[tracker] tracker-extract-gif: Avoid possible integer overflow
- From: Felix Riemann <friemann src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [tracker] tracker-extract-gif: Avoid possible integer overflow
- Date: Sun, 8 May 2016 12:36:14 +0000 (UTC)
commit 369fdc9c1c1c1c8bb74b6dcb3a095392c40e0526
Author: Felix Riemann <friemann gnome org>
Date: Sun Apr 17 15:42:38 2016 +0200
tracker-extract-gif: Avoid possible integer overflow
Fix integer overflow when skipping over the decoded image data
of extremely large or specifically prepared images.
https://bugzilla.gnome.org/show_bug.cgi?id=758315
src/tracker-extract/tracker-extract-gif.c | 15 +++++++++------
1 files changed, 9 insertions(+), 6 deletions(-)
---
diff --git a/src/tracker-extract/tracker-extract-gif.c b/src/tracker-extract/tracker-extract-gif.c
index 7883f64..27ee316 100644
--- a/src/tracker-extract/tracker-extract-gif.c
+++ b/src/tracker-extract/tracker-extract-gif.c
@@ -116,6 +116,7 @@ read_metadata (TrackerSparqlBuilder *preupdate,
unsigned char *framedata = NULL;
GPtrArray *keywords;
guint i;
+ gint h;
int status;
MergeData md = { 0 };
GifData gd = { 0 };
@@ -149,15 +150,17 @@ read_metadata (TrackerSparqlBuilder *preupdate,
framewidth = gifFile->Image.Width;
frameheight = gifFile->Image.Height;
- framedata = g_malloc (framewidth*frameheight);
-
- if (DGifGetLine(gifFile, framedata, framewidth*frameheight)==GIF_ERROR) {
+ framedata = g_malloc_n (framewidth, sizeof(GifPixelType));
+ for (h = 0; h < frameheight; h++)
+ {
+ if (DGifGetLine(gifFile, framedata, framewidth)==GIF_ERROR) {
#if GIFLIB_MAJOR < 5
- print_gif_error();
+ print_gif_error();
#else /* GIFLIB_MAJOR < 5 */
- gif_error ("Could not load a block of GIF pixes", gifFile->Error);
+ gif_error ("Could not load a block of GIF pixes", gifFile->Error);
#endif /* GIFLIB_MAJOR < 5 */
- return;
+ return;
+ }
}
gd.width = g_strdup_printf ("%d", framewidth);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]