mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2024-11-28 22:57:37 +00:00
38 lines
1.2 KiB
Diff
38 lines
1.2 KiB
Diff
|
|
Index: devil/src-IL/src/il_hdr.c
|
|
===================================================================
|
|
--- devil.orig/src-IL/src/il_hdr.c 2009-01-15 18:47:34.000000000 +0000
|
|
+++ devil/src-IL/src/il_hdr.c 2009-01-15 18:47:46.000000000 +0000
|
|
@@ -85,7 +85,7 @@
|
|
if (iread(&a, 1, 1) != 1)
|
|
return IL_FALSE;
|
|
|
|
- while(!done) {
|
|
+ while (!done) {
|
|
if (iread(&b, 1, 1) != 1)
|
|
return IL_FALSE;
|
|
if (b == '\n' && a == '\n')
|
|
@@ -98,6 +98,10 @@
|
|
if (iread(&a, 1, 1) != 1)
|
|
return IL_FALSE;
|
|
while (a != '\n') {
|
|
+ if (count >= sizeof(buff) - 1) { // Line shouldn't be this long at all.
|
|
+ ilSetError(IL_INVALID_FILE_HEADER);
|
|
+ return IL_FALSE;
|
|
+ }
|
|
buff[count] = a;
|
|
if (iread(&a, 1, 1) != 1)
|
|
return IL_FALSE;
|
|
@@ -113,8 +117,9 @@
|
|
//nothing that really changes the appearance of the loaded image...
|
|
//(The code as it is now assumes that y contains "-Y" and x contains
|
|
//"+X" after the following line)
|
|
- //Furthermore, this crashes if the read strings are longer than 2 chars o_O
|
|
- sscanf(buff, "%s %d %s %d", y, &Header->Height, x, &Header->Width);
|
|
+
|
|
+ // The 2 has to be in the %s format specifier to prevent buffer overruns.
|
|
+ sscanf(buff, "%2s %d %2s %d", y, &Header->Height, x, &Header->Width);
|
|
|
|
return IL_TRUE;
|
|
}
|
|
|