[gdk-pixbuf] ico: Fix possible offset overflow

From: Bastien Nocera <hadess src gnome org>
To: commits-list gnome org
Cc:
Subject: [gdk-pixbuf] ico: Fix possible offset overflow
Date: Tue, 18 Jul 2017 13:34:48 +0000 (UTC)

commit b92030b46ec0d4b7a38c0a9b79bcca5dd3aed5c6
Author: Bastien Nocera <hadess hadess net>
Date:   Thu Jul 13 22:13:36 2017 +0200

    ico: Fix possible offset overflow
    
    In case the offset is MAXINT, don't try to get a header size past it.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=776040

 gdk-pixbuf/io-ico.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)
---
diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c
index b7945de..e544464 100644
--- a/gdk-pixbuf/io-ico.c
+++ b/gdk-pixbuf/io-ico.c
@@ -326,7 +326,9 @@ static void DecodeHeader(guchar *Data, gint Bytes,
        for (l = State->entries; l != NULL; l = g_list_next (l)) {
                entry = l->data;
 
-               if (entry->DIBoffset < 0) {
+               /* We check whether the HeaderSize (int) would overflow */
+               if (entry->DIBoffset > INT_MAX - INFOHEADER_SIZE)
+                 {
                        g_set_error (error,
                                     GDK_PIXBUF_ERROR,
                                     GDK_PIXBUF_ERROR_CORRUPT_IMAGE,

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]