41 lines
1.2 KiB
Text
41 lines
1.2 KiB
Text
--- gdk-pixbuf/io-ico.c.orig Mon Oct 11 15:44:43 2004
|
|
+++ gdk-pixbuf/io-ico.c Mon Oct 11 15:47:29 2004
|
|
@@ -330,6 +330,10 @@
|
|
|
|
State->HeaderSize+=I;
|
|
|
|
+ if (State->HeaderSize < 0) {
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
if (State->HeaderSize>State->BytesInHeaderBuf) {
|
|
guchar *tmp=realloc(State->HeaderBuf,State->HeaderSize);
|
|
if (!tmp)
|
|
--- gdk-pixbuf/io-xpm.c.orig Thu Mar 1 15:16:28 2001
|
|
+++ gdk-pixbuf/io-xpm.c Sun Oct 17 17:05:38 2004
|
|
@@ -352,16 +352,21 @@
|
|
return NULL;
|
|
}
|
|
sscanf (buffer, "%d %d %d %d", &w, &h, &n_col, &cpp);
|
|
- if (cpp >= 32) {
|
|
- g_warning ("XPM has more than 31 chars per pixel.");
|
|
+ if (cpp <= 0 || cpp >= 32) {
|
|
+ g_warning ("XPM has invalid number of chars per pixel");
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
+ if (n_col <= 0 || n_col >= G_MAXINT / (cpp + 1)) {
|
|
+ g_warning ("XPM file has invalid number of colors");
|
|
return NULL;
|
|
}
|
|
|
|
/* The hash is used for fast lookups of color from chars */
|
|
color_hash = g_hash_table_new (g_str_hash, g_str_equal);
|
|
|
|
- name_buf = g_new (gchar, n_col * (cpp + 1));
|
|
- colors = g_new (_XPMColor, n_col);
|
|
+ name_buf = (gchar *) g_malloc (n_col * (cpp + 1));
|
|
+ colors = (_XPMColor *) g_malloc (sizeof (_XPMColor) * n_col);
|
|
|
|
for (cnt = 0; cnt < n_col; cnt++) {
|
|
gchar *color_name;
|