[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] [SCM] Gnash branch, master, updated. release_0_8_9_final-
From: |
Benjamin Wolsey |
Subject: |
[Gnash-commit] [SCM] Gnash branch, master, updated. release_0_8_9_final-1437-gbb4dc77 |
Date: |
Sun, 11 Mar 2012 08:37:38 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Gnash".
The branch, master has been updated
via bb4dc77eecb6ed1b967e3ecbce3dac6c5e6f1527 (commit)
from 031ebbff7f9f41bfd88938e2e66bac00928b7de1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit//commit/?id=bb4dc77eecb6ed1b967e3ecbce3dac6c5e6f1527
commit bb4dc77eecb6ed1b967e3ecbce3dac6c5e6f1527
Author: Benjamin Wolsey <address@hidden>
Date: Sat Mar 10 15:52:50 2012 +0100
Fix crash in GnashImage.cpp
diff --git a/libbase/GnashImage.cpp b/libbase/GnashImage.cpp
index 11c6956..03a6939 100644
--- a/libbase/GnashImage.cpp
+++ b/libbase/GnashImage.cpp
@@ -26,6 +26,7 @@
#include <boost/scoped_array.hpp>
#include <boost/shared_ptr.hpp>
#include <algorithm>
+#include <cassert>
#ifdef USE_PNG
# include "GnashImagePng.h"
@@ -44,6 +45,21 @@ namespace image {
namespace {
void processAlpha(GnashImage::iterator imageData, size_t pixels);
+ bool checkValidSize(size_t width, size_t height, size_t channels) {
+
+ if (width == 0 || height == 0) return false;
+
+ assert(channels > 0);
+
+ boost::uint32_t maxSize = std::numeric_limits<boost::int32_t>::max();
+ if (width >= maxSize || height >= maxSize) return false;
+
+ maxSize /= channels;
+ maxSize /= width;
+ maxSize /= height;
+
+ return maxSize > 0;
+ }
}
GnashImage::GnashImage(iterator data, size_t width, size_t height,
@@ -55,6 +71,8 @@ GnashImage::GnashImage(iterator data, size_t width, size_t
height,
_height(height),
_data(data)
{
+ // Callers should check dimensions
+ assert(checkValidSize(_width, _height, channels()));
}
/// Create an image allocating a buffer of height*pitch bytes
@@ -66,8 +84,9 @@ GnashImage::GnashImage(size_t width, size_t height, ImageType
type,
_width(width),
_height(height)
{
- const size_t max = std::numeric_limits<boost::int32_t>::max();
- if (size() > max) {
+ // Constructed from external input, so restrict dimensions to avoid
+ // overflow in size calculations
+ if (!checkValidSize(_width, _height, channels())) {
throw std::bad_alloc();
}
_data.reset(new value_type[size()]);
-----------------------------------------------------------------------
Summary of changes:
libbase/GnashImage.cpp | 23 +++++++++++++++++++++--
1 files changed, 21 insertions(+), 2 deletions(-)
hooks/post-receive
--
Gnash
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gnash-commit] [SCM] Gnash branch, master, updated. release_0_8_9_final-1437-gbb4dc77,
Benjamin Wolsey <=