856..6b9b656 100644
--- a/src/modules/loaders/loader_bz2.c
+++ b/src/modules/loaders/loader_bz2.c
@@ -52,8 +52,8 @@ load(ImlibImage * im, ImlibProgressFunction progress,
ImlibLoader *loader;
FILE *fp;
int dest, res;
- char *file, tmp[] = "/tmp/imlib2_loader_bz2-XXXXXX", *p;
- char real_ext[16];
+ char *file, *p, *q, tmp[] = "/tmp/imlib2_loader_bz2-XXXXXX";
+ char *real_ext;
assert(im);
@@ -61,19 +61,8 @@ load(ImlibImage * im, ImlibProgressFunction progress,
* (e.g. "foo.png.bz2"
*/
p = strrchr(im->real_file, '.');
- if (p && p != im->real_file)
- {
- if (strcasecmp(p + 1, "bz2"))
- return 0;
- }
- else
- return 0;
-
- strncpy(real_ext, p - sizeof(real_ext) + 1, sizeof(real_ext));
- real_ext[sizeof(real_ext) - 1] = '\0';
-
- /* abort if there's no dot in the "real" filename */
- if (!strrchr(real_ext, '.'))
+ q = strchr(im->real_file, '.');
+ if (!p || p == im->real_file || strcasecmp(p + 1, "bz2") || p == q)
return 0;
if (!(fp = fopen(im->real_file, "rb")))
@@ -97,8 +86,12 @@ load(ImlibImage * im, ImlibProgressFunction progress,
return 0;
}
+ if (!(real_ext = strndup(im->real_file, p - im->real_file)))
+ return 0;
+
if (!(loader = __imlib_FindBestLoaderForFile(real_ext, 0)))
{
+ free(real_ext);
unlink(tmp);
return 0;
}
@@ -112,6 +105,7 @@ load(ImlibImage * im, ImlibProgressFunction progress,
free(im->real_file);
im->real_file = file;
+ free(real_ext);
unlink(tmp);
return 1;
--
